FBI malware removal

[Wcar223]

I recently had my computer locked due to the FBI malware program I'm running windows 7 home premium I'm on an iPad right now I've already used farbar recovery tool to start the process I just need to know where to go from here my only current connection to the Internet is through this iPad thank so I can't really copy and paste anything I could type it all but that would be very time consuming but if its absolutely necessary en that's fine too

[Psychotic]

Try to run your computer in safe mode with networking - are you facing the FBI lock screen there?

[Wcar223]

I am and yes I'm facing the FBI screen lock still. I ran the farbar recovery scanning tool and now I have all this code and script on the screen and I don't know what to do with it

[Psychotic]

Post all this code up here!

[Wcar223]

How? Do you want me to type it all out?

[Psychotic]

How did you run FRST?

From harddisk or from usb flash?

[Wcar223]

USB flash

[Psychotic]

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Choose your language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

On the System Recovery Options menu you will get the following options:

• Startup Repair
  
• System Restore
  
• Windows Complete PC Restore
  
• Windows Memory Diagnostic Tool
  
• Command Prompt
  

Select System Restore

Choose a restore point from a time where the trojan wasn´t on your computer and follow the instructions to restore to that point.

When finished, boot your computer and report.

[Wcar223]

Ok it worked I'm on my home screen

[Psychotic]

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

• Run FRST.
  
• Don´t change one of the checkboxes and hit Scan.
  
• Logfiles are created on your desktop.
  
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
2. Click Upload.

[Wcar223]

heres the frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013

Ran by irie (administrator) on 13-06-2013 13:08:28

Running from H:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

() C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)

HKLM\...\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)

HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)

HKCU\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Policies\system: [DisableRegistryTools] 0

HKCU\...\Policies\Explorer: [NoDesktop] 0

MountPoints2: G - G:\LaunchU3.exe -a

MountPoints2: {3d1ae86f-8bc1-11e1-bed2-ec9a745b51a0} - "G:\WD SmartWare.exe" autoplay=true

MountPoints2: {68661b0e-ba9c-11e1-8be8-ec9a745b51a0} - IomegaEncryptionSetup v1.3.exe

MountPoints2: {7e0d8e3e-d34d-11e2-8ffb-ec9a745b51a0} - G:\LaunchU3.exe -a

MountPoints2: {e6594a49-642d-11e2-a953-ec9a745b51a0} - G:\MotoCastSetup.exe -a

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-28] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [169528 2011-10-07] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [376776 2012-08-08] ()

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1648264 2013-04-25] (Ask)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [smartMon] C:\Program Files (x86)\EmvSmartCardReader\SmartMON.exe [234496 2010-05-11] ()

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?INTCMP=ILCCOMCOM164816

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM - {F8608438-3680-4B6D-86FF-51BE652DC6C7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {F8608438-3680-4B6D-86FF-51BE652DC6C7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=6&gct=kwd&qsrc=2869

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - {E01DC81F-3651-4E49-8E35-54D1B2AEE9A2} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=YYYYYYYYUS&apn_uid=36605C24-3D5C-44C9-AC8F-CA081D55E0EE&apn_sauid=04FF764C-DEA8-4C1F-A6CD-5267694CEAEE

SearchScopes: HKCU - {F8608438-3680-4B6D-86FF-51BE652DC6C7} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {FE790CE6-B5E2-499C-8A12-53C7A372092F} URL = http://www.ant.com/search?s=browser&q={searchTerms}

BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)

BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:

========

FF ProfilePath: C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default

FF SelectedSearchEngine: Yahoo

FF Homepage: hxxp://xfinity.comcast.net/?INTCMP=ILCCOMCOM164816

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: No Name - C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\Extensions\toolbar@ask.com

FF Extension: Yahoo! Toolbar - C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)

S3 Ant App service; C:\Program Files (x86)\Ant.com\File1 Package Manager\AppService.exe [504816 2013-02-05] (Helios Technologies Ltd)

R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2011-12-23] (Symantec Corporation)

R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)

R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2011-12-23] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-19] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-01-19] (Symantec Corporation)

S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [30720 2010-05-11] (Alcor Micro, Corp.)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-07] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130611.001\IDSvia64.sys [513184 2013-06-11] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130611.001\IDSvia64.sys [513184 2013-06-11] (Symantec Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130611.033\ENG64.SYS [126040 2013-06-11] (Symantec Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130611.033\ENG64.SYS [126040 2013-06-11] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130611.033\EX64.SYS [2098776 2013-06-11] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130611.033\EX64.SYS [2098776 2013-06-11] (Symantec Corporation)

R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2012-04-17] (Symantec Corporation)

S3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [191232 2011-12-23] (Symantec Corporation)

S3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [191232 2011-12-23] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-09-03] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

S3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [163384 2011-12-23] (Symantec Corporation)

S3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [163384 2011-12-23] (Symantec Corporation)

U0 sr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-12 05:07 - 2013-06-12 05:07 - 00368554 ____A C:\Users\irie\Downloads\gmer.zip

2013-06-12 03:15 - 2013-06-12 03:15 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-12 03:15 - 2013-06-12 03:15 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 03:15 - 2013-06-12 03:15 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-12 03:15 - 2013-06-12 03:15 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-06-12 03:15 - 2013-06-12 03:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-06-12 03:15 - 2013-06-12 03:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-06-12 03:15 - 2013-06-12 03:15 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-06-12 03:15 - 2013-06-12 03:15 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-06-12 03:15 - 2013-06-12 03:15 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-06-12 03:15 - 2013-06-12 03:15 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-06-12 03:15 - 2013-06-12 03:15 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-06-12 03:13 - 2013-06-12 03:13 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-12 03:10 - 2013-06-12 03:18 - 00007827 ____A C:\Windows\IE10_main.log

2013-06-12 01:34 - 2013-05-12 22:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 01:34 - 2013-05-12 22:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 01:34 - 2013-05-12 22:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 01:34 - 2013-05-12 22:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 01:34 - 2013-05-12 21:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-06-12 01:34 - 2013-05-12 21:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-06-12 01:34 - 2013-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-06-12 01:34 - 2013-05-12 20:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 01:34 - 2013-05-12 20:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-06-12 01:34 - 2013-05-12 20:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-06-12 01:34 - 2013-05-09 22:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 01:34 - 2013-05-09 20:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-06-12 01:34 - 2013-05-07 23:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2013-06-12 01:34 - 2013-04-25 22:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 01:34 - 2013-04-25 21:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-06-12 01:33 - 2013-04-25 16:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-12 01:33 - 2013-04-12 07:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-06-12 01:33 - 2013-04-09 22:24 - 00983912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-06-12 01:33 - 2013-04-09 22:24 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-06-12 01:33 - 2013-04-09 20:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-06-12 01:33 - 2013-03-31 15:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-12 01:33 - 2013-02-26 23:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-06-12 01:33 - 2013-02-26 22:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-06-12 01:33 - 2013-02-26 22:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-06-12 01:33 - 2013-02-26 22:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-06-12 01:33 - 2013-02-26 21:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-06-12 01:33 - 2013-02-26 21:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-06-12 01:33 - 2013-02-26 21:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-06-11 17:49 - 2013-03-18 22:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-06-11 17:49 - 2013-03-18 22:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-06-10 20:07 - 2013-06-10 20:07 - 00000000 ____D C:\FRST

2013-05-15 12:39 - 2013-02-26 22:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

==================== One Month Modified Files and Folders =======

2013-06-13 13:06 - 2012-09-11 12:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-12 05:09 - 2009-07-13 22:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-12 05:07 - 2013-06-12 05:07 - 00368554 ____A C:\Users\irie\Downloads\gmer.zip

2013-06-12 05:05 - 2009-07-13 21:51 - 00082247 ____A C:\Windows\setupact.log

2013-06-12 04:57 - 2012-05-01 20:37 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-06-12 04:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache

2013-06-12 03:57 - 2009-07-13 21:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-12 03:57 - 2009-07-13 21:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-12 03:50 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-12 03:50 - 2009-07-13 21:45 - 00277184 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-12 03:48 - 2010-11-20 20:47 - 00786552 ____A C:\Windows\PFRO.log

2013-06-12 03:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-06-12 03:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-06-12 03:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-06-12 03:40 - 2011-12-17 01:38 - 01470335 ____A C:\Windows\WindowsUpdate.log

2013-06-12 03:40 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-06-12 03:40 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-06-12 03:18 - 2013-06-12 03:10 - 00007827 ____A C:\Windows\IE10_main.log

2013-06-12 03:15 - 2013-06-12 03:15 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-12 03:15 - 2013-06-12 03:15 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 03:15 - 2013-06-12 03:15 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-06-12 03:15 - 2013-06-12 03:15 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-06-12 03:15 - 2013-06-12 03:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-06-12 03:15 - 2013-06-12 03:15 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat

2013-06-12 03:15 - 2013-06-12 03:15 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2013-06-12 03:15 - 2013-06-12 03:15 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-06-12 03:15 - 2013-06-12 03:15 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx

2013-06-12 03:15 - 2013-06-12 03:15 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-06-12 03:15 - 2013-06-12 03:15 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-06-12 03:15 - 2013-06-12 03:15 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-06-12 03:15 - 2013-06-12 03:15 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-06-12 03:13 - 2013-06-12 03:13 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-12 03:13 - 2013-06-12 03:13 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-11 23:24 - 2012-09-11 12:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-06-11 23:24 - 2011-10-14 23:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-06-11 23:23 - 2011-02-10 12:23 - 00000000 ____D C:\SWSetup

2013-06-11 23:00 - 2012-05-09 00:52 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-06-11 22:43 - 2012-11-23 17:19 - 00000000 ____D C:\Program Files (x86)\Ask.com

2013-06-11 22:20 - 2012-09-03 15:26 - 00000258 ____A C:\Windows\Tasks\NUSchedule.job

2013-06-11 18:38 - 2013-04-27 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-06-11 18:38 - 2012-11-20 21:36 - 00000000 ____D C:\ProgramData\HP

2013-06-11 18:38 - 2012-11-14 04:01 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-06-11 18:38 - 2012-09-11 12:44 - 00000000 ____D C:\Windows\System32\Macromed

2013-06-11 18:38 - 2012-09-11 12:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-06-11 18:38 - 2012-04-03 12:12 - 00000000 ____D C:\Users\irie\AppData\Roaming\vlc

2013-06-11 18:38 - 2012-04-02 08:18 - 00000000 ____D C:\Users\irie\AppData\Local\Hewlett-Packard

2013-06-11 18:38 - 2011-12-17 01:57 - 00000000 ____D C:\ProgramData\Norton

2013-06-11 18:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\L2Schemas

2013-06-11 18:38 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-06-11 18:37 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration

2013-06-11 18:36 - 2012-04-02 15:40 - 00000000 ____D C:\Users\irie\AppData\Roaming\Skype

2013-06-11 17:41 - 2012-04-02 08:16 - 00000000 ____D C:\users\irie

2013-06-10 20:07 - 2013-06-10 20:07 - 00000000 ____D C:\FRST

2013-06-02 17:11 - 2013-01-04 19:38 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-17 16:45 - 2012-04-07 11:09 - 00000000 ____D C:\Users\irie\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-11 18:40

==================== End Of Log ============================

[Wcar223]

the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2013

Ran by irie at 2013-06-10 20:08:24 Run:

Running from H:\

Boot Mode: Safe Mode (minimal)

==========================================================

==================== Installed Programs =======================

4500_G510gm_Help (Version: 000.0.439.000)

4500G510gm (Version: 000.0.423.000)

4500G510gm_Software_Min (Version: 000.0.423.000)

64 Bit HP CIO Components Installer (Version: 7.2.8)

7-zip v9.20 (Version: v9.20)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Reader X (10.1.0) MUI (Version: 10.1.0)

Adobe Shockwave Player 11.6 (Version: 11.6.1.629)

AMD APP SDK Runtime (Version: 2.5.775.2)

AMD Catalyst Install Manager (Version: 3.0.847.0)

AMD Fuel (Version: 2011.0928.607.9079)

AMD Media Foundation Decoders (Version: 1.0.60928.0618)

AMD Steady Video Plug-In (Version: 1.00.0000)

AMD System Monitor (Version: 1.0.9)

AMD VISION Engine Control Center (Version: 2011.0928.607.9079)

Ant.com IE add-on (Version: 2.2.3.1074)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Ask Toolbar (Version: 1.15.15.0)

Ask Toolbar Updater (Version: 1.2.3.29495)

Bejeweled 3 (Version: 2.2.0.97)

Bing Bar (Version: 7.1.391.0)

Blackhawk Striker 2 (Version: 2.2.0.95)

Blio (Version: 2.2.8188)

Bonjour (Version: 3.0.0.10)

BufferChm (Version: 130.0.331.000)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (Version: 2011.0928.607.9079)

Catalyst Control Center InstallProxy (Version: 2011.0928.607.9079)

Catalyst Control Center Localization All (Version: 2011.0928.607.9079)

CCC Help Chinese Standard (Version: 2011.0928.0606.9079)

CCC Help Chinese Traditional (Version: 2011.0928.0606.9079)

CCC Help Czech (Version: 2011.0928.0606.9079)

CCC Help Danish (Version: 2011.0928.0606.9079)

CCC Help Dutch (Version: 2011.0928.0606.9079)

CCC Help English (Version: 2011.0928.0606.9079)

CCC Help Finnish (Version: 2011.0928.0606.9079)

CCC Help French (Version: 2011.0928.0606.9079)

CCC Help German (Version: 2011.0928.0606.9079)

CCC Help Greek (Version: 2011.0928.0606.9079)

CCC Help Hungarian (Version: 2011.0928.0606.9079)

CCC Help Italian (Version: 2011.0928.0606.9079)

CCC Help Japanese (Version: 2011.0928.0606.9079)

CCC Help Korean (Version: 2011.0928.0606.9079)

CCC Help Norwegian (Version: 2011.0928.0606.9079)

CCC Help Polish (Version: 2011.0928.0606.9079)

CCC Help Portuguese (Version: 2011.0928.0606.9079)

CCC Help Russian (Version: 2011.0928.0606.9079)

CCC Help Spanish (Version: 2011.0928.0606.9079)

CCC Help Swedish (Version: 2011.0928.0606.9079)

CCC Help Thai (Version: 2011.0928.0606.9079)

CCC Help Turkish (Version: 2011.0928.0606.9079)

ccc-utility64 (Version: 2011.0928.607.9079)

Chuzzle Deluxe (Version: 2.2.0.95)

Cisco EAP-FAST Module (Version: 2.2.14)

Cisco LEAP Module (Version: 1.0.19)

Cisco PEAP Module (Version: 1.1.6)

Cradle of Rome 2 (Version: 2.2.0.98)

CyberLink YouCam (Version: 3.5.0.4528)

D3DX10 (Version: 15.4.2368.0902)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 130.0.372.000)

DocMgr (Version: 130.0.000.000)

DocProc (Version: 13.0.0.0)

Dora's World Adventure (Version: 2.2.0.95)

ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)

Evernote v. 4.2.3 (Version: 4.2.3.22)

Farm Frenzy (Version: 2.2.0.98)

Farmscapes (Version: 2.2.0.98)

FATE (Version: 2.2.0.97)

Fax (Version: 130.0.418.000)

File1 Package Manager (Version: 0.1.2.75)

Final Drive Fury (Version: 2.2.0.95)

GPBaseService2 (Version: 130.0.371.000)

Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)

Hoyle Card Games (Version: 2.2.0.95)

HP Application Assistant (Version: 1.0.409.3882)

HP Auto (Version: 1.0.12935.3667)

HP Client Services (Version: 1.1.12938.3539)

HP Customer Experience Enhancements (Version: 6.0.1.8)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Document Manager 2.0 (Version: 2.0)

HP Documentation (Version: 1.1.0.0)

HP Games (Version: 1.0.2.5)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Launch Box (Version: 1.0.12)

HP MovieStore (Version: 2.1.091)

HP MovieStore (Version: 2.1.21091.0)

HP Officejet 4500 G510g-m (Version: 13.0)

HP On Screen Display (Version: 1.3.5)

HP Power Manager (Version: 1.4.7)

HP Quick Launch (Version: 2.7.2)

HP QuickWeb (Version: 3.1.1.10197)

HP Recovery Manager (Version: 2.0.0)

HP Security Assistant (Version: 1.0.12)

HP Setup (Version: 9.0.15076.3891)

HP Setup Manager (Version: 1.2.14901.3869)

HP Smart Web Printing 4.5 (Version: 4.5)

HP Software Framework (Version: 4.6.10.1)

HP Solution Center 13.0 (Version: 13.0)

HP Support Assistant (Version: 7.0.39.15)

HP Update (Version: 5.003.001.001)

HPProductAssistant (Version: 130.0.371.000)

HPSSupply (Version: 130.0.371.000)

IBM Lotus Forms Viewer 3.5.1 (Version: 7.6.1.333)

iCloud (Version: 2.1.2.8)

IDT Audio (Version: 1.0.6341.0)

iTunes (Version: 11.0.2.26)

Java 7 Update 9 (Version: 7.0.90)

Java Auto Updater (Version: 2.1.9.0)

Jewel Match 3 (Version: 2.2.0.98)

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (Version: 2.2.0.98)

John Deere Drive Green (Version: 2.2.0.95)

Junk Mail filter update (Version: 15.4.3502.0922)

Learning Lodge Navigator

Letters from Nowhere 2 (Version: 2.2.0.97)

Luxor HD (Version: 2.2.0.98)

Mah Jong Medley (Version: 2.2.0.95)

MarketResearch (Version: 130.0.374.000)

McAfee Security Scan Plus (Version: 3.0.318.3)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)

Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)

Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Network64 (Version: 130.0.374.000)

Network64 (Version: 140.0.221.000)

Norton 360 (Version: 6.4.1.14)

Norton Utilities 15 (Version: 15.0)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

opensource (Version: 1.0.14960.3876)

Penguins! (Version: 2.2.0.98)

Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)

PlayReady PC Runtime x86 (Version: 1.3.0)

Poker Superstars III (Version: 2.2.0.95)

Polar Bowler (Version: 2.2.0.97)

Polar Golfer (Version: 2.2.0.98)

QuickTime (Version: 7.73.80.64)

Realtek Ethernet Controller Driver (Version: 7.40.126.2011)

Realtek PCIE Card Reader (Version: 6.1.7601.83)

REALTEK Wireless LAN Driver (Version: 1.00.11.0706)

RollerCoaster Tycoon 3: Platinum (Version: 2.2.0.98)

Scan (Version: 13.0.0.0)

Shop for HP Supplies (Version: 13.0)

Skype™ 5.10 (Version: 5.10.116)

SmartCard Reader Driver Installation (Version: 1.7.20.13)

SmartPCFixer 4.2 (Version: 4.2)

SmartWebPrinting (Version: 130.0.373.000)

SolutionCenter (Version: 130.0.373.000)

Status (Version: 130.0.373.000)

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 15.3.11.0)

The Treasures of Mystery Island: The Ghost Ship (Version: 2.2.0.98)

Toolbox (Version: 130.0.648.000)

Torchlight (Version: 2.2.0.98)

TrayApp (Version: 130.0.376.000)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update Installer for WildTangent Games App

Video Convert Master v6.0

Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.98)

VLC media player 2.0.5 (Version: 2.0.5)

VTech Download Agent Library (Version: 1.00.0000)

WebReg (Version: 130.0.132.017)

WildTangent Games App (HP Games) (Version: 4.0.5.32)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3538.0513)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3538.0513)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Zuma's Revenge (Version: 2.2.0.98)

==================== Restore Points =========================

22-04-2013 02:01:13 Windows Backup

24-04-2013 17:57:47 Windows Update

29-04-2013 16:36:43 Windows Backup

30-04-2013 23:15:05 Windows Update

06-05-2013 02:00:08 Windows Backup

13-05-2013 02:15:22 Windows Backup

17-05-2013 23:09:20 Windows Update

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510g-m

Description: Officejet 4500 G510g-m

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: HP

Service: StillCam

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510g-m

Description: Officejet 4500 G510g-m

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/10/2013 08:04:21 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 01:28:09 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 06:03:44 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:55:51 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:43:37 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:40:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:

Could not query the status of the EventSystem service.

System Error:

A system shutdown is in progress.

.

Error: (05/17/2013 05:32:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )

Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:

Could not query the status of the EventSystem service.

System Error:

A system shutdown is in progress.

.

Error: (05/17/2013 05:27:29 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:13:38 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:07:31 PM) (Source: Customer Experience Improvement Program) (User: )

Description: 80004005

System errors:

=============

Error: (06/10/2013 08:05:54 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/10/2013 08:05:47 PM) (Source: DCOM) (User: )

Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/10/2013 08:05:46 PM) (Source: DCOM) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/10/2013 08:05:45 PM) (Source: Service Control Manager) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068

Error: (06/10/2013 08:05:46 PM) (Source: DCOM) (User: )

Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/10/2013 08:03:17 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

AFD

BHDrvx64

ccSet_N360

DfsC

discache

eeCtrl

IDSVia64

NetBIOS

NetBT

nsiproxy

Psched

rdbss

spldr

SRTSP

SRTSPX

SymIRON

SymNetS

tdx

vwififlt

Wanarpv6

WfpLwf

Error: (06/10/2013 08:03:16 PM) (Source: Service Control Manager) (User: )

Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:

%%1068

Error: (06/10/2013 08:03:16 PM) (Source: Service Control Manager) (User: )

Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:

%%1068

Error: (06/10/2013 08:03:16 PM) (Source: Service Control Manager) (User: )

Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%1068

Error: (06/10/2013 08:03:16 PM) (Source: Service Control Manager) (User: )

Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

%%1068

Microsoft Office Sessions:

=========================

Error: (06/10/2013 08:04:21 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2013 01:28:09 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 06:03:44 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:55:51 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:43:37 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:40:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:

Could not query the status of the EventSystem service.

System Error:

A system shutdown is in progress.

Error: (05/17/2013 05:32:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )

Description:

Details:

Could not query the status of the EventSystem service.

System Error:

A system shutdown is in progress.

Error: (05/17/2013 05:27:29 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:13:38 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2013 05:07:31 PM) (Source: Customer Experience Improvement Program)(User: )

Description: 80004005

==================== Memory info ===========================

Percentage of memory in use: 13%

Total physical RAM: 3561.41 MB

Available physical RAM: 3086.15 MB

Total Pagefile: 7121 MB

Available Pagefile: 6652.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.65 GB) (Free:32.69 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery) (Fixed) (Total:19.95 GB) (Free:2.16 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.02 GB) FAT32 (Disk=0 Partition=4)

Drive h: () (Removable) (Total:1.86 GB) (Free:0.12 GB) FAT (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 895A24CC)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=442 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================

Disk: 1 (Size: 2 GB) (Disk ID: 509B4DCB)

Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================

[Wcar223]

and the gmer.txt is attached to this post

gmer.txt

[Psychotic]

Uninstall the following software:

Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (Version: 1.2.3.29495)
McAfee Security Scan Plus (Version: 3.0.318.3)

Scan with adwCleaner

Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
  
• Hit delete.
  
• When the run is finished, it will open up a text file.
  
• Please post its contents within your next reply.
  
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please save it to a convenient location.
  
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Post that log back here.
  

[Wcar223]

heres the adwcleaner

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 23:29:49

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : irie - IRIE-HP

# Boot Mode : Normal

# Running from : C:\Users\irie\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\searchplugins\Askcom.xml

File Found : C:\Users\Public\Desktop\eBay.lnk

Folder Found : C:\ProgramData\Ask

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-21-842047712-879935436-197141056-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-842047712-879935436-197141056-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Found : HKU\S-1-5-21-842047712-879935436-197141056-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKU\S-1-5-21-842047712-879935436-197141056-1001\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.order.2", "Ask.com");

*************************

AdwCleaner[R1].txt - [3120 octets] - [13/06/2013 23:29:49]

########## EOF - C:\AdwCleaner[R1].txt - [3180 octets] ##########

[Wcar223]

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 23:35:02

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : irie - IRIE-HP

# Boot Mode : Normal

# Running from : C:\Users\irie\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\ProgramData\Ask

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD

Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\prefs.js

C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.order.2", "Ask.com");

*************************

AdwCleaner[R1].txt - [3235 octets] - [13/06/2013 23:29:49]

AdwCleaner[s1].txt - [315 octets] - [13/06/2013 23:30:46]

AdwCleaner[s2].txt - [2659 octets] - [13/06/2013 23:35:02]

########## EOF - C:\AdwCleaner[s2].txt - [2719 octets] ##########

[Wcar223]

this is the log from the malware scan at the end of the scan it said the were no malicious files detected

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.13.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

irie :: IRIE-HP [administrator]

Protection: Enabled

6/13/2013 11:44:10 PM

mbam-log-2013-06-13 (23-44-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209231

Time elapsed: 10 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Psychotic]

Looks good!

Let´s cross check these results:

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[Wcar223]

the eset online scanner said there were no threats found

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner

Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
  
• Hit delete.
  
• When the run is finished, it will open up a text file.
  
• Please post its contents within your next reply.
  
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
  
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[Wcar223]

heres the results from the adw cleaner

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 11:34:18

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : irie - IRIE-HP

# Boot Mode : Normal

# Running from : C:\Users\irie\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\irie\AppData\Roaming\Mozilla\Firefox\Profiles\8s52hslg.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3235 octets] - [13/06/2013 23:29:49]

AdwCleaner[R2].txt - [724 octets] - [15/06/2013 11:34:18]

AdwCleaner[s1].txt - [315 octets] - [13/06/2013 23:30:46]

AdwCleaner[s2].txt - [2774 octets] - [13/06/2013 23:35:02]

########## EOF - C:\AdwCleaner[R2].txt - [902 octets] ##########

[Wcar223]

this is the checkup text from the security check

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 9

Java version out of Date!

Adobe Flash Player 11.7.700.224

Adobe Reader 10.1.0 Adobe Reader out of Date!

Mozilla Firefox (21.0)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[Psychotic]

That´s it - you´re all clean now!

Java update update

Your Java runtime environment is outdated. We will fix this.

• Get the actual JRE from here
• Save jxpiinstall.exe to your desktop
• Close all running programs, especially your browser(s)
• Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
• when finished, go to
  Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
• When finished, reboot your computer.

After the reboot

• Open control panel again and click the java symbol.
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
• Click Delete Files.
  The Delete Temporary Files dialog box appears
• Click OK on Delete Temporary Files window.
• Click OK again.

Adobe Reader update

Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  
• Run setup and follow the instructions.
  
• Click upon Start-->control panel-->add/remove programs.
  
• Search for and remove any older reader versions.
  

Uninstall our tools.

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
   
2. In the case we used Combofix. Rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
   
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
     
   • Please check all the boxes and run the tool.
     
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

Reading Material

How to protect yourself

• System Updates
  Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Windows XP | Windows Vista |
  Windows 7 | windows 8
  
• Protection
  What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
  Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  
• Up to date Software
  Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  
  • Secunia Online Software Inspector - Checks if your software has updates available.
    
  • Filehippo Update Checkere - This tool also scans your computer for outdated software.
    
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
    

  [*] Backups

  There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.

  [*] Brains

  It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!