Jump to content

toms daughter in laws virus


Recommended Posts

Have tried normal virus removal programs to no avail, need help with clearing stubborn lockout from security centre.  Help with this problem will be gratefully received.

 

Thank you

 

Tom 

 

dds report and attach below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.40.2
Run by Philip at 12:35:09 on 2013-09-14
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Users\Philip\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Users\Philip\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = 127.0.0.1:9421;<local>
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: <No Name>: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - 
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - 
TB: DVDVideoSoftTB Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - 
TB: &Crawler Toolbar: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
uRun: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_S3AFD.tmp" /EF "HKCU"
uRun: [EPSON SX510W Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S5B0E.tmp" /EF "HKCU"
uRun: [Epson Stylus SX510W(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SF6E.tmp" /EF "HKCU"
uRun: [bTCommonClient] "C:\Program Files (x86)\BT Connection Manager\btomo.exe" -a
uRun: [Akamai NetSession Interface] "C:\Users\Philip\AppData\Local\Akamai\netsession_win.exe"
uRun: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Rxa1gKilRsOh] C:\Users\Philip\AppData\Local\SkbeR8P.exe
uRun: [WeySyiny] C:\Users\Philip\AppData\Local\oxhgofel\weysyiny.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Rxa1gKilRsOh] C:\Users\Philip\AppData\Local\SkbeR8P.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6B01FC2B-B405-4D86-9FEA-DA388231BD14} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6B01FC2B-B405-4D86-9FEA-DA388231BD14}\244584572633D225736363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6B01FC2B-B405-4D86-9FEA-DA388231BD14}\4516E6E6562702641627D602051627B60275962756C6563737 : DHCPNameServer = 192.168.231.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MouseDriverD9] C:\Program Files\MouseDriver\MouseDriver.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? ?etadpug;Google Update Service (gupdate)
R? AVGIDSAgent;AVGIDSAgent
R? BBSvc;BingBar Service
R? BT Common Client RSA Smart Card Reader Service;BT Common Client RSA Smart Card Reader Service
R? BTWSp50a64;BTWSp50a64 NDIS Protocol Driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? ggflt;SEMC USB Flash Driver Filter
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? s1018bus;Sony Ericsson Device 1018 driver (WDM)
R? s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter
R? s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver
R? s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
R? s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
R? s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface
R? s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
R? SkypeUpdate;Skype Updater
R? Sony PC Companion;Sony PC Companion
R? ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? !SASCORE;SAS Core Service
S? Akamai;Akamai NetSession Interface
S? Avgfwfd;AVG network filter service
S? avgfws;AVG Firewall
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? BBUpdate;BBUpdate
S? Com4QLBEx;Com4QLBEx
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MpFilter;Microsoft Malware Protection Driver
S? RTL8167;Realtek 8167 NT Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Skype C2C Service;Skype C2C Service
S? SrvHsfHDA;SrvHsfHDA
S? SrvHsfV92;SrvHsfV92
S? SrvHsfWinac;SrvHsfWinac
S? SysMouseFilterF3;SysMouseFilterF3
S? vToolbarUpdater15.5.0;vToolbarUpdater15.5.0
.
=============== Created Last 30 ================
.
2013-09-14 10:45:12 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-14 10:45:10 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-14 10:45:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 09:12:48 -------- d-----w- C:\Windows\System32\MRT
2013-09-14 09:08:40 -------- d-----w- C:\Windows\Temp33890900-A962-99CE-4FB1-F88D5F6C1F46-Signatures
2013-09-14 09:00:12 -------- d-----w- C:\Windows\System32\EventProviders
2013-09-14 05:44:05 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2013-09-14 05:44:04 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-14 05:44:03 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-09-14 05:44:03 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-09-14 05:44:03 158208 ----a-w- C:\Windows\System32\aaclient.dll
2013-09-14 05:44:03 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-09-14 05:43:54 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-09-14 05:43:53 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-09-14 05:43:50 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-09-14 05:38:25 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-14 05:38:23 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-09-14 05:38:23 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-14 05:38:23 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-09-14 05:38:23 112640 ----a-w- C:\Windows\System32\smss.exe
2013-09-14 05:38:22 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-09-14 05:27:56 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-09-14 01:29:50 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27FA8F10-D7CD-40BF-80AA-E1B043C8C82D}\mpengine.dll
2013-09-13 17:42:19 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-13 16:37:40 -------- d-----w- C:\ProgramData\Oracle
2013-09-13 16:37:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 16:31:55 -------- d-----w- C:\Program Files\Speccy
2013-09-13 09:19:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-09-13 09:19:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-09-12 16:06:19 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-09-12 16:06:19 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-09-12 15:44:08 -------- d-----w- C:\Users\Philip\AppData\Local\{13AADDCA-586C-4E40-9C9F-8465FD7660B3}
.
==================== Find3M  ====================
.
2013-09-13 16:36:36 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-09-13 16:36:36 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-15 16:41:55 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-18 20:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 20:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 12:37:40.72 ===============
 
 
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acoustica Effects Pack
Acoustica Mixcraft 5
Acrobat.com
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
AGEIA PhysX v7.01.12
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AVG 2012
AVG Security Toolbar
Bing Bar
Bonjour
Bug Bits 1.0
Camera RAW Plug-In for EPSON Creativity Suite
Compatibility Pack for the 2007 Office system
Conexant HD Audio
ConstructionSkills
Crawler Toolbar
CyberLink YouCam
D3DX10
DVDVideoSoftTB Toolbar
EPSON Printer Software
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EPSON SX510W Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
Facebook Plug-In
Free Audio CD Burner version 1.4.7
Free NaturalReader
Free Studio version 5.0.13
Free YouTube to MP3 Converter version 3.9.31
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HP Quick Launch Buttons
Inbox Toolbar
iTunes
Java 7 Update 40
Java Auto Updater
Java 6 Update 21
Junk Mail filter update
KODAK Share Button App
Malwarebytes Anti-Malware version 1.75.0.1300
Media Go
Media Go Video Playback Engine 1.88.110.12050
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
MouseDriver
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Play System (Patching)
PlayStation®Network Downloader
PlayStation®Store
PortGo Softphone version 8.0
QLBCASL
QuickTime
Sage Planning for Business
Sage Start-up
Search Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype Click to Call
Skype™ 5.10
Sony Ericsson Update Engine
Sony PC Companion 2.10.173
Speccy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

Hi Thanks,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-09-2013 04
Ran by Philip (administrator) on PHILIP-PC on 14-09-2013 17:55:55
Running from C:\Users\Philip\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Could not list processes ===============
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [MouseDriverD9] - C:\Program Files\MouseDriver\MouseDriver.exe [3293184 2008-12-19] ()
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [EPSON Stylus DX7400 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_S3AFD.tmp" /EF "HKCU"
HKCU\...\Run: [EPSON SX510W Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S5B0E.tmp" /EF "HKCU"
HKCU\...\Run: [Epson Stylus SX510W(Network)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SF6E.tmp" /EF "HKCU"
HKCU\...\Run: [bTCommonClient] - "C:\Program Files (x86)\BT Connection Manager\btomo.exe" -a
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Philip\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-22] (Google Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Rxa1gKilRsOh] - C:\Users\Philip\AppData\Local\SkbeR8P.exe
HKCU\...\Run: [WeySyiny] - C:\Users\Philip\AppData\Local\oxhgofel\weysyiny.exe
MountPoints2: {8cae339c-7405-11e0-8596-001f165c9edf} - G:\LaunchU3.exe -a
MountPoints2: {9eaaba10-8528-11e1-9ff3-001f165c9edf} - G:\Startme.exe
MountPoints2: {bb84a57f-2fa4-11e1-bd41-001f165c9edf} - G:\KODAK_Camera_Setup_App.exe
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [uCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2007-08-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2314416 2013-08-15] ()
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Rxa1gKilRsOh] - C:\Users\Philip\AppData\Local\SkbeR8P.exe [x]
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Lolo\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-22] (Google Inc.)
HKU\Lolo\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKU\Lolo\...\Run: [yCpCQSpcQDy4] - C:\Users\Lolo\AppData\Local\fvJcrgR.exe
Startup: C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://inboxtoolbar.com/search/ie.aspx?tbid=80150
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://inboxtoolbar.com/help/sa_customize.aspx?tbid=80150
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E6EF932F-2CD2-4926-AEDD-31A9B8D552F2&apn_sauid=3718A540-1C9A-4CC1-A40D-3EAA3EEF2228
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60195
SearchScopes: HKCU - {3BF28F2B-AC36-4B43-9717-D939AE2EA317} URL = http://websearch.ask.com/redirect?client=ie&tb=MTV&o=1590&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^AAH&apn_dtid=^YYYYYY^SN^GB&apn_uid=7a94154a-5850-4f8f-bf35-76e9bcb89ff6&apn_sauid=1354B9E3-A3DF-4386-A8BF-308FABEA718A
SearchScopes: HKCU - {58A7CA70-8734-4895-92DF-D4C753293510} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-bt-odtb
SearchScopes: HKCU - {8771476E-103F-4598-A070-F5996ACFBB77} URL = http://search.avg.com/?d=4e3acf18&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={64F44EEF-D1BE-408C-B23E-F32672D53B55}&mid=1d884ce8f0ca47d1835bd15650b8772c-788d4ab33b549ffce1972619ba5d771eb3f901c6〈=en&ds=AVG&pr=pr&d=2012-08-15 13:20:14&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en
SearchScopes: HKCU - {DFE392A0-EEB4-4F1E-A778-C9407D981523} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282128&CUI=UN16764107532400725
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
BHO-x32: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Toolbar: HKLM-x32 - &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Search Results Toolbar - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -  No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKCU -  No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU -  No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU -  No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU -  No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU -  No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -  No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 11 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Philip\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Philip\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF SearchPlugin: C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\searchplugins\askcom.xml
FF Extension: No Name - C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\inboxcomtoolbar@inbox.com
FF Extension: Ask Toolbar - C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\toolbar@ask.com
FF Extension: DVDVideoSoftTB Toolbar - C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: No Name - C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Philip\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Facebook Plugin) - C:\Users\Philip\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (AVG Safe Search) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0
CHR Extension: (Skype Click to Call) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0
CHR Extension: (AVG Secure Search) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [1643184 2013-08-15] (AVG Secure Search)
S3 BT Common Client RSA Smart Card Reader Service; C:\Program Files (x86)\BT Connection Manager\btomoscrsrv.exe [x]
S2 Winmgmt; C:\PROGRA~3\otq109.pzz [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{d3145163-28fb-decd-a1a6-380b0e9b7fd1}\   \...\???\{d3145163-28fb-decd-a1a6-380b0e9b7fd1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SysMouseFilterF3; C:\Windows\System32\DRIVERS\SysMouseFilterF3.sys [28152 2008-12-08] ()
S2 BTWSp50a64; SysWOW64\Drivers\BTWSp50a64.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-14 17:55 - 2013-09-14 17:55 - 00000000 ____D C:\FRST
2013-09-14 17:53 - 2013-09-14 17:53 - 01950312 _____ (Farbar) C:\Users\Philip\Desktop\FRST64.exe
2013-09-14 12:38 - 2013-09-14 12:38 - 00004946 _____ C:\Users\Philip\Desktop\attach.txt
2013-09-14 12:38 - 2013-09-14 12:37 - 00019477 _____ C:\Users\Philip\Desktop\dds.txt
2013-09-14 12:29 - 2013-09-14 12:29 - 00688992 ____R (Swearware) C:\Users\Philip\Desktop\dds.com
2013-09-14 11:45 - 2013-09-14 11:45 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 11:45 - 2013-09-14 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-14 11:45 - 2013-09-14 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 11:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-14 11:42 - 2013-09-14 11:43 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Philip\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-14 10:47 - 2013-09-14 10:47 - 00347424 _____ (Microsoft Corporation) C:\Users\Philip\Downloads\MicrosoftFixit.WinSecurity.RNP.38302582825594639.1.1.Run.exe
2013-09-14 10:12 - 2013-09-14 10:15 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 10:08 - 2013-09-14 10:09 - 00000000 ____D C:\Windows\Temp33890900-A962-99CE-4FB1-F88D5F6C1F46-Signatures
2013-09-14 10:00 - 2013-09-14 10:00 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-14 09:59 - 2013-02-22 07:27 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-14 09:59 - 2013-02-22 07:21 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-14 09:59 - 2013-02-22 07:19 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-14 09:59 - 2013-02-22 07:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-14 09:59 - 2013-02-22 07:15 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-14 09:59 - 2013-02-22 07:14 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-14 09:59 - 2013-02-22 07:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-14 09:59 - 2013-02-22 07:12 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-14 09:59 - 2013-02-22 07:09 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-14 09:59 - 2013-02-22 04:38 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-14 09:59 - 2013-02-22 04:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-14 09:59 - 2013-02-22 04:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-14 09:59 - 2013-02-22 04:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-14 09:59 - 2013-02-22 04:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-14 09:59 - 2013-02-22 04:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-14 09:59 - 2013-02-22 04:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-14 09:59 - 2013-02-22 04:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-14 09:59 - 2013-02-22 04:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-14 09:58 - 2013-02-22 07:57 - 17817088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-14 09:58 - 2013-02-22 07:29 - 10925568 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-14 09:58 - 2013-02-22 07:20 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-14 09:58 - 2013-02-22 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-14 09:58 - 2013-02-22 07:15 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-14 09:58 - 2013-02-22 07:15 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-14 09:58 - 2013-02-22 07:13 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-14 09:58 - 2013-02-22 05:05 - 12324352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-14 09:58 - 2013-02-22 04:47 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-14 09:58 - 2013-02-22 04:46 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-14 09:58 - 2013-02-22 04:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-14 09:58 - 2013-02-22 04:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-14 09:58 - 2013-02-22 04:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-14 09:58 - 2013-02-22 04:32 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-14 06:44 - 2013-02-12 16:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-14 06:44 - 2013-02-12 16:37 - 03138048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-14 06:44 - 2013-02-12 16:31 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-14 06:44 - 2013-02-12 16:13 - 02691072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-14 06:44 - 2013-02-12 16:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-14 06:44 - 2013-02-12 14:59 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-14 06:43 - 2013-04-12 15:36 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-09-14 06:43 - 2013-03-01 04:32 - 03150848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-14 06:43 - 2013-01-24 06:41 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-09-14 06:38 - 2013-03-19 07:19 - 05497688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-14 06:38 - 2013-03-19 06:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-14 06:38 - 2013-03-19 06:06 - 03958120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-14 06:38 - 2013-03-19 06:06 - 03902312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-14 06:38 - 2013-03-19 05:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-14 06:38 - 2013-03-19 04:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-14 06:27 - 2013-02-12 15:02 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-09-13 17:37 - 2013-09-13 17:37 - 00000000 ____D C:\ProgramData\Oracle
2013-09-13 17:37 - 2013-09-13 17:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-13 17:37 - 2013-09-13 17:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-13 17:37 - 2013-09-13 17:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-13 17:37 - 2013-09-13 17:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-13 17:32 - 2013-09-13 17:39 - 00000953 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-09-13 17:31 - 2013-09-13 17:32 - 00000000 ____D C:\Program Files\Speccy
2013-09-13 10:21 - 2013-09-14 10:10 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-13 10:19 - 2013-09-14 10:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-13 10:19 - 2013-09-14 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-12 17:07 - 2013-09-14 17:07 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69.job
2013-09-12 17:07 - 2013-09-14 02:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55.job
2013-09-12 17:07 - 2013-09-12 17:07 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55
2013-09-12 17:07 - 2013-09-12 17:07 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69
2013-09-12 17:06 - 2013-09-14 10:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-12 17:06 - 2013-09-12 17:29 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-09-12 17:06 - 2013-09-12 17:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Users\Philip\AppData\Local\{13AADDCA-586C-4E40-9C9F-8465FD7660B3}
2013-09-10 08:29 - 2013-09-10 08:29 - 00153605 _____ C:\Users\Cam\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
2013-09-09 09:17 - 2013-09-10 19:24 - 00000000 _____ C:\ProgramData\otq109.ctrl
2013-09-09 09:17 - 2013-09-09 09:17 - 95025368 ____T C:\ProgramData\otq109.pff
2013-09-09 09:17 - 2013-09-09 09:17 - 00153605 _____ C:\Users\Philip\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
2013-09-07 13:39 - 2013-09-08 19:00 - 00024552 _____ C:\Users\Cam\Downloads\Cam Chorley INVOICE.xlsx
2013-09-07 13:05 - 2013-09-07 13:05 - 00024538 _____ C:\Users\Cam\Downloads\Blank Invoice.xlsx
2013-08-17 08:30 - 2013-08-17 08:34 - 00024423 _____ C:\Users\Philip\Documents\City Data invoice ctc201.xlsx
 
==================== One Month Modified Files and Folders =======
 
2013-09-14 17:55 - 2013-09-14 17:55 - 00000000 ____D C:\FRST
2013-09-14 17:55 - 2009-07-14 05:51 - 01417604 _____ C:\Windows\setupact.log
2013-09-14 17:53 - 2013-09-14 17:53 - 01950312 _____ (Farbar) C:\Users\Philip\Desktop\FRST64.exe
2013-09-14 17:39 - 2009-11-10 22:07 - 01969229 _____ C:\Windows\WindowsUpdate.log
2013-09-14 17:07 - 2013-09-12 17:07 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69.job
2013-09-14 17:07 - 2010-01-29 08:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-14 13:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-14 12:59 - 2010-07-03 12:59 - 00000254 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-09-14 12:38 - 2013-09-14 12:38 - 00004946 _____ C:\Users\Philip\Desktop\attach.txt
2013-09-14 12:37 - 2013-09-14 12:38 - 00019477 _____ C:\Users\Philip\Desktop\dds.txt
2013-09-14 12:29 - 2013-09-14 12:29 - 00688992 ____R (Swearware) C:\Users\Philip\Desktop\dds.com
2013-09-14 12:23 - 2009-07-14 05:45 - 00019648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 12:23 - 2009-07-14 05:45 - 00019648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 12:14 - 2013-06-04 07:53 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-09-14 12:14 - 2013-01-23 15:19 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2013-09-14 12:14 - 2010-01-29 08:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-14 12:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 12:13 - 2009-11-11 19:41 - 00384566 _____ C:\Windows\PFRO.log
2013-09-14 11:45 - 2013-09-14 11:45 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-14 11:45 - 2013-09-14 11:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-14 11:45 - 2013-09-14 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 11:43 - 2013-09-14 11:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Philip\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-14 10:47 - 2013-09-14 10:47 - 00347424 _____ (Microsoft Corporation) C:\Users\Philip\Downloads\MicrosoftFixit.WinSecurity.RNP.38302582825594639.1.1.Run.exe
2013-09-14 10:27 - 2013-09-12 17:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-14 10:22 - 2009-07-14 05:45 - 00365096 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-14 10:21 - 2012-05-11 08:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-14 10:21 - 2012-05-11 08:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-14 10:18 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-09-14 10:15 - 2013-09-14 10:12 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 10:10 - 2013-09-13 10:21 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-14 10:09 - 2013-09-14 10:08 - 00000000 ____D C:\Windows\Temp33890900-A962-99CE-4FB1-F88D5F6C1F46-Signatures
2013-09-14 10:09 - 2013-09-13 10:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-14 10:08 - 2013-09-13 10:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-14 10:02 - 2009-11-29 19:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-14 10:00 - 2013-09-14 10:00 - 00000000 ____D C:\Windows\system32\EventProviders
2013-09-14 02:00 - 2013-09-12 17:07 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55.job
2013-09-13 17:39 - 2013-09-13 17:32 - 00000953 _____ C:\Users\Public\Desktop\Speccy.lnk
2013-09-13 17:37 - 2013-09-13 17:37 - 00000000 ____D C:\ProgramData\Oracle
2013-09-13 17:36 - 2013-09-13 17:37 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-13 17:36 - 2013-09-13 17:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-13 17:36 - 2013-09-13 17:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-13 17:36 - 2013-09-13 17:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-13 17:36 - 2012-10-13 11:17 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-13 17:36 - 2010-05-23 02:04 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-13 17:32 - 2013-09-13 17:31 - 00000000 ____D C:\Program Files\Speccy
2013-09-13 11:37 - 2009-11-10 23:43 - 00568512 _____ C:\Windows\DPINST.LOG
2013-09-13 11:34 - 2012-04-18 10:00 - 00001945 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2013-09-13 11:33 - 2009-11-10 23:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-13 11:28 - 2013-03-13 21:02 - 00576999 _____ C:\Users\Philip\AppData\Local\axiollpj.log
2013-09-13 11:28 - 2013-03-13 21:02 - 00000004 _____ C:\Users\Philip\AppData\Local\jdgfavyj.log
2013-09-13 11:28 - 2013-03-13 21:01 - 00000028 _____ C:\Users\Philip\AppData\Local\xkllrhiv.log
2013-09-13 11:28 - 2013-03-13 21:01 - 00000000 ____D C:\Users\Philip\AppData\Local\oxhgofel
2013-09-13 11:28 - 2009-11-10 22:07 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 11:27 - 2013-03-14 11:37 - 00000000 _____ C:\Users\Philip\AppData\Local\vyxhgegi.log
2013-09-13 10:09 - 2013-06-03 10:02 - 01108325 _____ C:\Users\Philip\AppData\Local\msdjxvum.log
2013-09-13 10:09 - 2013-04-15 15:12 - 00003937 _____ C:\Users\Philip\AppData\Local\kamplwqj.log
2013-09-13 10:09 - 2013-03-13 21:04 - 00003288 _____ C:\Users\Philip\AppData\Local\qhvydfuk.log
2013-09-13 10:09 - 2013-03-13 21:02 - 00005370 _____ C:\Users\Philip\AppData\Local\dtggwayn.log
2013-09-12 17:29 - 2013-09-12 17:06 - 00001965 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-09-12 17:28 - 2011-10-02 05:23 - 00000000 ____D C:\Users\Philip\AppData\Local\CrashDumps
2013-09-12 17:07 - 2013-09-12 17:07 - 00003594 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55
2013-09-12 17:07 - 2013-09-12 17:07 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69
2013-09-12 17:06 - 2013-09-12 17:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-12 16:44 - 2013-09-12 16:44 - 00000000 ____D C:\Users\Philip\AppData\Local\{13AADDCA-586C-4E40-9C9F-8465FD7660B3}
2013-09-10 22:40 - 2010-07-21 18:02 - 00000000 ____D C:\Program Files (x86)\Inbox Toolbar
2013-09-10 19:24 - 2013-09-09 09:17 - 00000000 _____ C:\ProgramData\otq109.ctrl
2013-09-10 18:42 - 2013-03-21 20:31 - 00000000 ____D C:\Users\Cam
2013-09-10 08:29 - 2013-09-10 08:29 - 00153605 _____ C:\Users\Cam\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
2013-09-10 08:27 - 2013-03-21 20:32 - 00000000 ____D C:\Users\Cam\AppData\Local\Google
2013-09-09 09:17 - 2013-09-09 09:17 - 95025368 ____T C:\ProgramData\otq109.pff
2013-09-09 09:17 - 2013-09-09 09:17 - 00153605 _____ C:\Users\Philip\AppData\Local\e5d9ade3-6325-4fdb-922f-38d35a21b99f
2013-09-09 09:13 - 2010-01-23 10:47 - 00000000 ____D C:\Users\Philip\AppData\Local\Google
2013-09-09 09:13 - 2010-01-22 20:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 19:00 - 2013-09-07 13:39 - 00024552 _____ C:\Users\Cam\Downloads\Cam Chorley INVOICE.xlsx
2013-09-08 16:48 - 2009-07-14 06:13 - 00730532 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-07 13:05 - 2013-09-07 13:05 - 00024538 _____ C:\Users\Cam\Downloads\Blank Invoice.xlsx
2013-09-06 17:51 - 2013-03-20 16:26 - 00002102 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 17:08 - 2009-11-11 00:29 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-29 18:47 - 2013-03-13 21:02 - 00000798 _____ C:\Users\Philip\AppData\Local\tkokgeop.log
2013-08-17 08:34 - 2013-08-17 08:30 - 00024423 _____ C:\Users\Philip\Documents\City Data invoice ctc201.xlsx
2013-08-15 17:42 - 2012-01-29 18:42 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-08-15 17:41 - 2012-08-15 13:20 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-08-15 17:41 - 2012-08-15 13:20 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Philip\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\otq109.ctrl
C:\Users\Philip\Photoshop_12_LS1.exe
 
 
Some content of TEMP:
====================
C:\Users\Cam\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Cam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Cam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lolo\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Lolo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Lolo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\APNStub.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Philip\AppData\Local\Temp\tbProd.dll
C:\Users\Philip\AppData\Local\Temp\_is255E.exe
C:\Users\Philip\AppData\Local\Temp\_is4E00.exe
C:\Users\Philip\AppData\Local\Temp\_is6650.exe
C:\Users\Philip\AppData\Local\Temp\_isB869.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-12 19:29
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2013 04
Ran by Philip at 2013-09-14 17:58:10
Running from C:\Users\Philip\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512)
Acoustica Effects Pack (x32 Version: 3.0)
Acoustica Mixcraft 5 (x32)
Acrobat.com (x32 Version: 2.0.0)
Acrobat.com (x32 Version: 2.0.0.0)
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Download Assistant (x32 Version: 1.0.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.1.102.55)
Adobe Reader 9.4.6 (x32 Version: 9.4.6)
AGEIA PhysX v7.01.12 (x32 Version: 7.01.12)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.2.0)
Ask Toolbar Updater (HKCU Version: 1.2.1.23037)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AVG Security Toolbar (x32 Version: 15.5.0.2)
Bing Bar (x32 Version: 7.2.241.0)
Bonjour (Version: 3.0.0.10)
Bug Bits 1.0 (x32)
Camera RAW Plug-In for EPSON Creativity Suite (x32 Version: 2.2.0.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.58.1.0)
ConstructionSkills (x32 Version: 1.00.673)
Crawler Toolbar (x32)
CyberLink YouCam (x32 Version: 1.0.1002)
D3DX10 (x32 Version: 15.4.2368.0902)
DVDVideoSoftTB Toolbar (x32 Version: 6.11.2.6)
EPSON Printer Software
Epson Printer Software Downloader (x32 Version: 2.0.0)
Epson Printer Software Downloader (x32)
EPSON Scan (x32)
Epson Stylus SX510W_TX550W Manual (x32)
EPSON SX510W Series Printer Uninstall
EpsonNet Print (x32 Version: 2.4i)
EpsonNet Setup (x32 Version: 3.1c)
Facebook Plug-In (HKCU)
Free Audio CD Burner version 1.4.7 (x32)
Free NaturalReader (x32 Version: 9.0)
Free Studio version 5.0.13 (x32)
Free YouTube to MP3 Converter version 3.9.31 (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
GoToAssist Corporate (x32 Version: 9.0.0.599)
HP Quick Launch Buttons (x32 Version: 6.50.7.1)
Inbox Toolbar (x32 Version: 1.0.0)
iTunes (Version: 11.0.2.26)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
Java 6 Update 21 (x32 Version: 6.0.210)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
KODAK Share Button App (x32 Version: 4.00.0000.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Go (x32 Version: 2.1.392)
Media Go Video Playback Engine 1.88.110.12050 (x32 Version: 1.88.110.12050)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works 6-9 Converter (x32 Version: 9.7.0621)
MouseDriver (Version: 1.00.0000)
MouseDriver (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network Play System (Patching) (x32)
PlayStation®Network Downloader (x32 Version: 2.07.00849)
PlayStation®Store (x32 Version: 4.7.14.14146)
PortGo Softphone version 8.0 (x32 Version: 8.0)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.72.80.56)
Sage Planning for Business (x32 Version: 1.0.462.0)
Sage Start-up (x32 Version: 2.0.0.11)
Search Results Toolbar (x32 Version: 1.0.0.12)
Skype Click to Call (x32 Version: 6.7.12055)
Skype™ 5.10 (x32 Version: 5.10.116)
Sony Ericsson Update Engine (x32 Version: 2.12.12.24)
Sony PC Companion 2.10.173 (x32 Version: 2.10.173)
Speccy (Version: 1.23)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR archiver
Yahoo! BrowserPlus 2.9.8 (HKCU)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
 
==================== Restore Points  =========================
 
Could not list Restore Points.
 
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {049AC2BD-8F0D-47CF-9396-104FC4D464C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {04FD6CBE-816F-4EBF-9A2B-1D1C50CB1214} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {2621026C-1470-42B6-8CB5-A24654CED961} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1578952971-1974380792-2542341017-1003 => C:\Windows\System32\portabledeviceapi.dll [2009-07-14] (Microsoft Corporation)
Task: {293E896C-3578-45DF-9BF1-E01A1A1AAFC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {3275D579-1C3C-46C1-AAEC-8C75E2416CDC} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2009-07-14] (Microsoft Corporation)
Task: {3D4C6202-F0E3-42B8-9911-F609B5F82A78} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-05-04] ()
Task: {566D10AE-2C15-4B15-B93F-4095A5B4F3B4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{5F61A6E8-CD28-4698-BBFB-93AC41728277}.exe
Task: {5DB54E9A-3154-4574-B2D9-545EB43B266E} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-31] ()
Task: {8F16C24F-9648-4546-9593-40955A47961E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {98864E29-9393-4F65-B32B-B422BFF94628} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2011-09-22] (Eastman Kodak Company)
Task: {B2510878-8826-4B53-9A1C-A3763FBC0903} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {D92D7D90-A854-4FBF-8E3B-FD5973699C13} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {E07C876B-5678-46A5-BC9B-7B65E6A969C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04] (SUPERAdBlocker.com)
Task: {EC7D6EA5-D124-409B-A289-966B11EA70A4} - System32\Tasks\{28A419A5-CBB8-4061-B6DF-FD387B4F4369} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {F4F33EA7-9244-40C4-A27A-0A1E6979AA63} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: {F9E3170E-DB85-4063-BD9D-70AB06C9EA52} - System32\Tasks\Epson Printer Software Downloader => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26] (SEIKO EPSON CORPORATION)
Task: {FCDEA430-EC50-4C69-BB07-AF9003E6C8CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{5F61A6E8-CD28-4698-BBFB-93AC41728277}.exe
Task: C:\Windows\Tasks\Epson Printer Software Downloader.job => C:\Program Files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2013 08:32:46 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7600.16768 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d3c
 
Start Time: 01ceb0b7aa3f88ee
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id:
 
Error: (09/13/2013 08:30:12 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7600.16768 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 174
 
Start Time: 01ceb09e2db96e8a
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id:
 
Error: (09/13/2013 01:06:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 707230
 
Error: (09/13/2013 01:06:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 707230
 
Error: (09/13/2013 01:06:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/13/2013 11:33:49 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,
 
Error: (09/13/2013 10:17:03 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b28
 
Start Time: 01ceb061cbd3dc1c
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id: 3772f7f1-1c55-11e3-a09d-001f165c9edf
 
Error: (09/13/2013 10:11:11 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1110
 
Start Time: 01ceb0610c70ae00
 
Termination Time: 31
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (09/12/2013 05:28:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.6.0.1014, time stamp: 0x5092d064
Faulting module name: SUPERAntiSpyware.exe, version: 5.6.0.1014, time stamp: 0x5092d064
Exception code: 0xc000041d
Fault offset: 0x00000000000d3164
Faulting process id: 0xa34
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
 
Error: (09/08/2013 04:36:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: E_IARNFIE.EXE, version: 5.0.5.0, time stamp: 0x490594a9
Faulting module name: E_IAPRFIE.DLL, version: 6.0.2.0, time stamp: 0x4ac15cf5
Exception code: 0xc0000005
Fault offset: 0x000000000006a503
Faulting process id: 0x434
Faulting application start time: 0xE_IARNFIE.EXE0
Faulting application path: E_IARNFIE.EXE1
Faulting module path: E_IARNFIE.EXE2
Report Id: E_IARNFIE.EXE3
 
 
System errors:
=============
Error: (09/14/2013 05:59:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:58:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:58:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:55:55 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:40:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:40:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:39:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:39:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:38:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
Error: (09/14/2013 05:38:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated with the following error: 
%%126
 
 
Microsoft Office Sessions:
=========================
Error: (09/13/2013 08:32:46 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7600.16768d3c01ceb0b7aa3f88ee0C:\Windows\explorer.exe
 
Error: (09/13/2013 08:30:12 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7600.1676817401ceb09e2db96e8a0C:\Windows\Explorer.EXE
 
Error: (09/13/2013 01:06:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 707230
 
Error: (09/13/2013 01:06:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 707230
 
Error: (09/13/2013 01:06:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/13/2013 11:33:49 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,  (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/13/2013 10:17:03 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16464b2801ceb061cbd3dc1c0C:\Program Files (x86)\Internet Explorer\iexplore.exe3772f7f1-1c55-11e3-a09d-001f165c9edf
 
Error: (09/13/2013 10:11:11 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16464111001ceb0610c70ae0031C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Error: (09/12/2013 05:28:38 PM) (Source: Application Error)(User: )
Description: SUPERAntiSpyware.exe5.6.0.10145092d064SUPERAntiSpyware.exe5.6.0.10145092d064c000041d00000000000d3164a3401ceafd3dc4e5e8aC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe6049f90f-1bc8-11e3-8092-001f165c9edf
 
Error: (09/08/2013 04:36:12 PM) (Source: Application Error)(User: )
Description: E_IARNFIE.EXE5.0.5.0490594a9E_IAPRFIE.DLL6.0.2.04ac15cf5c0000005000000000006a50343401ceaca88d19bc45C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNFIE.EXEC:\Windows\system32\spool\DRIVERS\x64\3\E_IAPRFIE.DLL63bf3e1a-189c-11e3-a94b-001f165c9edf
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-24 09:24:01.321
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-24 09:24:00.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-22 21:52:46.354
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-22 21:52:45.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-14 18:13:50.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-14 18:13:49.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-14 16:26:45.918
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-14 16:26:45.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-13 12:01:24.582
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-13 12:01:24.223
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Philip\AppData\Local\Temp\esaacfgo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 4027.2 MB
Available physical RAM: 1969.98 MB
Total Pagefile: 8052.53 MB
Available Pagefile: 5670.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:138.97 GB) (Free:86.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.08 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 317C40FD)
Partition 1: (Active) - (Size=139 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)HKCU\...\Run: [Rxa1gKilRsOh] - C:\Users\Philip\AppData\Local\SkbeR8P.exeHKCU\...\Run: [WeySyiny] - C:\Users\Philip\AppData\Local\oxhgofel\weysyiny.exeHKLM-x32\...\Run: [Rxa1gKilRsOh] - C:\Users\Philip\AppData\Local\SkbeR8P.exe [x]HKU\Lolo\...\Run: [yCpCQSpcQDy4] - C:\Users\Lolo\AppData\Local\fvJcrgR.exeS2 Winmgmt; C:\PROGRA~3\otq109.pzz [x]U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{d3145163-28fb-decd-a1a6-380b0e9b7fd1}\   \...\???\{d3145163-28fb-decd-a1a6-380b0e9b7fd1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)2013-09-13 11:28 - 2013-03-13 21:01 - 00000000 ____D C:\Users\Philip\AppData\Local\oxhgofelC:\Users\Philip\AppData\Local\Google\Desktop\InstallC:\Program Files (x86)\Google\Desktop\InstallC:\ProgramData\otq109.ctrlC:\Users\Philip\AppData\Local\Temp\_is255E.exeC:\Users\Philip\AppData\Local\Temp\_is4E00.exeC:\Users\Philip\AppData\Local\Temp\_is6650.exeC:\Users\Philip\AppData\Local\Temp\_isB869.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Please include the following in your next post:
  • Fixlog.txt Report

Link to post
Share on other sites

Sorry my error, fixlog attached:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-09-2013 04
Ran by Philip at 2013-09-14 22:45:48 Run:1
Running from C:\Users\Philip\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Rxa1gKilRsOh] - C:\Users\Philip\AppData\Local\SkbeR8P.exe
HKCU\...\Run: [WeySyiny] - C:\Users\Philip\AppData\Local\oxhgofel\weysyiny.exe
HKLM-x32\...\Run: [Rxa1gKilRsOh] - C:\Users\Philip\AppData\Local\SkbeR8P.exe [x]
HKU\Lolo\...\Run: [yCpCQSpcQDy4] - C:\Users\Lolo\AppData\Local\fvJcrgR.exe
S2 Winmgmt; C:\PROGRA~3\otq109.pzz [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{d3145163-28fb-decd-a1a6-380b0e9b7fd1}\   \...\???\{d3145163-28fb-decd-a1a6-380b0e9b7fd1}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-09-13 11: 28 - 2013-03-13 21:01 - 00000000 ____D C:\Users\Philip\AppData\Local\oxhgofel
C:\Users\Philip\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\otq109.ctrl
C:\Users\Philip\AppData\Local\Temp\_is255E.exe
C:\Users\Philip\AppData\Local\Temp\_is4E00.exe
C:\Users\Philip\AppData\Local\Temp\_is6650.exe
C:\Users\Philip\AppData\Local\Temp\_isB869.exe
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Rxa1gKilRsOh => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WeySyiny => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Rxa1gKilRsOh => Value deleted successfully.
HKU\Lolo\Software\Microsoft\Windows\CurrentVersion\Run\\yCpCQSpcQDy4 => Value deleted successfully.
Winmgmt => Service restored successfully.
*etadpug => Service deleted successfully.
C:\Users\Philip\AppData\Local\oxhgofel => Moved successfully.
C:\Users\Philip\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
C:\ProgramData\otq109.ctrl => Moved successfully.
C:\Users\Philip\AppData\Local\Temp\_is255E.exe => Moved successfully.
Link to post
Share on other sites

That works.  Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Link to post
Share on other sites

Finally found a way

 

ComboFix 13-09-14.01 - Philip 15/09/2013  11:03:22.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.44.1033.18.4027.2342 [GMT 1:00]

Running from: c:\users\Philip\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Cam\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Philip\AppData\Local\axiollpj.log

c:\users\Philip\AppData\Local\dtggwayn.log

c:\users\Philip\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\users\Philip\AppData\Local\kamplwqj.log

c:\users\Philip\AppData\Local\msdjxvum.log

c:\users\Philip\AppData\Local\qhvydfuk.log

c:\users\Philip\AppData\Local\tkokgeop.log

c:\users\Philip\Documents\~WRL0198.tmp

c:\users\Philip\GoToAssistDownloadHelper.exe

c:\windows\SysWow64\Cache

c:\windows\SysWow64\Cache\029fec230f5de8a3.fb

c:\windows\SysWow64\Cache\0ed0230d16d16b76.fb

c:\windows\SysWow64\Cache\26c630d098e22dd5.fb

c:\windows\SysWow64\Cache\272512937d9e61a4.fb

c:\windows\SysWow64\Cache\287204568329e189.fb

c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb

c:\windows\SysWow64\Cache\2c53092c95605355.fb

c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb

c:\windows\SysWow64\Cache\32038a4af788e971.fb

c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb

c:\windows\SysWow64\Cache\3917078cb68ec657.fb

c:\windows\SysWow64\Cache\3a43b8876470023e.fb

c:\windows\SysWow64\Cache\43012ced285d9958.fb

c:\windows\SysWow64\Cache\452393070e932957.fb

c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb

c:\windows\SysWow64\Cache\610289e025a3ee9a.fb

c:\windows\SysWow64\Cache\643c8f70d1ebaafd.fb

c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb

c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\SysWow64\Cache\6d03dad1035885d3.fb

c:\windows\SysWow64\Cache\717820e657a4a0fd.fb

c:\windows\SysWow64\Cache\7294b2f1b0028680.fb

c:\windows\SysWow64\Cache\7eea374eb53016a9.fb

c:\windows\SysWow64\Cache\95f567698be8a182.fb

c:\windows\SysWow64\Cache\a6588ba7f11769b9.fb

c:\windows\SysWow64\Cache\a8556537add6dfc5.fb

c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb

c:\windows\SysWow64\Cache\c1fa887b03019701.fb

c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb

c:\windows\SysWow64\Cache\c7867d53acbbd237.fb

c:\windows\SysWow64\Cache\d201ef9910cd39de.fb

c:\windows\SysWow64\Cache\d2e94710a5708128.fb

c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb

c:\windows\SysWow64\Cache\ddc9cfcde40c733c.fb

c:\windows\SysWow64\Cache\e0de16f883bea794.fb

c:\windows\SysWow64\Cache\f0020235e21f7c5b.fb

c:\windows\SysWow64\Cache\f998975c9cc711ee.fb

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-15 to 2013-09-15  )))))))))))))))))))))))))))))))

.

.

2013-09-15 10:13 . 2013-09-15 10:13 -------- d-----w- c:\users\Lolo\AppData\Local\temp

2013-09-15 10:13 . 2013-09-15 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-15 10:13 . 2013-09-15 10:13 -------- d-----w- c:\users\Cam\AppData\Local\temp

2013-09-15 09:15 . 2013-08-19 23:46 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BAEF24B-2B80-41AD-8513-E6B42DBD24AC}\mpengine.dll

2013-09-14 16:55 . 2013-09-14 16:55 -------- d-----w- C:\FRST

2013-09-14 16:36 . 2013-08-19 23:46 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-14 10:45 . 2013-09-14 10:45 -------- d-----w- c:\users\Philip\AppData\Roaming\Malwarebytes

2013-09-14 10:45 . 2013-09-14 10:45 -------- d-----w- c:\programdata\Malwarebytes

2013-09-14 10:45 . 2013-09-14 10:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-09-14 10:45 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-14 09:12 . 2013-09-14 09:15 -------- d-----w- c:\windows\system32\MRT

2013-09-14 09:08 . 2013-09-14 09:09 -------- d-----w- c:\windows\Temp33890900-A962-99CE-4FB1-F88D5F6C1F46-Signatures

2013-09-14 09:00 . 2013-09-14 09:00 -------- d-----w- c:\windows\system32\EventProviders

2013-09-14 08:58 . 2013-02-22 06:20 1392128 ----a-w- c:\windows\system32\wininet.dll

2013-09-14 05:44 . 2013-02-12 15:37 3138048 ----a-w- c:\windows\system32\mstscax.dll

2013-09-14 05:44 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-09-14 05:44 . 2013-02-12 15:42 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-09-14 05:44 . 2013-02-12 15:31 158208 ----a-w- c:\windows\system32\aaclient.dll

2013-09-14 05:44 . 2013-02-12 15:07 131072 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-09-14 05:44 . 2013-02-12 13:59 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-09-14 05:43 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys

2013-09-14 05:43 . 2013-04-12 14:36 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-09-14 05:43 . 2013-01-24 05:41 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-09-14 05:38 . 2013-03-19 06:19 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-09-14 05:38 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-09-14 05:38 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-09-14 05:38 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-09-14 05:38 . 2013-03-19 03:19 112640 ----a-w- c:\windows\system32\smss.exe

2013-09-14 05:38 . 2013-03-19 04:53 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-09-14 05:27 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-09-13 16:37 . 2013-09-13 16:37 -------- d-----w- c:\programdata\Oracle

2013-09-13 16:37 . 2013-09-13 16:37 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-09-13 16:37 . 2013-09-13 16:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-13 16:31 . 2013-09-13 16:32 -------- d-----w- c:\program files\Speccy

2013-09-13 09:19 . 2013-09-14 09:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-09-13 09:19 . 2013-09-14 09:09 -------- d-----w- c:\program files\Microsoft Security Client

2013-09-12 16:06 . 2013-09-12 16:06 -------- d-----w- c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com

2013-09-12 16:06 . 2013-09-14 21:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-09-12 16:06 . 2013-09-12 16:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-13 16:36 . 2012-10-13 10:17 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-09-13 16:36 . 2010-05-23 01:04 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-09-01 16:08 . 2009-11-10 23:29 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-15 16:41 . 2012-08-15 12:20 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-06-18 20:50 . 2013-06-18 20:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-18 20:50 . 2012-08-30 21:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2013-03-05 13:37 231168 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}]

2012-03-22 07:24 87008 ----a-w- c:\program files (x86)\searchresults1\searchresultsDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-08-15 16:41 3122864 ----a-w- c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-05-04 14:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD2.dll" [2013-03-05 231168]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll" [2013-08-15 3122864]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]

"{94366e2c-9923-431c-b0d6-747447dd0f2b}"= "c:\program files (x86)\searchresults1\searchresultsDx.dll" [2012-03-22 87008]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{94366e2c-9923-431c-b0d6-747447dd0f2b}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Philip\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-22 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-15 2314416]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]

R2 BTWSp50a64;BTWSp50a64 NDIS Protocol Driver;SysWOW64\Drivers\BTWSp50a64.sys;SysWOW64\Drivers\BTWSp50a64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BT Common Client RSA Smart Card Reader Service;BT Common Client RSA Smart Card Reader Service;c:\program files (x86)\BT Connection Manager\btomoscrsrv.exe;c:\program files (x86)\BT Connection Manager\btomoscrsrv.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

S3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\system32\DRIVERS\SysMouseFilterF3.sys;c:\windows\SYSNATIVE\DRIVERS\SysMouseFilterF3.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ   Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-06 16:47 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-14 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]

.

2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 07:38]

.

2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 07:38]

.

2013-09-15 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job

- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-23 07:43]

.

2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MouseDriverD9"="c:\program files\MouseDriver\MouseDriver.exe" [2008-12-19 3293184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>



TCP: DhcpNameServer = 192.168.2.1

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-BTCommonClient - c:\program files (x86)\BT Connection Manager\btomo.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-15  11:19:43

ComboFix-quarantined-files.txt  2013-09-15 10:19

.

Pre-Run: 92,210,757,632 bytes free

Post-Run: 94,628,720,640 bytes free

.

- - End Of File - - 72D40484B081DBE45B78BE4848A69C9F

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

icon11.gif  You should uninstall either Microsoft Security Essentials or AVG.  Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.

AVG Removal Tool
MSSE Removal Tool

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log

Link to post
Share on other sites


# AdwCleaner v3.004 - Report created 15/09/2013 at 17:28:39

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium  (64 bits)

# Username : Philip - PHILIP-PC

# Running from : C:\Users\Philip\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\searchplugins\Askcom.xml

File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

File Found : C:\Windows\SysWOW64\conduitEngine.tmp

Folder Found : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Found : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Found : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Found : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Found : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Folder Found : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}

Folder Found : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\inboxcomtoolbar@inbox.com

Folder Found : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\toolbar@ask.com

Folder Found C:\Program Files (x86)\Ask.com

Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\ConduitEngine

Folder Found C:\Program Files (x86)\Crawler

Folder Found C:\Program Files (x86)\DVDVideoSoftTB

Folder Found C:\Program Files (x86)\DVDVideoSoftTB

Folder Found C:\Program Files (x86)\Inbox Toolbar

Folder Found C:\Program Files (x86)\searchresults1

Folder Found C:\ProgramData\Ask

Folder Found C:\ProgramData\AVG Secure Search

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar

Folder Found C:\Users\Cam\AppData\Local\AVG Secure Search

Folder Found C:\Users\Cam\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Cam\AppData\LocalLow\AVG Secure Search

Folder Found C:\Users\Cam\AppData\LocalLow\Conduit

Folder Found C:\Users\Cam\AppData\LocalLow\ConduitEngine

Folder Found C:\Users\Cam\AppData\LocalLow\DVDVideoSoftTB

Folder Found C:\Users\Cam\AppData\LocalLow\DVDVideoSoftTB

Folder Found C:\Users\Cam\AppData\LocalLow\Inbox Toolbar

Folder Found C:\Users\Cam\AppData\LocalLow\PriceGong

Folder Found C:\Users\Cam\AppData\LocalLow\searchresults1

Folder Found C:\Users\Cam\AppData\LocalLow\searchresultstb

Folder Found C:\Users\Lolo\AppData\Local\AVG Secure Search

Folder Found C:\Users\Lolo\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Lolo\AppData\LocalLow\AVG Secure Search

Folder Found C:\Users\Lolo\AppData\LocalLow\Conduit

Folder Found C:\Users\Lolo\AppData\LocalLow\ConduitEngine

Folder Found C:\Users\Lolo\AppData\LocalLow\DVDVideoSoftTB

Folder Found C:\Users\Lolo\AppData\LocalLow\DVDVideoSoftTB

Folder Found C:\Users\Lolo\AppData\LocalLow\Inbox Toolbar

Folder Found C:\Users\Lolo\AppData\LocalLow\PriceGong

Folder Found C:\Users\Philip\AppData\Local\apn

Folder Found C:\Users\Philip\AppData\Local\AVG Secure Search

Folder Found C:\Users\Philip\AppData\Local\Conduit

Folder Found C:\Users\Philip\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Philip\AppData\LocalLow\Conduit

Folder Found C:\Users\Philip\AppData\LocalLow\ConduitEngine

Folder Found C:\Users\Philip\AppData\LocalLow\DVDVideoSoftTB

Folder Found C:\Users\Philip\AppData\LocalLow\DVDVideoSoftTB

Folder Found C:\Users\Philip\AppData\LocalLow\Inbox Toolbar

Folder Found C:\Users\Philip\AppData\LocalLow\PriceGong

Folder Found C:\Users\Philip\AppData\LocalLow\searchresults1

Folder Found C:\Users\Philip\Application Data\dvdvideosoftiehelpers

Folder Found C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\searchresults1

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\APN DTX

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\CToolbar

Key Found : HKCU\Software\Inbox Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\searchresults1

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : [x64] HKCU\Software\APN

Key Found : [x64] HKCU\Software\APN DTX

Key Found : [x64] HKCU\Software\Ask.com

Key Found : [x64] HKCU\Software\AVG Secure Search

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\CToolbar

Key Found : [x64] HKCU\Software\Inbox Toolbar

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Found : [x64] HKCU\Software\searchresults1

Key Found : [x64] HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A13CA50F-88E0-4C05-B280-D4C7E5346603}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\ctbcommon.Buttons

Key Found : HKLM\SOFTWARE\Classes\ctbr.R404Pro

Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Client

Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Script

Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Server

Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282128

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\Software\CToolbar

Key Found : HKLM\Software\DVDVideoSoftTB

Key Found : HKLM\Software\DVDVideoSoftTB

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Found : HKLM\Software\Inbox Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69DC612C-537B-447D-842F-6B1D15414FE4}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBC2CADF-0E8E-4CAA-A44A-EAE22E0C55DB}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFE0041E-EA01-4593-9DD4-F8694C44C4CC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A13CA50F-88E0-4C05-B280-D4C7E5346603}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine 

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16476

 





 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\prefs.js ]

 

 

-\\ Google Chrome v29.0.1547.66

 

[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [25885 octets] - [15/09/2013 17:06:36]

AdwCleaner[R1].txt - [25732 octets] - [15/09/2013 17:28:39]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [25793 octets] ##########

 


 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.15.04

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Philip :: PHILIP-PC [administrator]

 

Protection: Enabled

 

15/09/2013 18:50:44

mbam-log-2013-09-15 (18-50-44).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 497552

Time elapsed: 1 hour(s), 25 minute(s), 4 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

How is your computer running now?  Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-Uncheck anything you may wish to keep, such as the AVG entries->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
Please include the following in your next post:
  • How is the computer running?
  • adwCleaner log
  • ESET log

Link to post
Share on other sites

The computer is now responding to updates perfectly, can only assume that the security issue is now resolved, thank very much.

 

Adw report attached, will continue with ESET later and report

 

# AdwCleaner v3.004 - Report created 16/09/2013 at 17:55:16
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Philip - PHILIP-PC
# Running from : C:\Users\Philip\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Crawler
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\searchresults1
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Philip\AppData\Local\apn
Folder Deleted : C:\Users\Philip\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Philip\AppData\Local\Conduit
Folder Deleted : C:\Users\Philip\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Philip\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Philip\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Philip\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Philip\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Philip\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Philip\AppData\LocalLow\searchresults1
Folder Deleted : C:\Users\Philip\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Lolo\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Lolo\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Cam\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Cam\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Cam\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Cam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cam\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Cam\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Cam\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Cam\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Cam\AppData\LocalLow\searchresults1
Folder Deleted : C:\Users\Cam\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\searchresults1
Folder Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Folder Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\inboxcomtoolbar@inbox.com
Folder Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
Key Deleted : HKLM\SOFTWARE\Classes\ctbr.R404Pro
Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282128
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A13CA50F-88E0-4C05-B280-D4C7E5346603}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A13CA50F-88E0-4C05-B280-D4C7E5346603}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFE0041E-EA01-4593-9DD4-F8694C44C4CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69DC612C-537B-447D-842F-6B1D15414FE4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBC2CADF-0E8E-4CAA-A44A-EAE22E0C55DB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\searchresults1
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [searchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v

[ File : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\prefs.js ]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [25885 octets] - [15/09/2013 17:06:36]
AdwCleaner[R1].txt - [25946 octets] - [15/09/2013 17:28:39]
AdwCleaner[R2].txt - [26439 octets] - [16/09/2013 17:48:20]
AdwCleaner[s0].txt - [24097 octets] - [16/09/2013 17:55:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [24158 octets] ##########

Link to post
Share on other sites

results from Eset report

 

C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdaterHelper.exe.vir Win32/Toolbar.Conduit.F application
C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Lolo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\652c9ab0-3fcea653 multiple threats
C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3bf10156-26577325 a variant of Java/Exploit.Agent.PNY trojan
C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\154b8aa2-1cb89e35 a variant of Java/Exploit.CVE-2013-2465.AO trojan
C:\Users\Philip\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4c925071-325a2651 multiple threats
C:\Users\Philip\AppData\Roaming\LatestDLMgr.exe a variant of Win32/OpenCandy.A application
C:\Users\Philip\Downloads\FreeStudio.exe a variant of Win32/Bundled.Toolbar.Ask application

Link to post
Share on other sites

The computer is responsive and behaving normally with updates now taking place.  excellent 

 

result from rerun ADW:

 

# AdwCleaner v3.004 - Report created 16/09/2013 at 21:16:16
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Philip - PHILIP-PC
# Running from : C:\Users\Philip\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v

[ File : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\prefs.js ]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [25885 octets] - [15/09/2013 17:06:36]
AdwCleaner[R1].txt - [25946 octets] - [15/09/2013 17:28:39]
AdwCleaner[R2].txt - [26439 octets] - [16/09/2013 17:48:20]
AdwCleaner[R3].txt - [1397 octets] - [16/09/2013 21:16:16]
AdwCleaner[s0].txt - [24259 octets] - [16/09/2013 17:55:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1518 octets] ##########

Link to post
Share on other sites

Please do this next (we are almost done):

icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above File::

ClearJavaCache::

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Please include the following in your next post:
  • ComboFix log
  • adwCleaner log

Link to post
Share on other sites

Sorry seem to have lost the contents of the ComboFix.txt Where can I find this?

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 11:25:59
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-PC
# Running from : C:\Users\Philip\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v

[ File : C:\Users\Philip\Application Data\Mozilla\Firefox\Profiles\ztv1i0k3.default\prefs.js ]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [25885 octets] - [15/09/2013 17:06:36]
AdwCleaner[R1].txt - [25946 octets] - [15/09/2013 17:28:39]
AdwCleaner[R2].txt - [26439 octets] - [16/09/2013 17:48:20]
AdwCleaner[R3].txt - [1598 octets] - [16/09/2013 21:16:16]
AdwCleaner[R4].txt - [1672 octets] - [17/09/2013 11:24:21]
AdwCleaner[s0].txt - [24259 octets] - [16/09/2013 17:55:16]
AdwCleaner[s1].txt - [1601 octets] - [17/09/2013 11:25:59]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1661 octets] ##########

Link to post
Share on other sites

Thanks this is the report produced

ComboFix 13-09-16.01 - Philip 17/09/2013 11:06:35.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4027.2364 [GMT 1:00]

Running from: c:\users\Philip\Desktop\ComboFix.exe

Command switches used :: c:\users\Philip\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Philip\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\windows\SysWow64\Cache

c:\windows\SysWow64\Cache\26c630d098e22dd5.fb

c:\windows\SysWow64\Cache\272512937d9e61a4.fb

c:\windows\SysWow64\Cache\287204568329e189.fb

c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb

c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb

c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb

c:\windows\SysWow64\Cache\3917078cb68ec657.fb

c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb

c:\windows\SysWow64\Cache\610289e025a3ee9a.fb

c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\SysWow64\Cache\6d03dad1035885d3.fb

c:\windows\SysWow64\Cache\95f567698be8a182.fb

c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb

c:\windows\SysWow64\Cache\b604cdd21483c30f.fb

c:\windows\SysWow64\Cache\c1fa887b03019701.fb

c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb

c:\windows\SysWow64\Cache\d201ef9910cd39de.fb

c:\windows\SysWow64\Cache\d2e94710a5708128.fb

c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb

c:\windows\SysWow64\Cache\f998975c9cc711ee.fb

.

.

((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 )))))))))))))))))))))))))))))))

.

.

2013-09-17 10:16 . 2013-09-17 10:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-09-17 10:16 . 2013-09-17 10:16 -------- d-----w- c:\users\Lolo\AppData\Local\temp

2013-09-17 10:16 . 2013-09-17 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-17 10:16 . 2013-09-17 10:16 -------- d-----w- c:\users\Cam\AppData\Local\temp

2013-09-16 21:49 . 2013-09-16 21:49 -------- d-----w- c:\windows\system32\SPReview

2013-09-16 20:21 . 2013-08-19 23:46 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC790E70-493F-43C6-83EA-83D54A02FA0C}\mpengine.dll

2013-09-16 17:57 . 2013-09-16 17:57 -------- d-----w- c:\program files (x86)\ESET

2013-09-16 16:23 . 2013-09-16 16:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-16 16:23 . 2013-09-16 16:23 -------- d-----w- c:\windows\system32\Macromed

2013-09-15 16:06 . 2013-09-16 20:16 -------- d-----w- C:\AdwCleaner

2013-09-15 10:22 . 2013-08-19 23:46 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-09-14 16:55 . 2013-09-14 16:55 -------- d-----w- C:\FRST

2013-09-14 10:45 . 2013-09-14 10:45 -------- d-----w- c:\users\Philip\AppData\Roaming\Malwarebytes

2013-09-14 10:45 . 2013-09-14 10:45 -------- d-----w- c:\programdata\Malwarebytes

2013-09-14 10:45 . 2013-09-14 10:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-09-14 10:45 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-09-14 09:12 . 2013-09-14 09:15 -------- d-----w- c:\windows\system32\MRT

2013-09-14 09:08 . 2013-09-14 09:09 -------- d-----w- c:\windows\Temp33890900-A962-99CE-4FB1-F88D5F6C1F46-Signatures

2013-09-14 09:00 . 2013-09-14 09:00 -------- d-----w- c:\windows\system32\EventProviders

2013-09-14 08:58 . 2013-02-22 06:20 1392128 ----a-w- c:\windows\system32\wininet.dll

2013-09-14 05:44 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-09-14 05:44 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-09-14 05:44 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-09-14 05:44 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-09-14 05:44 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-09-14 05:44 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-09-14 05:43 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-09-14 05:43 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-09-14 05:43 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-09-14 05:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-09-14 05:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-09-14 05:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-09-14 05:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-09-14 05:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-09-14 05:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-09-14 05:27 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-09-13 16:37 . 2013-09-13 16:37 -------- d-----w- c:\programdata\Oracle

2013-09-13 16:37 . 2013-09-13 16:37 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-09-13 16:37 . 2013-09-13 16:36 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-13 16:31 . 2013-09-13 16:32 -------- d-----w- c:\program files\Speccy

2013-09-13 09:19 . 2013-09-14 09:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-09-13 09:19 . 2013-09-14 09:09 -------- d-----w- c:\program files\Microsoft Security Client

2013-09-12 16:06 . 2013-09-12 16:06 -------- d-----w- c:\users\Philip\AppData\Roaming\SUPERAntiSpyware.com

2013-09-12 16:06 . 2013-09-15 21:35 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-09-12 16:06 . 2013-09-12 16:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-16 22:08 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2013-09-16 22:08 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2013-09-16 16:23 . 2011-06-22 11:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-13 16:36 . 2012-10-13 10:17 868264 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-09-13 16:36 . 2010-05-23 01:04 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-09-01 16:08 . 2009-11-10 23:29 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-15 16:41 . 2012-08-15 12:20 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Philip\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]

R2 BTWSp50a64;BTWSp50a64 NDIS Protocol Driver;SysWOW64\Drivers\BTWSp50a64.sys;SysWOW64\Drivers\BTWSp50a64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

R3 BT Common Client RSA Smart Card Reader Service;BT Common Client RSA Smart Card Reader Service;c:\program files (x86)\BT Connection Manager\btomoscrsrv.exe;c:\program files (x86)\BT Connection Manager\btomoscrsrv.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

S3 SysMouseFilterF3;SysMouseFilterF3;c:\windows\system32\DRIVERS\SysMouseFilterF3.sys;c:\windows\SYSNATIVE\DRIVERS\SysMouseFilterF3.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-06 16:47 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-09-16 c:\windows\Tasks\Epson Printer Software Downloader.job

- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 07:38]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 07:38]

.

2013-09-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 938c00e0-fe2a-4e4d-9123-b2822c5b2a69.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 95a9368f-afc0-4b94-9b2d-fdb5b20b9f55.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"MouseDriverD9"="c:\program files\MouseDriver\MouseDriver.exe" [2008-12-19 3293184]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

WebBrowser-{F92A9FE4-2850-4198-B9D5-279880E49B16} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-17 11:19:05

ComboFix-quarantined-files.txt 2013-09-17 10:19

ComboFix2.txt 2013-09-15 10:19

.

Pre-Run: 94,022,664,192 bytes free

Post-Run: 93,990,957,056 bytes free

.

- - End Of File - - A04802EA83CA83621AB119D7301C0746

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

That looks good.  All I have left for you is some important houskeeping:

icon11.gif  Your Adobe reader needs to be updated.  Please visit Adobe's site and grab the newest version.  Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif  Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.  Please go to www.java.com and press the "Free Java Download" button near the center of the page.  Follow the prompts to install the latest version. Once it completes a web page should open that will verify that you have the latest version.  Below that is a box with a link to remove older, insecure versions.  Click that and follow the prompts.

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall


Combofix_uninstall_image.jpg

icon11.gif  Delete the following tools along with any other logs you saved from our work:

  • DDS
  • FRST (you may also delete the c:\FRST folder

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.


icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.


Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.