Im infected(?)

asdafg254 · September 15, 2013

Hi Guys! uhh idk how i should start this umm nice weather today ye

anywaysss

i suspect that my computer might be infected

my avast expired last week and i ust got around to getting it again

i thought it would continue to update since i registered for the free version but apparently not hmm

so now to the details

my computer was going slower than i remembered so i decided to run a scan on my avast and mbam

avast found no threats

mbam found a bunch of p.u.p's from search.conduit.com which i havent even heard of so i went and deleted them last night

i ran ccleaner just to get rid of some files that might be infected in the temporary internet files

it was late last night so i decided to stop there and sleep

right now i am doing a full system scan with both mbam and avast is that ok? or am i not supposed to run those 2 at the same time. anyways ye ill post the logs when its done? maybe? i only have 35gb free space left n my computer so should take about 3-4 hours any help would be much appreciated because im broke and have no money to pay people mhmm.

Im running Windows 7 premium in my sony vaio laptop

Thanks~ and hope to hear from anyone soon

kevinf80 · September 15, 2013

Post those logs when you finish the scans, also do this:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin

asdafg254 · September 15, 2013

oh also i forget to tell you my action center says that avast is turned off for some reason and ive tried turning it on a lot but does nothing.

also i tried uninstalling and installing too but didnt seem to work either

asdafg254 · September 15, 2013

oh thanks kevin! so fast response lol should i run the recovery scan tool now or after the scans are finished?

kevinf80 · September 15, 2013

When the scans finish.....

asdafg254 · September 15, 2013

ok thanks! will let you know when it is done

kevinf80 · September 15, 2013

I`ll be around.....

asdafg254 · September 15, 2013

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.09.15.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Maelou :: LUISA-VAIO [administrator]

9/15/2013 1:57:12 PM

mbam-log-2013-09-15 (13-57-12).txt

Scan type: Full scan (C:\|Q:\|)

Scan options disabled: P2P

Objects scanned: 602495

Time elapsed: 4 hour(s), 14 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

thats from malware bytes avast doesnt seem to have the thing wher eyou can copy and paste the logs?

from the recovery scan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013

Ran by Maelou (administrator) on LUISA-VAIO on 15-09-2013 18:35:25

Running from C:\Users\Maelou\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(HP) C:\Windows\system32\HPSIsvc.exe

(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Sony Corporation) c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Google Inc.) C:\Users\Maelou\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

(Spotify Ltd) C:\Users\Maelou\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Dropbox, Inc.) C:\Users\Maelou\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Google Inc.) C:\Users\Maelou\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(CodeLathe LLC) C:\Users\Maelou\AppData\Roaming\Tonido\tonido.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe

() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe

() C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Google Inc.) C:\Users\Maelou\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-23] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-23] (Atheros Commnucations)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-03-13] (Synaptics Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [Google Update] - C:\Users\Maelou\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-26] (Google Inc.)

HKCU\...\Run: [Facebook Update] - C:\Users\Maelou\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-27] (Facebook Inc.)

HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-26] ()

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1811368 2013-09-06] (Valve Corporation)

HKCU\...\Run: [Tonido] - C:\Users\Maelou\AppData\Roaming\Tonido\launcher.exe [165376 2013-06-03] (CodeLathe LLC)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Maelou\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-08] (Spotify Ltd)

MountPoints2: {517bff33-bfe6-11e2-abc2-083e8eb1e76a} - E:\TL_Bootstrap.exe

MountPoints2: {6e277e4f-1c91-11e3-97d1-083e8eb1e76a} - E:\TL_Bootstrap.exe

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation)

HKLM-x32\...\Run: [iSBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] - c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)

HKLM-x32\...\Run: [YouCam Service] - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)

HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [HPUsageTrackingLEDM] - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [searchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x]

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

HKU\Luisa\...\Run: [Google Update] - C:\Users\Luisa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-24] (Google Inc.)

HKU\Luisa\...\Run: [GoogleChromeAutoLaunch_1AE85ED24487B3E794A07FD7C486DEB7] - C:\Users\Luisa\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-09-02] (Google Inc.)

HKU\Luisa\...\Run: [Facebook Update] - C:\Users\Luisa\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-11] (Facebook Inc.)

HKU\Not\...\Run: [Google Update] - C:\Users\Not\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-02] (Google Inc.)

AppInit_DLLs: [0 ] ()

Startup: C:\Users\Luisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Maelou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Maelou\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com

URLSearchHook: (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File

URLSearchHook: (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=100&systemid=455&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=100&systemid=455&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {588F165E-87B5-4C91-8D7B-153D02C653E9} URL =

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=100&systemid=455&sr=0&q={searchTerms}

SearchScopes: HKCU - DefaultScope {4844FD1A-832D-440D-A023-6173056F75A3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

SearchScopes: HKCU - {4844FD1A-832D-440D-A023-6173056F75A3} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}

SearchScopes: HKCU - {588F165E-87B5-4C91-8D7B-153D02C653E9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268494&CUI=UN31395632142614118&UM=2

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantastigames.com/web?src=ieb&appid=100&systemid=455&sr=0&q={searchTerms}

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

BHO-x32: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll (Spigot, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - g Search.us.com Toolbar - {967D9A51-D01B-41BD-987F-3C878A379818} - C:\Users\Maelou\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll (Spigot, Inc.)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - g Search.us.com Toolbar - {967D9A51-D01B-41BD-987F-3C878A379818} - C:\Users\Maelou\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:

========

FF ProfilePath: C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Yahoo

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Maelou\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Maelou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Maelou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Maelou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Maelou\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Maelou\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF SearchPlugin: C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\searchplugins\visualbee-v1-customized-web-search.xml

FF Extension: VisualBee V.1 - C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}

FF Extension: No Name - C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF Extension: Address Bar Search - C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}

FF Extension: vuze - C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Extensions\vuze@mybrowserbar.com

FF Extension: No Name - C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\Maelou\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Users\Maelou\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Maelou\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Maelou\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.445_0\plugin/npABPlugin.dll No File

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.445_0\plugin/npVKPlugin.dll No File

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.445_0\plugin/npUrlAdvisor.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File

CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)

CHR Plugin: (PlayStation®Network Downloader Check Plug-in) - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)

CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Maelou\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (Angry Birds) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

CHR Extension: (Adblock Plus) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0

CHR Extension: (Look of Disapproval) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.3.18_0

CHR Extension: (AdBlock) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0

CHR Extension: (avast! Online Security) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0

CHR Extension: (eHistory) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiiknjobjfknoghbeelhfilaaikffopb\1.4_0

CHR Extension: (Skype Click to Call) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0

CHR Extension: (Download Master) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\3.0.1.2_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Google Quick Scroll) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_0

CHR Extension: (Google Reader) - C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0

CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Maelou\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx

CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx

CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Maelou\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)

S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)

R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)

R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [258048 2013-03-04] (Sony Corporation)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)

R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\esrv\esrv_svc.exe [427432 2013-02-22] ()

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros)

S2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [x]

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)

R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software)

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)

R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-07-17] (ALWIL Software)

R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()

R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)

S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)

R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2012-11-06] ()

S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)

S3 X6va005; \??\C:\Users\Luisa\AppData\Local\Temp\0052C24.tmp [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-15 18:35 - 2013-09-15 18:35 - 00000000 ____D C:\FRST

2013-09-15 18:30 - 2013-09-15 18:30 - 01951158 _____ (Farbar) C:\Users\Maelou\Desktop\FRST64.exe

2013-09-15 13:53 - 2013-09-15 13:53 - 00000000 ___RD C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-09-15 13:52 - 2013-09-15 13:52 - 00000364 _____ C:\Windows\PFRO.log

2013-09-15 12:46 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-15 12:46 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-15 12:46 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-15 12:46 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-15 12:46 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-15 12:46 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-15 12:46 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-15 12:46 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-15 12:46 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-15 12:46 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-15 12:46 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-15 12:45 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-15 12:45 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-15 12:45 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-15 12:45 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-15 12:45 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-15 12:45 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-15 12:45 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-15 12:45 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-15 12:45 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-15 12:45 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-15 12:45 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-15 12:45 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-15 12:45 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-15 12:45 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-15 11:22 - 2013-09-15 14:15 - 00000224 _____ C:\Windows\setupact.log

2013-09-15 11:22 - 2013-09-15 11:22 - 00000000 _____ C:\Windows\setuperr.log

2013-09-14 15:49 - 2013-08-30 02:48 - 00270824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

2013-09-14 15:49 - 2013-08-30 02:48 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys

2013-09-14 15:49 - 2013-08-30 02:48 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2013-09-14 15:49 - 2013-07-17 04:17 - 00012368 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys

2013-09-14 15:44 - 2013-09-14 20:57 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

2013-09-14 15:37 - 2013-09-15 11:27 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-09-14 15:37 - 2013-08-30 02:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-09-14 15:37 - 2013-08-30 02:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-09-14 15:35 - 2013-08-30 02:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-09-14 15:20 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-09-14 15:20 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2013-09-14 15:19 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-09-14 15:19 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-09-14 15:19 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-09-14 15:19 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-09-14 15:19 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-09-14 15:19 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-09-14 15:19 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-09-14 15:19 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-09-14 15:18 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-14 15:18 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-14 15:18 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-14 15:18 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-14 15:18 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-14 15:18 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-14 15:18 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-14 15:18 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-14 15:18 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-14 15:18 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-14 15:18 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-14 15:18 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-14 15:18 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-14 15:18 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-14 15:18 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-14 15:18 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-14 15:18 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-14 15:18 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-14 15:18 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-14 15:18 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-14 15:18 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-14 15:18 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-14 15:18 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-14 15:18 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-09-14 15:18 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-09-14 15:18 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-09-14 15:18 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-09-14 15:18 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-09-14 15:18 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-09-14 15:18 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-09-14 15:18 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-09-14 15:18 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-09-14 15:16 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-14 15:16 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-14 15:16 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-14 15:16 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-14 15:15 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-09-14 15:15 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

2013-09-14 15:15 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll

2013-09-14 15:15 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2013-09-14 15:13 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2013-09-14 15:13 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2013-09-14 15:13 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2013-09-14 15:13 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2013-09-14 15:03 - 2013-04-25 18:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-09-14 15:03 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-09-14 15:03 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-09-14 15:03 - 2013-03-31 17:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-09-14 14:44 - 2013-09-14 21:56 - 00000000 ____D C:\Windows\Minidump

2013-09-14 01:06 - 2013-09-14 01:06 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-13 12:29 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-13 12:27 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2013-09-13 11:03 - 2013-09-13 11:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-09-13 11:02 - 2013-09-13 11:07 - 00000000 ____D C:\ProgramData\SUPERSetup

2013-09-13 11:01 - 2013-09-14 17:24 - 00000000 ____D C:\ProgramData\IObit

2013-09-13 10:45 - 2013-09-14 17:25 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\IObit

2013-09-13 10:45 - 2013-09-14 17:13 - 00000000 ____D C:\Program Files (x86)\IObit

2013-09-13 08:24 - 2013-09-13 08:43 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2013-09-13 08:21 - 2013-06-14 19:57 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll

2013-09-13 08:20 - 2013-09-13 08:46 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-09-13 08:17 - 2013-09-13 08:17 - 00000000 ____D C:\ProgramData\Oracle

2013-09-13 08:16 - 2013-09-14 17:13 - 00000000 ____D C:\Program Files (x86)\Java

2013-09-13 08:16 - 2013-09-13 08:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-09-13 08:16 - 2013-09-13 08:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-09-13 08:16 - 2013-09-13 08:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-09-13 08:16 - 2013-09-13 08:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-09-13 08:12 - 2013-09-13 08:12 - 00913832 _____ (Oracle Corporation) C:\Users\Maelou\Desktop\chromeinstall-7u40.exe

2013-09-13 08:07 - 2013-09-14 17:25 - 00000000 ____D C:\Users\Maelou\AppData\Local\Downloaded Installations

2013-09-13 08:04 - 2013-09-14 17:24 - 00000000 ____D C:\Program Files\SAMSUNG

2013-09-13 07:53 - 2013-09-13 08:46 - 00000000 ____D C:\ProgramData\Samsung

2013-09-13 07:52 - 2013-09-14 17:25 - 00000000 ____D C:\Users\Maelou\Desktop\s3

2013-09-12 21:15 - 2013-09-12 21:15 - 00058753 _____ C:\Users\Maelou\Desktop\the-great-gatsby-2013_english-769763.zip

2013-09-12 08:27 - 2013-09-12 08:27 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-09-11 21:11 - 2013-09-14 17:25 - 00000000 ___RD C:\Users\Luisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-09-06 14:39 - 2013-09-06 14:40 - 14916216 _____ (Last.fm ) C:\Users\Maelou\Desktop\Last.fm-2.1.36.exe

2013-09-05 21:33 - 2013-09-05 23:29 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\DawngateData

2013-09-05 21:33 - 2013-09-05 21:33 - 00000000 ____D C:\Users\Maelou\AppData\Local\CrashRpt

2013-09-05 21:32 - 2013-09-14 17:25 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dawngate

2013-09-05 21:32 - 2013-09-14 17:16 - 00000000 ____D C:\Users\Maelou\AppData\Local\Electronic Arts

2013-09-05 07:56 - 2013-09-05 07:56 - 00000000 ____D C:\Program Files (x86)\Vuze Remote Toolbar

2013-09-05 07:56 - 2013-09-05 07:56 - 00000000 ____D C:\Program Files (x86)\Application Updater

2013-08-31 12:32 - 2013-08-31 12:32 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-08-31 12:30 - 2013-08-31 12:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-31 12:30 - 2013-08-31 12:32 - 00000000 ____D C:\Program Files\iTunes

2013-08-31 12:30 - 2013-08-31 12:30 - 00000000 ____D C:\Program Files\iPod

2013-08-30 20:41 - 2013-08-30 20:42 - 90559291 _____ C:\Users\Maelou\Desktop\sea of love.wmv

2013-08-30 20:40 - 2013-08-30 20:40 - 00000000 ____D C:\Users\Maelou\AppData\Local\{905FFB7E-D4C7-48FD-BDD8-7272010F31A5}

2013-08-30 20:39 - 2013-08-30 20:33 - 57289794 ____N C:\Users\Maelou\Desktop\IMG_0919.MOV

2013-08-25 23:50 - 2013-08-25 23:51 - 00000000 ____D C:\Users\Maelou\AppData\Local\{74065300-7FF6-4315-987C-E15B9724194C}

2013-08-24 13:52 - 2013-08-24 13:52 - 00000000 ____D C:\Users\Maelou\AppData\Local\{9AE1306F-F0E6-412B-A536-2E260FA1F36D}

2013-08-24 12:54 - 2013-08-24 12:54 - 00003136 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC

==================== One Month Modified Files and Folders =======

2013-09-15 18:35 - 2013-09-15 18:35 - 00000000 ____D C:\FRST

2013-09-15 18:35 - 2012-08-26 20:23 - 00000000 ____D C:\Users\Maelou\AppData\Local\CrashDumps

2013-09-15 18:32 - 2012-08-26 20:05 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1003UA.job

2013-09-15 18:31 - 2013-06-23 01:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-15 18:30 - 2013-09-15 18:30 - 01951158 _____ (Farbar) C:\Users\Maelou\Desktop\FRST64.exe

2013-09-15 18:08 - 2012-11-24 23:46 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1001UA.job

2013-09-15 18:05 - 2012-09-02 15:00 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1004UA.job

2013-09-15 18:02 - 2012-08-20 03:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-15 17:55 - 2012-08-24 09:01 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1001UA.job

2013-09-15 17:13 - 2012-08-27 11:08 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1003UA.job

2013-09-15 15:05 - 2012-09-02 15:00 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1004Core.job

2013-09-15 15:01 - 2009-07-13 23:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-15 15:01 - 2009-07-13 23:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-15 14:24 - 2012-12-26 12:26 - 00000000 ____D C:\Users\Maelou\AppData\Local\PMB Files

2013-09-15 14:15 - 2013-09-15 11:22 - 00000224 _____ C:\Windows\setupact.log

2013-09-15 14:08 - 2012-08-20 01:29 - 01606327 _____ C:\Windows\WindowsUpdate.log

2013-09-15 13:55 - 2012-08-26 20:22 - 00000000 ___RD C:\Users\Maelou\Dropbox

2013-09-15 13:55 - 2012-08-26 20:21 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Dropbox

2013-09-15 13:54 - 2013-06-20 01:33 - 00000000 ____D C:\Program Files (x86)\Steam

2013-09-15 13:54 - 2012-08-28 19:53 - 00000000 ____D C:\Users\Maelou\Documents\Youcam

2013-09-15 13:53 - 2013-09-15 13:53 - 00000000 ___RD C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-09-15 13:53 - 2013-06-30 08:35 - 00019859 _____ C:\autoupdate.log

2013-09-15 13:53 - 2013-06-23 01:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-15 13:52 - 2013-09-15 13:52 - 00000364 _____ C:\Windows\PFRO.log

2013-09-15 13:52 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-15 13:24 - 2012-08-26 20:02 - 00000000 ___RD C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-15 13:24 - 2012-08-26 20:02 - 00000000 ___RD C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-15 13:13 - 2011-02-10 17:48 - 00000000 ____D C:\Windows\Panther

2013-09-15 13:13 - 2009-07-13 23:45 - 00427496 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-15 13:11 - 2013-03-14 11:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-09-15 13:11 - 2013-03-14 11:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-09-15 13:07 - 2012-02-23 23:01 - 00000000 ____D C:\Program Files\Windows Journal

2013-09-15 13:07 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-09-15 13:07 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-09-15 12:45 - 2011-02-10 18:03 - 00810820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-15 12:44 - 2012-08-27 11:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client

2013-09-15 12:30 - 2009-07-14 00:13 - 00808494 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-15 11:27 - 2013-09-14 15:37 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-09-15 11:27 - 2012-09-01 10:57 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-09-15 11:22 - 2013-09-15 11:22 - 00000000 _____ C:\Windows\setuperr.log

2013-09-15 00:24 - 2012-12-26 12:26 - 00000000 ____D C:\ProgramData\PMB Files

2013-09-14 23:43 - 2013-06-02 14:54 - 00000000 ____D C:\Users\Maelou\Desktop\bugoy

2013-09-14 22:02 - 2013-07-07 06:07 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2013-09-14 22:02 - 2013-07-07 06:07 - 00000000 ____D C:\Program Files\CCleaner

2013-09-14 22:00 - 2012-08-26 20:27 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Azureus

2013-09-14 21:56 - 2013-09-14 14:44 - 00000000 ____D C:\Windows\Minidump

2013-09-14 20:58 - 2013-02-24 11:17 - 00000000 ____D C:\Program Files (x86)\AnvSoft

2013-09-14 20:57 - 2013-09-14 15:44 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk

2013-09-14 20:50 - 2012-08-26 20:26 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Skype

2013-09-14 18:57 - 2012-08-26 20:05 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1003Core.job

2013-09-14 18:55 - 2012-08-24 09:01 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1001Core.job

2013-09-14 17:52 - 2012-08-27 03:56 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\vlc

2013-09-14 17:27 - 2012-09-02 14:57 - 00000000 ____D C:\Users\Not

2013-09-14 17:27 - 2012-08-24 08:37 - 00000000 ____D C:\Users\Luisa

2013-09-14 17:27 - 2012-02-23 23:01 - 00000000 ____D C:\Windows\ShellNew

2013-09-14 17:26 - 2012-08-27 16:39 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software

2013-09-14 17:26 - 2012-08-20 03:18 - 00000000 ____D C:\Windows\system32\Macromed

2013-09-14 17:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing

2013-09-14 17:25 - 2013-09-13 10:45 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\IObit

2013-09-14 17:25 - 2013-09-13 08:07 - 00000000 ____D C:\Users\Maelou\AppData\Local\Downloaded Installations

2013-09-14 17:25 - 2013-09-13 07:52 - 00000000 ____D C:\Users\Maelou\Desktop\s3

2013-09-14 17:25 - 2013-09-11 21:11 - 00000000 ___RD C:\Users\Luisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-09-14 17:25 - 2013-09-05 21:32 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dawngate

2013-09-14 17:25 - 2013-02-27 05:15 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-09-14 17:25 - 2012-10-17 20:39 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Mozilla

2013-09-14 17:25 - 2012-09-12 15:32 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\dvdcss

2013-09-14 17:25 - 2012-09-03 10:40 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\.minecraft

2013-09-14 17:25 - 2012-08-26 21:26 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\ArcSoft

2013-09-14 17:25 - 2012-08-24 09:02 - 00000000 ____D C:\Users\Luisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-09-14 17:25 - 2012-08-24 08:54 - 00000000 ____D C:\Users\Luisa\AppData\Roaming\ArcSoft

2013-09-14 17:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat

2013-09-14 17:24 - 2013-09-13 11:01 - 00000000 ____D C:\ProgramData\IObit

2013-09-14 17:24 - 2013-09-13 08:04 - 00000000 ____D C:\Program Files\SAMSUNG

2013-09-14 17:24 - 2012-08-20 03:43 - 00000000 ____D C:\ProgramData\Skype

2013-09-14 17:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar

2013-09-14 17:24 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-09-14 17:23 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration

2013-09-14 17:16 - 2013-09-05 21:32 - 00000000 ____D C:\Users\Maelou\AppData\Local\Electronic Arts

2013-09-14 17:14 - 2012-08-26 20:26 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-09-14 17:13 - 2013-09-13 10:45 - 00000000 ____D C:\Program Files (x86)\IObit

2013-09-14 17:13 - 2013-09-13 08:16 - 00000000 ____D C:\Program Files (x86)\Java

2013-09-14 17:13 - 2012-11-10 01:15 - 00000000 ____D C:\Program Files (x86)\Last.fm

2013-09-14 15:35 - 2012-09-01 10:56 - 00000000 ____D C:\ProgramData\AVAST Software

2013-09-14 15:35 - 2012-09-01 10:56 - 00000000 ____D C:\Program Files\AVAST Software

2013-09-14 14:45 - 2012-08-26 20:02 - 00000000 ____D C:\Users\Maelou

2013-09-14 01:43 - 2013-06-20 12:32 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2013-09-14 01:07 - 2012-08-20 03:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-14 01:07 - 2012-08-20 03:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-14 01:07 - 2012-08-20 03:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-14 01:06 - 2013-09-14 01:06 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2013-09-13 11:07 - 2013-09-13 11:03 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-09-13 11:07 - 2013-09-13 11:02 - 00000000 ____D C:\ProgramData\SUPERSetup

2013-09-13 08:46 - 2013-09-13 08:20 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-09-13 08:46 - 2013-09-13 07:53 - 00000000 ____D C:\ProgramData\Samsung

2013-09-13 08:46 - 2012-08-20 01:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-09-13 08:43 - 2013-09-13 08:24 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2013-09-13 08:17 - 2013-09-13 08:17 - 00000000 ____D C:\ProgramData\Oracle

2013-09-13 08:16 - 2013-09-13 08:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-09-13 08:16 - 2013-09-13 08:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-09-13 08:16 - 2013-09-13 08:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-09-13 08:16 - 2013-09-13 08:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-09-13 08:16 - 2013-07-19 13:14 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-09-13 08:16 - 2012-08-20 02:18 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-09-13 08:12 - 2013-09-13 08:12 - 00913832 _____ (Oracle Corporation) C:\Users\Maelou\Desktop\chromeinstall-7u40.exe

2013-09-13 07:46 - 2012-11-24 23:46 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1001Core.job

2013-09-12 21:15 - 2013-09-12 21:15 - 00058753 _____ C:\Users\Maelou\Desktop\the-great-gatsby-2013_english-769763.zip

2013-09-12 11:13 - 2012-08-27 11:08 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2714066961-601443495-573230607-1003Core.job

2013-09-12 08:27 - 2013-09-12 08:27 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk

2013-09-11 23:44 - 2012-08-26 20:03 - 00000000 ____D C:\Users\Maelou\Documents\Bluetooth Folder

2013-09-11 21:12 - 2012-08-31 07:37 - 00000000 ____D C:\Users\Luisa\Documents\Youcam

2013-09-11 21:12 - 2012-08-25 10:44 - 00000000 ___RD C:\Users\Luisa\Dropbox

2013-09-11 21:12 - 2012-08-25 10:42 - 00000000 ____D C:\Users\Luisa\AppData\Roaming\Dropbox

2013-09-11 01:59 - 2012-08-26 20:21 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\Spotify

2013-09-11 01:04 - 2012-08-26 20:21 - 00000000 ____D C:\Users\Maelou\AppData\Local\Spotify

2013-09-09 21:55 - 2012-08-24 08:43 - 00000000 ____D C:\Users\Luisa\Documents\Bluetooth Folder

2013-09-07 09:41 - 2012-08-24 09:02 - 00002366 _____ C:\Users\Luisa\Desktop\Google Chrome.lnk

2013-09-06 14:52 - 2013-03-02 17:12 - 00000000 ____D C:\Users\Maelou\AppData\Local\Last.fm

2013-09-06 14:40 - 2013-09-06 14:39 - 14916216 _____ (Last.fm ) C:\Users\Maelou\Desktop\Last.fm-2.1.36.exe

2013-09-05 23:29 - 2013-09-05 21:33 - 00000000 ____D C:\Users\Maelou\AppData\Roaming\DawngateData

2013-09-05 21:33 - 2013-09-05 21:33 - 00000000 ____D C:\Users\Maelou\AppData\Local\CrashRpt

2013-09-05 17:23 - 2013-07-21 23:24 - 00099328 ____H C:\Users\Maelou\Desktop\tonido.db

2013-09-05 07:56 - 2013-09-05 07:56 - 00000000 ____D C:\Program Files (x86)\Vuze Remote Toolbar

2013-09-05 07:56 - 2013-09-05 07:56 - 00000000 ____D C:\Program Files (x86)\Application Updater

2013-09-04 23:45 - 2013-05-28 14:41 - 00000000 ____D C:\Users\Maelou\Documents\Razer

2013-08-31 12:32 - 2013-08-31 12:32 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-08-31 12:32 - 2013-08-31 12:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-08-31 12:32 - 2013-08-31 12:30 - 00000000 ____D C:\Program Files\iTunes

2013-08-31 12:32 - 2013-01-15 01:38 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-08-31 12:30 - 2013-08-31 12:30 - 00000000 ____D C:\Program Files\iPod

2013-08-30 20:42 - 2013-08-30 20:41 - 90559291 _____ C:\Users\Maelou\Desktop\sea of love.wmv

2013-08-30 20:40 - 2013-08-30 20:40 - 00000000 ____D C:\Users\Maelou\AppData\Local\{905FFB7E-D4C7-48FD-BDD8-7272010F31A5}

2013-08-30 20:33 - 2013-08-30 20:39 - 57289794 ____N C:\Users\Maelou\Desktop\IMG_0919.MOV

2013-08-30 02:48 - 2013-09-14 15:49 - 00270824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdis2.sys

2013-08-30 02:48 - 2013-09-14 15:49 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys

2013-08-30 02:48 - 2013-09-14 15:49 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-08-30 02:48 - 2013-09-14 15:37 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-08-30 02:47 - 2013-09-14 15:35 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-08-30 02:47 - 2012-09-01 10:57 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-08-27 12:12 - 2012-12-17 03:25 - 00001848 _____ C:\Users\Public\Desktop\Vuze.lnk

2013-08-27 12:12 - 2012-08-26 08:51 - 00000000 ____D C:\Program Files (x86)\Vuze

2013-08-27 12:11 - 2012-08-27 16:39 - 00000000 _____ C:\END

2013-08-27 11:42 - 2012-11-07 23:24 - 00000000 ____D C:\Users\Maelou\Desktop\PHOTOS

2013-08-25 23:51 - 2013-08-25 23:50 - 00000000 ____D C:\Users\Maelou\AppData\Local\{74065300-7FF6-4315-987C-E15B9724194C}

2013-08-24 13:52 - 2013-08-24 13:52 - 00000000 ____D C:\Users\Maelou\AppData\Local\{9AE1306F-F0E6-412B-A536-2E260FA1F36D}

2013-08-24 12:54 - 2013-08-24 12:54 - 00003136 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC

2013-08-24 12:54 - 2012-08-28 19:17 - 00000022 _____ C:\Windows\Model.txt

2013-08-20 16:10 - 2013-07-07 05:44 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.3

2013-08-16 13:09 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp

Some content of TEMP:

====================

C:\Users\Luisa\AppData\Local\Temp\avg_12.1.0.20.exe

C:\Users\Luisa\AppData\Local\Temp\COMAP.EXE

C:\Users\Luisa\AppData\Local\Temp\i4jdel0.exe

C:\Users\Luisa\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Luisa\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Maelou\AppData\Local\Temp\f8br_-t-.dll

C:\Users\Maelou\AppData\Local\Temp\i4jdel0.exe

C:\Users\Maelou\AppData\Local\Temp\tnji35sy.dll

C:\Users\Not\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-11 13:13

==================== End Of Log ============================

thats it

asdafg254 · September 15, 2013

oh and one more thing for some reason it seems that i cant click anything on my desktop unless i click on the show desktop button in the taskbar. if i dont do that it just shows the pointer with the loading icon and i cant click anything. any thoughts?

asdafg254 · September 16, 2013

sorry forgot to attach this

Addition.txt

kevinf80 · September 16, 2013

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

copy and paste the report here

Let me see those logs in next reply, also tell me what issues/concerns remain

Kevin

fixlist.txt

asdafg254 · September 16, 2013

Thanks Kevin!

here are the results

from the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013 01

Ran by Maelou at 2013-09-16 12:22:01 Run:1

Running from C:\Users\Maelou\Desktop\bugoy

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKLM-x32\...\Run: [searchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1360192 2013-09-02] (Spigot, Inc.)

URLSearchHook: (No Name) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - No File

URLSearchHook: (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File

SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantas...mid=455&sr=0&q={searchTerms}

SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantas...mid=455&sr=0&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {588F165E-87B5-4C91-8D7B-153D02C653E9} URL =

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantas...mid=455&sr=0&q={searchTerms}

SearchScopes: HKCU - {588F165E-87B5-4C91-8D7B-153D02C653E9} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268494&CUI=UN31395632142614118&UM=2

SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} URL = http://search.fantas...mid=455&sr=0&q={searchTerms}

BHO-x32: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll (Spigot, Inc.)

Toolbar: HKLM - g Search.us.com Toolbar - {967D9A51-D01B-41BD-987F-3C878A379818} - C:\Users\Maelou\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

Toolbar: HKLM-x32 - Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll (Spigot, Inc.)

Toolbar: HKCU - g Search.us.com Toolbar - {967D9A51-D01B-41BD-987F-3C878A379818} - C:\Users\Maelou\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

C:\Program Files (x86)\Common Files\Spigot

C:\Program Files (x86)\Vuze Remote Toolbar

C:\Users\Maelou\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File

S3 X6va005; \??\C:\Users\Luisa\AppData\Local\Temp\0052C24.tmp [x]

C:\ProgramData\IObit

C:\Users\Maelou\AppData\Roaming\IObit

C:\Program Files (x86)\IObit

C:\Users\Luisa\AppData\Local\Temp\avg_12.1.0.20.exe

C:\Users\Luisa\AppData\Local\Temp\COMAP.EXE

C:\Users\Luisa\AppData\Local\Temp\i4jdel0.exe

C:\Users\Luisa\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\Luisa\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Maelou\AppData\Local\Temp\f8br_-t-.dll

C:\Users\Maelou\AppData\Local\Temp\i4jdel0.exe

C:\Users\Maelou\AppData\Local\Temp\tnji35sy.dll

C:\Users\Not\AppData\Local\Temp\i4jdel0.exe

End

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchSettings => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value deleted successfully.

HKCR\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{37483b40-c254-4a72-bda4-22ee90182c1e} => Value deleted successfully.

HKCR\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e} => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} => Key deleted successfully.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{588F165E-87B5-4C91-8D7B-153D02C653E9} => Key deleted successfully.

HKCR\CLSID\{588F165E-87B5-4C91-8D7B-153D02C653E9} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} => Key deleted successfully.

HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{967D9A51-D01B-41BD-987F-3C878A379818} => Value deleted successfully.

HKCR\CLSID\{967D9A51-D01B-41BD-987F-3C878A379818} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{967D9A51-D01B-41BD-987F-3C878A379818} => Value deleted successfully.

HKCR\CLSID\{967D9A51-D01B-41BD-987F-3C878A379818} => Key not found.

C:\Program Files (x86)\Common Files\Spigot => Moved successfully.

C:\Program Files (x86)\Vuze Remote Toolbar => Moved successfully.

"C:\Users\Maelou\AppData\Local\TNT2\2.0.0.1057\IEToolbar64.dll No File" => File/Directory not found.

X6va005 => Service deleted successfully.

C:\ProgramData\IObit => Moved successfully.

C:\Users\Maelou\AppData\Roaming\IObit => Moved successfully.

C:\Program Files (x86)\IObit => Moved successfully.

C:\Users\Luisa\AppData\Local\Temp\avg_12.1.0.20.exe => Moved successfully.

C:\Users\Luisa\AppData\Local\Temp\COMAP.EXE => Moved successfully.

C:\Users\Luisa\AppData\Local\Temp\i4jdel0.exe => Moved successfully.

C:\Users\Luisa\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.

C:\Users\Luisa\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.

C:\Users\Maelou\AppData\Local\Temp\f8br_-t-.dll => Moved successfully.

C:\Users\Maelou\AppData\Local\Temp\i4jdel0.exe => Moved successfully.

C:\Users\Maelou\AppData\Local\Temp\tnji35sy.dll => Moved successfully.

C:\Users\Not\AppData\Local\Temp\i4jdel0.exe => Moved successfully.

==== End of Fixlog ====

also avast! detected adw as a rootkit? is this normal?

asdafg254 · September 16, 2013

# AdwCleaner v3.004 - Report created 16/09/2013 at 12:32:47

# Updated 15/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Maelou - LUISA-VAIO

# Running from : C:\Users\Maelou\Desktop\bugoy\AdwCleaner (1).exe

# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\visualbee

Folder Deleted : C:\Program Files (x86)\Application Updater

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\SoftwareUpdater

Folder Deleted : C:\Users\Luisa\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Luisa\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\Maelou\AppData\Local\Conduit

Folder Deleted : C:\Users\Maelou\AppData\Local\cre

Folder Deleted : C:\Users\Maelou\AppData\Local\DownloadGuide

Folder Deleted : C:\Users\Maelou\AppData\Local\visualbeeexe

Folder Deleted : C:\Users\Maelou\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Maelou\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Not\AppData\Local\~0

Folder Deleted : C:\Users\Not\AppData\Local\PackageAware

Folder Deleted : C:\Users\Not\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Smartbar

Folder Deleted : C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\CT3268494

Folder Deleted : C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\Extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}

File Deleted : C:\END

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268494

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_arcsoft-webcam-companion_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_arcsoft-webcam-companion_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\visualbee

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\Software\visualbee

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v16.0.1 (en-US)

[ File : C:\Users\Maelou\AppData\Roaming\Mozilla\Firefox\Profiles\33s1p4wt.default\prefs.js ]

Line Deleted : user_pref("CT3268494.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3268494.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3268494.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3268494.FF19Solved", "true");

Line Deleted : user_pref("CT3268494.FirstTime", "true");

Line Deleted : user_pref("CT3268494.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3268494.PG_ENABLE", "dHJ1ZQ==");

Line Deleted : user_pref("CT3268494.SF_JUST_INSTALLED.enc", "RkFMU0U=");

Line Deleted : user_pref("CT3268494.SF_STATUS.enc", "RU5BQkxFRA==");

Line Deleted : user_pref("CT3268494.UserID", "UN34901059682796920");

Line Deleted : user_pref("CT3268494.addressBarTakeOverEnabledInHidden", "true");

Line Deleted : user_pref("CT3268494.autoDisableScopes", -1);

Line Deleted : user_pref("CT3268494.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3268494.cbfirsttime.enc", "U3VuIEp1bCAwNyAyMDEzIDA1OjUwOjU5IEdNVC0wNTAwIChDZW50cmFsIERheWxpZ2h0IFRpbWUp");

Line Deleted : user_pref("CT3268494.countryCode", "US");

Line Deleted : user_pref("CT3268494.defaultSearch", "true");

Line Deleted : user_pref("CT3268494.embeddedsData", "[{\"appId\":\"129989109966145536\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

Line Deleted : user_pref("CT3268494.enableAlerts", "true");

Line Deleted : user_pref("CT3268494.enableFix404ByUser", "TRUE");

Line Deleted : user_pref("CT3268494.enableSearchFromAddressBar", "true");

Line Deleted : user_pref("CT3268494.firstTimeDialogOpened", "true");

Line Deleted : user_pref("CT3268494.fixPageNotFoundError", "true");

Line Deleted : user_pref("CT3268494.fixPageNotFoundErrorByUser", "true");

Line Deleted : user_pref("CT3268494.fixPageNotFoundErrorInHidden", "true");

Line Deleted : user_pref("CT3268494.fixUrls", true);

Line Deleted : user_pref("CT3268494.fullUserID", "UN34901059682796920.IN.2013070754934");

Line Deleted : user_pref("CT3268494.installDate", "07/07/2013 5:49:34");

Line Deleted : user_pref("CT3268494.installId", "stub.exe");

Line Deleted : user_pref("CT3268494.installSessionId", "{6A367139-B91C-4D55-B4C8-BDA43B9EB60C}");

Line Deleted : user_pref("CT3268494.installSp", "true");

Line Deleted : user_pref("CT3268494.installType", "conduitnsisintegration");

Line Deleted : user_pref("CT3268494.installUsage", "2013-07-07T13:50:37.6491996+03:00");

Line Deleted : user_pref("CT3268494.installUsageEarly", "2013-07-07T13:50:36.6975874+03:00");

Line Deleted : user_pref("CT3268494.installerVersion", "1.4.3.3");

Line Deleted : user_pref("CT3268494.isCheckedStartAsHidden", true);

Line Deleted : user_pref("CT3268494.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3268494.isFirstTimeToolbarLoading", "false");

Line Deleted : user_pref("CT3268494.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3268494.keyword", "true");

Line Deleted : user_pref("CT3268494.lastVersion", "10.16.4.19");

Line Deleted : user_pref("CT3268494.mam_gk_appStateReportTime.enc", "MTM3MzE5NDI1MjQwNg==");

Line Deleted : user_pref("CT3268494.mam_gk_appState_ACplus.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_CouponBuddy.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_Discover.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_Easytobook.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_Easytobook_targeted.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_PriceGong.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appState_WindowShopper.enc", "b24=");

Line Deleted : user_pref("CT3268494.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]

Line Deleted : user_pref("CT3268494.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3268494.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJhODQ3YTI1OC1lOWQyLTQ5ZTgtYmFiNi1mN2JhNzg0MzdkOTciLCJ[...]

Line Deleted : user_pref("CT3268494.mam_gk_currentVersion.enc", "MS44LjAuNA==");

Line Deleted : user_pref("CT3268494.mam_gk_first_time.enc", "MQ==");

Line Deleted : user_pref("CT3268494.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3268494.mam_gk_lastLoginTime.enc", "MTM3MzE5NDI0ODU2OQ==");

Line Deleted : user_pref("CT3268494.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]

Line Deleted : user_pref("CT3268494.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3268494.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]

Line Deleted : user_pref("CT3268494.mam_gk_showCloseButton.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3268494.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3268494.mam_gk_userId.enc", "NTJhNzAyNTgtYWYyNC00MmNlLTg0OTMtMTE4MTVmZTI5MWY3");

Line Deleted : user_pref("CT3268494.migrateAppsAndComponents", true);

Line Deleted : user_pref("CT3268494.openThankYouPage", "false");

Line Deleted : user_pref("CT3268494.openUninstallPage", "true");

Line Deleted : user_pref("CT3268494.originalHomepage", "about:home");

Line Deleted : user_pref("CT3268494.originalSearchEngine", "Yahoo");

Line Deleted : user_pref("CT3268494.originalSearchEngineName", "Yahoo");

Line Deleted : user_pref("CT3268494.price-gong.isManagedApp", "true");

Line Deleted : user_pref("CT3268494.revertSettingsEnabled", "false");

Line Deleted : user_pref("CT3268494.search.searchAppId", "129989109966145536");

Line Deleted : user_pref("CT3268494.search.searchCount", "0");

Line Deleted : user_pref("CT3268494.searchFromAddressBarEnabledByUser", "true");

Line Deleted : user_pref("CT3268494.searchInNewTabEnabledByUser", "true");

Line Deleted : user_pref("CT3268494.searchInNewTabEnabledInHidden", "true");

Line Deleted : user_pref("CT3268494.searchRevert", "false");

Line Deleted : user_pref("CT3268494.searchSuggestEnabledByUser", "true");

Line Deleted : user_pref("CT3268494.searchUserMode", "2");

Line Deleted : user_pref("CT3268494.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3268494\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"VisualBee V.1\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3268494.serviceLayer_services_Configuration_lastUpdate", "1373194236576");

Line Deleted : user_pref("CT3268494.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373194237864");

Line Deleted : user_pref("CT3268494.serviceLayer_services_appsMetadata_lastUpdate", "1373194237660");

Line Deleted : user_pref("CT3268494.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373194237590");

Line Deleted : user_pref("CT3268494.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1373194236680");

Line Deleted : user_pref("CT3268494.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1373194237973");

Line Deleted : user_pref("CT3268494.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373194238094");

Line Deleted : user_pref("CT3268494.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373194237914");

Line Deleted : user_pref("CT3268494.serviceLayer_services_searchAPI_lastUpdate", "1373194236806");

Line Deleted : user_pref("CT3268494.serviceLayer_services_serviceMap_lastUpdate", "1373194235985");

Line Deleted : user_pref("CT3268494.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373194237475");

Line Deleted : user_pref("CT3268494.serviceLayer_services_toolbarSettings_lastUpdate", "1373194236686");

Line Deleted : user_pref("CT3268494.settingsINI", true);

Line Deleted : user_pref("CT3268494.shouldFirstTimeDialog", "false");

Line Deleted : user_pref("CT3268494.showToolbarPermission", "false");

Line Deleted : user_pref("CT3268494.smartbar.CTID", "CT3268494");

Line Deleted : user_pref("CT3268494.smartbar.Uninstall", "0");

Line Deleted : user_pref("CT3268494.smartbar.homepage", "true");

Line Deleted : user_pref("CT3268494.smartbar.toolbarName", "VisualBee V.1 ");

Line Deleted : user_pref("CT3268494.startPage", "true");

Line Deleted : user_pref("CT3268494.toolbarBornServerTime", "7-7-2013");

Line Deleted : user_pref("CT3268494.toolbarCurrentServerTime", "7-7-2013");

Line Deleted : user_pref("CT3268494.toolbarLoginClientTime", "Sun Jul 07 2013 05:50:38 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CT3268494.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3268494.versionFromInstaller", "10.16.4.19");

Line Deleted : user_pref("CT3268494_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1373194234352,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.1 Customized Web Search");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268494");

Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.1 Customized Web Search");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3268494");

Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3268494");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3268494");

Line Deleted : user_pref("smartbar.machineId", "SB3ZD8UJYORLD1H2SJTH0ONQXSS+CY32WBM4MA+EYACJFZGJ/MITM7OJP5E8FXDPLFVPFQFWRA+89OKXKMEXMQ");

-\\ Google Chrome v

[ File : C:\Users\Luisa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Maelou\AppData\Local\Google\Chrome\User Data\Default\preferences ]

log from adwcleaner

[ File : C:\Users\Not\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [19455 octets] - [16/09/2013 12:27:41]

AdwCleaner[s0].txt - [19622 octets] - [16/09/2013 12:32:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [19683 octets] ##########

kevinf80 · September 16, 2013

AdwCleaner is very safe, if Avast alerts to either accept the alert or turn Avast off when AdwCleaner is run....

Have you ran AdwCleaner and ESET? any logs...

***Edit, oops just noted log from AdwCleaner, I guess we cross posted

asdafg254 · September 16, 2013

eset virus database is stil downloading ^^ should be over soon

is everything ok so far on my laptop?

kevinf80 · September 16, 2013

Yep looks ok up to now, lets see what ESET turns up...

asdafg254 · September 16, 2013

ok cool thanks! eset is currently at 44% right now and 7 detected files so look forward to the report ye

kevinf80 · September 16, 2013

Okey dokey,....

asdafg254 · September 16, 2013

eset is done~

C:\AI_RecycleBin\{9932093A-7A25-41B5-A710-EBDDC66B658A}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application

C:\FRST\Quarantine\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application

C:\FRST\Quarantine\Spigot\Search Settings\SearchSettings64.exe a variant of Win64/Toolbar.Widgi.A application

C:\FRST\Quarantine\Vuze Remote Toolbar\FF\components\vuzeToolbarFF.dll a variant of Win32/Toolbar.Widgi application

C:\FRST\Quarantine\Vuze Remote Toolbar\IE\7.6\vuzeToolbarIE.dll a variant of Win32/Toolbar.Widgi application

C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application

C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF application

C:\Users\Maelou\Downloads\Dreamweaver\New folder\ManyCamSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D application

kevinf80 · September 16, 2013

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Filesipconfig /flushdns /cC:\AI_RecycleBin\{9932093A-7A25-41B5-A710-EBDDC66B658A}\3\Strongvault\StrongVaultApp.exeC:\FRSTC:\Users\Maelou\Downloads\Dreamweaver\New folder\ManyCamSetup.exe:Commands[EmptyTemp]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those two logs, also give an update on any remaining issues or concerns...

Kevin

asdafg254 · September 16, 2013

from otm

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Maelou\Desktop\cmd.bat deleted successfully.

C:\Users\Maelou\Desktop\cmd.txt deleted successfully.

C:\AI_RecycleBin\{9932093A-7A25-41B5-A710-EBDDC66B658A}\3\Strongvault\StrongVaultApp.exe moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\Res\Lang folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\Res folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\IE\7.6 folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\IE folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\FF\components folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\FF\chrome folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar\FF folder moved successfully.

C:\FRST\Quarantine\Vuze Remote Toolbar folder moved successfully.

C:\FRST\Quarantine\Spigot\Search Settings\Res folder moved successfully.

C:\FRST\Quarantine\Spigot\Search Settings\Lang folder moved successfully.

C:\FRST\Quarantine\Spigot\Search Settings folder moved successfully.

C:\FRST\Quarantine\Spigot\GC folder moved successfully.

C:\FRST\Quarantine\Spigot folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Update folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\log\scan folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\log\realtime folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\log folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\help\img folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\help folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wxp_x86 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wxp_ia64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wnet_x86 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wnet_ia64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wnet_amd64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wlh_x86 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wlh_ia64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\wlh_amd64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\win7_x86 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\win7_ia64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers\win7_amd64 folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\Drivers folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter\db folder moved successfully.

C:\FRST\Quarantine\IObit\IObit\IObit Malware Fighter folder moved successfully.

C:\FRST\Quarantine\IObit\IObit folder moved successfully.

C:\FRST\Quarantine\IObit folder moved successfully.

C:\FRST\Quarantine folder moved successfully.

C:\FRST\Logs folder moved successfully.

C:\FRST\Hives\Users\00000002 folder moved successfully.

C:\FRST\Hives\Users\00000001 folder moved successfully.

C:\FRST\Hives\Users folder moved successfully.

C:\FRST\Hives folder moved successfully.

C:\FRST folder moved successfully.

C:\Users\Maelou\Downloads\Dreamweaver\New folder\ManyCamSetup.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Luisa

->Temp folder emptied: 174678650 bytes

->Temporary Internet Files folder emptied: 19904831 bytes

->Java cache emptied: 10466 bytes

->Google Chrome cache emptied: 446302682 bytes

->Flash cache emptied: 1484 bytes

User: Maelou

->Temp folder emptied: 3434857 bytes

->Temporary Internet Files folder emptied: 7663147 bytes

->Java cache emptied: 1148559 bytes

->FireFox cache emptied: 38393911 bytes

->Google Chrome cache emptied: 5384000 bytes

->Flash cache emptied: 553 bytes

User: Not

->Temp folder emptied: 45964935 bytes

->Temporary Internet Files folder emptied: 8946365 bytes

->Google Chrome cache emptied: 344774113 bytes

->Flash cache emptied: 1264 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 103036394 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 40790 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 637 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42338658 bytes

RecycleBin emptied: 4269353215 bytes

Total Files Cleaned = 5,256.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 09162013_154739

Files moved on Reboot...

C:\Users\Maelou\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File C:\Users\Maelou\AppData\Local\Temp\~DF217B821BD8CA2ED0.TMP not found!

File C:\Users\Maelou\AppData\Local\Temp\~DF32DAAA4716EC3B22.TMP not found!

File C:\Users\Maelou\AppData\Local\Temp\~DF909110DC1A58F8F9.TMP not found!

File C:\Users\Maelou\AppData\Local\Temp\~DFCDC9B0E0D5327895.TMP not found!

C:\Users\Maelou\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Security Check is currently doing a System Health Check its not done yet and idk how long still so sorry D:

asdafg254 · September 16, 2013

IT IS DONE HURAHHH

heres the log

Results of screen317's Security Check version 0.99.73

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

avast! Internet Security

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 40

Java version out of Date!

Adobe Flash Player 11.8.800.168

Mozilla Firefox 16.0.1 Firefox out of Date!

Google Chrome 29.0.1547.62

Google Chrome 29.0.1547.66

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast afwServ.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

kevinf80 · September 16, 2013

Delete the following from the Desktop:

Security Checks

FRST

Next,

Uninstall adwcleaner.exe

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Uninstall
Click Yes at Would you like to Uninstall Adwcleaner

Next,

Remove ESET online scanner (Only If installed):

Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

Next,

Remove OTM...

Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

Next,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

Let me know if those steps complete OK, if no remaining issues/concerns you should be good to go.....

here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Let me know when its OK to close out your thread....

Take care,

Kevin

asdafg254 · September 16, 2013

thanks for all the help kevin! just one more thing, java said that i had the latest version already so should i just not do anything? also is it now safe to assume that my computer is now clean? thanks again

kevinf80 · September 16, 2013

Yes logs indicate a clean system, if Java is current just leave it alone. If you have no remaining issues or concerns we can close....

Kevin....

Im infected(?)

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information