Random crashing - white screen

[peewhy]

Even when I am working as opposed to dormant my computer screen will go white, black or even yellow(ish). I'm running on Windows Home Vista 32.

The strange thing is if I run MS Security Essentials on full scan is seems to prolong my activity without crashing - not always but mostly

 

I have upgraded to pro-version of Malwarebytes and it is still crashing. The free version and the pro both aidentify two harmful viruses but can't remove them.

 

attched are the reports

attach.txt

dds.txt

[Maniac]

Hello peewhy! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

• When should I re-format? How should I reinstall?
• Help: I Got Hacked. Now What Do I Do?
• Where to draw the line? When to recommend a format and reinstall?

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

[peewhy]

Hello Borisav

 

Please advise on what I need to do to fix this problem myself

[Maniac]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[peewhy]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by User (administrator) on USER-LAPTOP on 25-09-2013 20:07:47
Running from C:\Users\User\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
( ) C:\Windows\system32\lxcycoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome_frame_helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [skytel] - C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jaureg.exe [232328 2011-09-30] (Sun Microsystems, Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [ChromeFrameHelper] - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome_frame_helper.exe [82896 2013-09-17] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-08] (Google Inc.)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\User\LOCALS~1\Temp\msuoiua.com <===== ATTENTION
MountPoints2: {d6ba8acd-bc5f-11e2-a51d-001e3397165e} - D:\CD_Start.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2007-06-27] ()
BootExecute: autocheck autochk *  /sync /restart /sync /restart /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01F47DD60341CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=0002F86C&OHP=http%3A%2F%2Fsearch.babylon.com%2F%3FaffID%3D112060%26tt%3D4812%5F4%26babsrc%3DHP%5Fss%26mntrId%3Dfe92e637000000000000002163e705ce&OSP=https%3A%2F%2Fisearch.avg.com%2Fsearch%3Fcid%3D%7B8F36589E%2D7D72%2D4245%2D956B%2D131850B78124%7D%26mid%3De02d33409a0e47d08e63d1577573ffad%2D6689c6fff956c970bfee058c44cae4d233a5a925%26lang%3Den%26ds%3DAVG%26pr%3Dfr%26d%3D2012%2D09%2D26%2018%3A59%3A27%26v%3D12.2.5.34%26sap%3Ddsp%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112060&tt=4812_4&babsrc=SP_ss&mntrId=fe92e637000000000000002163e705ce
SearchScopes: HKCU - {279EA4B1-83F7-4E38-9157-5AE2C9FD1636} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102874&src=kw&q={searchTerms}&locale=&apn_ptnrs=6E&apn_dtid=YYYYYYYYGB&apn_uid=5057d690-3abe-4742-8c3e-fe2d56b636b9&apn_sauid=4E8327DE-18C0-4BC6-A15E-0AC6A19289A4
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKCU - {9C304156-7DA5-4FF7-A123-3709A72B05B5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032
SearchScopes: HKCU - {E88E0043-C9D4-4e33-8555-FEE4F5B63060} URL = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\system32\Msdxm6.ocx (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {124D001A-BDCB-472F-AA59-BBE7E4BC3204} -  No File
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\npchrome_frame.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\system32\Msdxm6.ocx (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\user.js

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @photodex.com/PhotodexPresenter - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: SeoQuake - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(2540)
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{6A67DD11-9D15-11E1-826E-B8AC6F996F26}] - C:\Users\User\AppData\Local\{6A67DD11-9D15-11E1-826E-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\User\AppData\Local\{6A67DD11-9D15-11E1-826E-B8AC6F996F26}\

Chrome:
=======


CHR DefaultSearchURL: (Web) - http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=ce985a5f-f381-4948-84b4-ac8cb61f786d&searchtype=ds&q={searchTerms}&installDate=05/07/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U2) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (SEOquake) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.17.1_0
CHR Extension: (Snap.Do ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Alexa Traffic Rank) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.2_0
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Usability Boost for Google Plus\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcppcocablbakkaboahjmljpodddkcp\1.6_0
CHR Extension: (TimelineRemove) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\1.0.5_0
CHR Extension: (Notification Count for Google Plus\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcjeejpbinpibjicmpcdeenfmehlpjk\0.2_0
CHR Extension: (TidyNetwork.com ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiokdflbdpmipnndehcppclincpplcnb\5.0.0.0_0
CHR Extension: (PageRank Status) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.5.3.0_0
CHR Extension: (Streamified) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgcgahdbgbdenffckohanhobdcnkoip\1.19.76_0
CHR Extension: (SearchPreview) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.0_0
CHR Extension: (Helper for Google+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehfpbphnjppmganambkgdnkfliaipgd\1.62_0
CHR Extension: (+1 Button - Plus One Button) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmonhedbcpagbphilnoajiencllnpoii\0.3.0_0
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Extended Share for Google Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oenpjldbckebacipkfbcoppmiflglnib\4.0.2_0
CHR Extension: (SEO Global For Google Search\u2122) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\5.1_0
CHR Extension: (Surplus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0
CHR Extension: (Plus Minus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkbnhjgdngcfcaikoocdanfijkgdli\1.5.5_0
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files\PriceGong\2.6.8\pricegong.crx
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\User\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx
CHR HKLM\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files\DealPly\DealPly.crx
CHR HKLM\...\Chrome\Extension: [ggagiiobgjmfpdadhecbofeoelcpidec] - C:\Users\User\AppData\Local\Temp\ccex.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\User\AppData\Local\Temp\YontooLayers.crx

========================== Services (Whitelisted) =================

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-09-12] (SurfRight B.V.)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [537264 2007-06-20] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 ScsiAccess; C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe [186760 2012-04-07] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532728 2013-01-31] (AVG)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [30008 2013-01-31] (AVG)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-09-25] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl65228435; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EBF194E7-98B9-46F6-A393-09F863192046}\MpKsl65228435.sys [40392 2013-09-25] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S0 hekawrfb; System32\drivers\xryega.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-25 20:07 - 2013-09-25 20:07 - 00000000 ____D C:\FRST
2013-09-25 20:04 - 2013-09-25 20:04 - 01088653 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2013-09-25 18:00 - 2013-09-25 18:00 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-25 16:24 - 2013-09-25 16:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-consumer(1).exe
2013-09-25 16:23 - 2013-09-25 16:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-consumer.exe
2013-09-25 11:27 - 2013-09-25 11:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-25 08:27 - 2013-09-25 08:27 - 00020059 _____ C:\Users\User\Desktop\dds.txt
2013-09-25 08:27 - 2013-09-25 08:27 - 00010425 _____ C:\Users\User\Desktop\attach.txt
2013-09-25 08:19 - 2013-09-25 08:19 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2013-09-25 07:53 - 2013-09-25 07:53 - 00922112 _____ C:\Users\User\Downloads\RogueKiller.exe
2013-09-25 01:25 - 2013-09-25 01:24 - 02982880 _____ C:\Users\User\Downloads\$5435 in 50 Days.zip
2013-09-24 22:58 - 2013-09-24 22:58 - 00074703 _____ C:\Windows\system32\mfc45.dat
2013-09-24 22:58 - 2013-09-24 22:58 - 00000973 _____ C:\Users\User\Desktop\System Checkup.lnk
2013-09-24 22:57 - 2013-09-24 22:58 - 00000000 ____D C:\ProgramData\iolo
2013-09-24 22:57 - 2013-09-24 22:57 - 00000000 ____D C:\Program Files\iolo
2013-09-24 22:56 - 2013-09-24 22:56 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader(3).exe
2013-09-24 22:51 - 2013-09-24 22:52 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader(2).exe
2013-09-24 22:49 - 2013-09-24 22:50 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader(1).exe
2013-09-24 22:49 - 2013-09-24 22:49 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader.exe
2013-09-23 12:34 - 2013-09-23 12:36 - 00014422 _____ C:\Users\User\Downloads\terms&conditions1.php
2013-09-22 22:56 - 2013-09-22 22:41 - 00022273 _____ C:\Users\User\Documents\origin%20pest%20control%20content%20mice.doc_0.odt
2013-09-20 15:43 - 2013-09-20 15:43 - 19160815 _____ C:\Users\User\Downloads\Powerpoint-Video Templates.zip
2013-09-19 09:04 - 2013-09-19 09:29 - 00000000 ____D C:\Users\User\Documents\handwriting
2013-09-19 09:03 - 2013-09-19 09:03 - 00000000 ____D C:\Users\User\Documents\New Folder (14)
2013-09-18 08:23 - 2013-09-18 08:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 07:15 - 2013-09-17 07:15 - 00000644 _____ C:\avenger.txt
2013-09-17 07:15 - 2013-09-17 07:15 - 00000000 ____D C:\Avenger
2013-09-13 00:34 - 2013-09-13 00:42 - 00103926 _____ C:\Users\User\Downloads\download-a912a576-ee89-47a0-9916-f35877415b83.csv
2013-09-12 23:34 - 2013-09-12 23:36 - 00098686 _____ C:\Users\User\Downloads\download-fbadca6c-a599-439c-803e-2675b1a19047.csv
2013-09-12 23:05 - 2013-09-12 23:08 - 00098686 _____ C:\Users\User\Downloads\download-29141ca3-51d4-4946-9815-d0468184b2d6.csv
2013-09-12 22:33 - 2013-09-12 22:33 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenOffice
2013-09-12 22:29 - 2013-09-12 22:29 - 00000977 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-12 22:26 - 2013-09-12 22:27 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-12 22:16 - 2013-09-12 22:20 - 136201626 _____ C:\Users\User\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-GB(2).exe
2013-09-12 22:07 - 2013-09-12 22:07 - 00000000 ____D C:\Users\User\Desktop\OpenOffice 4.0.0 (en-GB) Installation Files
2013-09-12 21:56 - 2013-09-12 21:58 - 136201626 _____ C:\Users\User\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-GB(1).exe
2013-09-12 21:48 - 2013-09-12 21:48 - 00229064 _____ C:\Users\User\Downloads\en_us.oxt
2013-09-12 21:42 - 2013-09-12 21:43 - 06529210 _____ C:\Users\User\Downloads\dict-en(1).oxt
2013-09-12 21:38 - 2013-09-12 21:39 - 06529865 _____ C:\Users\User\Downloads\dict-en.oxt
2013-09-12 20:43 - 2013-09-12 20:46 - 00000000 ____D C:\Users\User\Documents\1a-keywords
2013-09-12 19:22 - 2013-09-12 19:22 - 00000912 _____ C:\Users\User\Desktop\Keyword Organizer.lnk
2013-09-12 19:21 - 2013-09-12 19:21 - 20155782 _____ (KeywordOrganizer.Org                                        ) C:\Users\User\Downloads\setup(1).exe
2013-09-12 19:20 - 2013-09-12 19:21 - 20155782 _____ (KeywordOrganizer.Org                                        ) C:\Users\User\Downloads\setup.exe
2013-09-12 16:44 - 2013-09-12 16:44 - 00001968 _____ C:\Windows\system32\.crusader
2013-09-12 16:26 - 2013-09-12 16:26 - 00001737 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-12 16:26 - 2013-09-12 16:26 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-12 16:25 - 2013-09-12 16:45 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-12 16:25 - 2013-09-12 16:25 - 09186416 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro.exe
2013-09-12 05:00 - 2013-07-31 11:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 05:00 - 2013-07-31 10:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 05:00 - 2013-07-31 10:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 05:00 - 2013-07-31 10:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 05:00 - 2013-07-31 10:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 05:00 - 2013-07-31 10:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 05:00 - 2013-07-31 10:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 05:00 - 2013-07-31 10:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 05:00 - 2013-07-31 10:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 05:00 - 2013-07-31 10:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 05:00 - 2013-07-31 10:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 05:00 - 2013-07-31 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 04:59 - 2013-07-31 11:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 04:59 - 2013-07-31 11:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 04:59 - 2013-07-31 10:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 04:59 - 2013-07-31 10:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 14:22 - 2013-07-16 05:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-11 14:21 - 2013-08-08 02:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-09 18:14 - 2013-09-09 18:16 - 136201626 _____ C:\Users\User\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-GB.exe
2013-09-09 13:03 - 2013-09-09 13:03 - 00000000 __SHD C:\found.000
2013-09-09 09:42 - 2013-01-31 15:44 - 00030008 _____ (AVG) C:\Windows\system32\uxtuneup.dll
2013-09-09 09:42 - 2013-01-31 15:44 - 00022328 _____ (AVG) C:\Windows\system32\authuitu.dll
2013-09-09 09:39 - 2013-09-09 09:39 - 00001890 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2013-09-09 09:39 - 2013-09-09 09:39 - 00001874 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-09 09:39 - 2013-01-31 15:44 - 00032568 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2013-09-09 07:53 - 2013-09-09 07:53 - 00000939 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-09 02:37 - 2013-09-09 02:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-09-08 15:48 - 2013-09-08 15:48 - 00000851 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 11:20 - 2013-06-15 14:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-08 11:20 - 2013-06-15 12:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-08 11:18 - 2013-07-05 04:20 - 00914880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-08 11:18 - 2013-07-05 02:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-09-08 11:17 - 2013-07-17 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-08 11:16 - 2013-08-02 05:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-08 11:16 - 2013-07-10 10:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-08 11:16 - 2013-05-02 05:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-09-08 11:16 - 2013-05-02 05:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\printcom.dll
2013-09-08 11:16 - 2013-04-24 05:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-09-08 11:16 - 2013-04-24 02:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-09-08 11:15 - 2013-04-17 12:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-09-08 11:15 - 2013-04-17 12:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-09-08 11:15 - 2013-04-17 12:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-09-08 11:15 - 2013-04-17 11:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-09-08 11:15 - 2013-04-17 11:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-09-08 11:15 - 2013-04-17 11:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-09-08 11:15 - 2013-04-17 11:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-09-08 11:14 - 2013-07-09 13:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-08 11:14 - 2013-07-08 05:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-09-08 11:14 - 2013-07-08 05:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-08 11:14 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-09-08 11:14 - 2013-04-17 13:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-09-08 11:14 - 2013-04-17 12:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-09-08 11:14 - 2013-04-17 11:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-09-08 11:08 - 2013-07-08 05:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-08 11:08 - 2013-07-08 05:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-08 11:08 - 2013-07-08 05:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-08 11:08 - 2013-07-08 05:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-03 20:19 - 2013-09-03 20:19 - 00000000 ____D C:\ProgramData\KeywordOrganizer
2013-09-03 20:18 - 2013-09-22 11:20 - 00000000 ____D C:\Users\User\AppData\Local\KeywordOrganizer
2013-09-03 20:18 - 2013-09-12 19:22 - 00000000 ____D C:\Program Files\Keyword Organizer
2013-09-02 12:55 - 2013-09-02 12:55 - 12079559 _____ C:\Users\User\Documents\qa-application.odt
2013-09-01 21:25 - 2013-09-01 21:25 - 01831878 _____ C:\Users\User\Documents\st-albans-light-removals-service.avi
2013-08-31 15:23 - 2013-08-31 15:38 - 369938320 _____ C:\Users\User\Downloads\PowerPoint For Video Templates(2).rar
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Users\User\AppData\Local\{63EDBD87-4263-46AD-9C4E-9DA9FDE3848D}
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Users\User\AppData\Local\{5DDD3FAF-FA8A-4BD5-AB11-31FC4FAFCBC4}

==================== One Month Modified Files and Folders =======

2013-09-25 20:07 - 2013-09-25 20:07 - 00000000 ____D C:\FRST
2013-09-25 20:04 - 2013-09-25 20:04 - 01088653 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2013-09-25 20:00 - 2011-12-02 12:12 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184993116-2111681921-2428476457-1000UA.job
2013-09-25 19:45 - 2012-04-03 18:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-25 19:27 - 2011-10-08 18:21 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-25 18:42 - 2011-04-17 22:47 - 02059278 _____ C:\Windows\WindowsUpdate.log
2013-09-25 18:38 - 2011-10-08 18:21 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-25 18:38 - 2006-11-02 14:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-25 18:38 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-25 18:38 - 2006-11-02 13:47 - 00005920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-25 18:38 - 2006-11-02 13:47 - 00005920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-25 18:00 - 2013-09-25 18:00 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-09-25 16:30 - 2012-08-11 10:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-25 16:28 - 2013-03-13 12:37 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-25 16:25 - 2013-09-25 16:24 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-consumer(1).exe
2013-09-25 16:23 - 2013-09-25 16:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-consumer.exe
2013-09-25 14:36 - 2011-04-18 18:11 - 00000000 ____D C:\Users\User\AppData\Local\Paint.NET
2013-09-25 11:27 - 2013-09-25 11:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-25 10:56 - 2011-12-02 12:12 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184993116-2111681921-2428476457-1000Core.job
2013-09-25 08:27 - 2013-09-25 08:27 - 00020059 _____ C:\Users\User\Desktop\dds.txt
2013-09-25 08:27 - 2013-09-25 08:27 - 00010425 _____ C:\Users\User\Desktop\attach.txt
2013-09-25 08:19 - 2013-09-25 08:19 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2013-09-25 07:53 - 2013-09-25 07:53 - 00922112 _____ C:\Users\User\Downloads\RogueKiller.exe
2013-09-25 01:24 - 2013-09-25 01:25 - 02982880 _____ C:\Users\User\Downloads\$5435 in 50 Days.zip
2013-09-24 22:58 - 2013-09-24 22:58 - 00074703 _____ C:\Windows\system32\mfc45.dat
2013-09-24 22:58 - 2013-09-24 22:58 - 00000973 _____ C:\Users\User\Desktop\System Checkup.lnk
2013-09-24 22:58 - 2013-09-24 22:57 - 00000000 ____D C:\ProgramData\iolo
2013-09-24 22:57 - 2013-09-24 22:57 - 00000000 ____D C:\Program Files\iolo
2013-09-24 22:56 - 2013-09-24 22:56 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader(3).exe
2013-09-24 22:52 - 2013-09-24 22:51 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader(2).exe
2013-09-24 22:50 - 2013-09-24 22:49 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader(1).exe
2013-09-24 22:49 - 2013-09-24 22:49 - 06513096 _____ C:\Users\User\Downloads\SCUDownloader.exe
2013-09-23 12:36 - 2013-09-23 12:34 - 00014422 _____ C:\Users\User\Downloads\terms&conditions1.php
2013-09-23 11:46 - 2012-04-03 18:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-23 11:46 - 2011-06-16 06:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 22:41 - 2013-09-22 22:56 - 00022273 _____ C:\Users\User\Documents\origin%20pest%20control%20content%20mice.doc_0.odt
2013-09-22 11:20 - 2013-09-03 20:18 - 00000000 ____D C:\Users\User\AppData\Local\KeywordOrganizer
2013-09-20 15:43 - 2013-09-20 15:43 - 19160815 _____ C:\Users\User\Downloads\Powerpoint-Video Templates.zip
2013-09-19 09:42 - 2011-09-02 08:40 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-09-19 09:29 - 2013-09-19 09:04 - 00000000 ____D C:\Users\User\Documents\handwriting
2013-09-19 09:03 - 2013-09-19 09:03 - 00000000 ____D C:\Users\User\Documents\New Folder (14)
2013-09-18 16:45 - 2012-07-11 23:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-18 08:24 - 2013-09-18 08:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 07:15 - 2013-09-17 07:15 - 00000644 _____ C:\avenger.txt
2013-09-17 07:15 - 2013-09-17 07:15 - 00000000 ____D C:\Avenger
2013-09-16 15:52 - 2006-11-02 11:33 - 00755906 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-16 08:31 - 2013-06-09 14:35 - 00000795 _____ C:\Windows\setupact.log
2013-09-16 06:54 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\Performance
2013-09-15 22:22 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2013-09-15 22:22 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-09-15 22:22 - 2006-11-02 11:22 - 51118080 _____ C:\Windows\system32\config\software_previous
2013-09-15 22:22 - 2006-11-02 11:22 - 18350080 _____ C:\Windows\system32\config\system_previous
2013-09-15 22:17 - 2006-11-02 11:22 - 32505856 _____ C:\Windows\system32\config\components_previous
2013-09-15 22:17 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-09-15 13:13 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-09-15 13:13 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-09-14 19:42 - 2013-05-23 07:35 - 00000000 ____D C:\Users\User\Documents\1stAiders
2013-09-13 03:53 - 2006-11-02 13:47 - 00353600 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-13 01:07 - 2011-04-17 16:59 - 00097768 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-13 00:42 - 2013-09-13 00:34 - 00103926 _____ C:\Users\User\Downloads\download-a912a576-ee89-47a0-9916-f35877415b83.csv
2013-09-12 23:36 - 2013-09-12 23:34 - 00098686 _____ C:\Users\User\Downloads\download-fbadca6c-a599-439c-803e-2675b1a19047.csv
2013-09-12 23:08 - 2013-09-12 23:05 - 00098686 _____ C:\Users\User\Downloads\download-29141ca3-51d4-4946-9815-d0468184b2d6.csv
2013-09-12 22:33 - 2013-09-12 22:33 - 00000000 ____D C:\Users\User\AppData\Roaming\OpenOffice
2013-09-12 22:29 - 2013-09-12 22:29 - 00000977 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-12 22:27 - 2013-09-12 22:26 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-09-12 22:25 - 2011-04-18 14:58 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-09-12 22:20 - 2013-09-12 22:16 - 136201626 _____ C:\Users\User\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-GB(2).exe
2013-09-12 22:07 - 2013-09-12 22:07 - 00000000 ____D C:\Users\User\Desktop\OpenOffice 4.0.0 (en-GB) Installation Files
2013-09-12 21:58 - 2013-09-12 21:56 - 136201626 _____ C:\Users\User\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-GB(1).exe
2013-09-12 21:48 - 2013-09-12 21:48 - 00229064 _____ C:\Users\User\Downloads\en_us.oxt
2013-09-12 21:43 - 2013-09-12 21:42 - 06529210 _____ C:\Users\User\Downloads\dict-en(1).oxt
2013-09-12 21:39 - 2013-09-12 21:38 - 06529865 _____ C:\Users\User\Downloads\dict-en.oxt
2013-09-12 20:46 - 2013-09-12 20:43 - 00000000 ____D C:\Users\User\Documents\1a-keywords
2013-09-12 19:22 - 2013-09-12 19:22 - 00000912 _____ C:\Users\User\Desktop\Keyword Organizer.lnk
2013-09-12 19:22 - 2013-09-03 20:18 - 00000000 ____D C:\Program Files\Keyword Organizer
2013-09-12 19:21 - 2013-09-12 19:21 - 20155782 _____ (KeywordOrganizer.Org                                        ) C:\Users\User\Downloads\setup(1).exe
2013-09-12 19:21 - 2013-09-12 19:20 - 20155782 _____ (KeywordOrganizer.Org                                        ) C:\Users\User\Downloads\setup.exe
2013-09-12 16:45 - 2013-09-12 16:25 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-12 16:44 - 2013-09-12 16:44 - 00001968 _____ C:\Windows\system32\.crusader
2013-09-12 16:26 - 2013-09-12 16:26 - 00001737 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-12 16:26 - 2013-09-12 16:26 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-12 16:25 - 2013-09-12 16:25 - 09186416 _____ (SurfRight B.V.) C:\Users\User\Downloads\HitmanPro.exe
2013-09-12 14:12 - 2013-06-20 12:34 - 00010894 _____ C:\Windows\PFRO.log
2013-09-12 07:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 06:30 - 2012-08-26 14:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 03:19 - 2013-07-22 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:07 - 2006-11-02 11:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 23:43 - 2012-12-11 08:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Mega Robot Bomber
2013-09-11 23:39 - 2011-11-10 01:04 - 00000000 ____D C:\Program Files\SocialExposureSystem
2013-09-11 15:50 - 2012-04-19 23:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Babylon
2013-09-11 08:46 - 2012-11-15 08:59 - 00000000 ____D C:\Program Files\Mega Robot Bomber
2013-09-11 08:23 - 2012-06-01 07:03 - 00000000 ____D C:\Users\User\Documents\Taverna
2013-09-10 09:01 - 2012-09-27 16:26 - 00000000 ____D C:\Users\User\AppData\Roaming\AVG2013
2013-09-10 09:01 - 2012-08-26 14:48 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2013-09-10 09:01 - 2012-08-26 14:14 - 00000000 ____D C:\Users\User\AppData\Local\MicrosoftStore
2013-09-10 09:01 - 2012-06-19 19:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Mobile Renegade
2013-09-10 09:01 - 2012-05-21 21:48 - 00000000 ____D C:\Users\User\AppData\Roaming\3 7
2013-09-10 09:01 - 2012-05-20 16:54 - 00000000 ____D C:\Users\User\AppData\Roaming\7 2
2013-09-10 09:01 - 2012-05-17 22:35 - 00000000 ____D C:\Users\User\AppData\Roaming\3 5
2013-09-10 09:01 - 2012-05-15 14:42 - 00000000 ____D C:\Users\User\AppData\Roaming\3 2
2013-09-10 09:01 - 2012-05-01 22:19 - 00000000 ____D C:\Users\User\AppData\Roaming\c__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_Crack_SuperHideIP.exe
2013-09-10 09:01 - 2012-05-01 22:13 - 00000000 ____D C:\Users\User\AppData\Roaming\C__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_SuperHideIP.exe
2013-09-10 09:01 - 2012-02-26 17:13 - 00000000 ____D C:\Users\User\AppData\Local\SENukeX
2013-09-10 09:01 - 2012-02-26 17:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SENukeX
2013-09-10 09:01 - 2012-02-04 17:27 - 00000000 ____D C:\Users\User\AppData\Roaming\InnoIDE
2013-09-10 09:01 - 2012-01-01 14:01 - 00000000 ____D C:\Users\User\AppData\Roaming\GSA Email Spider
2013-09-10 09:01 - 2011-12-02 12:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-10 09:01 - 2011-11-25 11:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Audacity
2013-09-10 09:01 - 2011-11-22 15:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strategic Link Builder
2013-09-10 09:01 - 2011-11-08 20:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lethal Command Center
2013-09-10 09:01 - 2011-11-02 08:23 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Valid Email Collector
2013-09-10 09:01 - 2011-09-01 19:53 - 00000000 ____D C:\Users\User\AppData\Roaming\gtk-2.0
2013-09-10 09:01 - 2011-06-06 16:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-09-10 09:01 - 2011-05-19 23:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-09-10 09:01 - 2011-04-20 14:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iBusinessPromoter 11
2013-09-10 09:01 - 2011-04-20 14:18 - 00000000 ____D C:\Users\User\AppData\Roaming\IBP
2013-09-10 09:01 - 2011-04-17 16:59 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-10 09:01 - 2011-04-17 16:59 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-10 09:00 - 2013-06-05 21:15 - 00000000 ___SD C:\Users\User\Google Drive
2013-09-10 09:00 - 2013-06-01 11:03 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-10 09:00 - 2013-02-22 02:05 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-09-10 09:00 - 2013-01-01 17:55 - 00000000 ____D C:\Users\User\Kindle
2013-09-10 09:00 - 2012-05-22 10:48 - 00000000 ____D C:\Program Files\AVG
2013-09-10 09:00 - 2012-05-22 10:44 - 00000000 ____D C:\ProgramData\MFAData
2013-09-10 09:00 - 2012-05-20 23:09 - 00000000 ___RD C:\Users\User\SkyDrive
2013-09-10 09:00 - 2012-05-20 17:52 - 00000000 ____D C:\Users\User\Documents\video-facebook
2013-09-10 09:00 - 2012-04-11 18:29 - 00000000 ____D C:\ProgramData\Skype
2013-09-10 09:00 - 2012-02-08 19:05 - 00000000 ____D C:\Users\User\Documents\WSO - no name
2013-09-10 09:00 - 2012-02-06 22:07 - 00000000 ____D C:\Users\User\Documents\video profits
2013-09-10 09:00 - 2012-01-01 13:20 - 00000000 ____D C:\Users\User\Documents\Tweet Attack
2013-09-10 09:00 - 2011-05-19 23:23 - 00000000 ___RD C:\Users\User\Dropbox
2013-09-10 09:00 - 2011-04-18 18:12 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-10 09:00 - 2011-04-18 14:16 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-09-10 09:00 - 2011-04-17 18:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-10 09:00 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-10 09:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-09-10 08:59 - 2012-12-22 14:31 - 00000000 ____D C:\Users\User\Documents\A1 viral images
2013-09-10 08:59 - 2012-10-13 23:51 - 00000000 ____D C:\Users\User\Documents\PinAutomation
2013-09-10 08:59 - 2012-05-29 18:05 - 00000000 ____D C:\Users\User\Documents\local avenger
2013-09-10 08:59 - 2012-05-02 23:46 - 00000000 ____D C:\Users\User\Documents\social guru
2013-09-10 08:59 - 2012-03-13 19:16 - 00000000 ____D C:\Users\User\Documents\SMS Pager
2013-09-10 08:59 - 2012-02-25 20:50 - 00000000 ____D C:\Users\User\Documents\Mobile site pro
2013-09-10 08:59 - 2012-02-20 16:57 - 00000000 ____D C:\Users\User\Documents\Cartoons
2013-09-10 08:59 - 2012-01-25 02:48 - 00000000 ____D C:\Users\User\Documents\Pligg Submitter
2013-09-10 08:59 - 2012-01-01 13:51 - 00000000 ____D C:\Users\User\Documents\Email Spider
2013-09-10 08:59 - 2011-12-02 15:10 - 00000000 ____D C:\Users\User\Documents\Smash'n grab
2013-09-10 08:59 - 2011-11-26 22:38 - 00000000 ____D C:\Users\User\Documents\Instant Backlink Generator
2013-09-10 08:59 - 2011-05-06 10:49 - 00000000 ____D C:\Users\User\Documents\Article Submitter
2013-09-10 08:58 - 2013-04-15 17:25 - 00000000 ____D C:\Users\User\AppData\Roaming\onlineprsubmitter
2013-09-10 08:58 - 2012-12-05 20:05 - 00000000 ____D C:\Users\User\AppData\Roaming\PSpad
2013-09-10 08:58 - 2012-04-11 18:30 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-09-10 08:58 - 2012-03-10 22:04 - 00000000 ____D C:\Users\User\AppData\Roaming\SkyMonk
2013-09-10 08:58 - 2011-12-18 06:58 - 00000000 ____D C:\Users\User\Article Video Maker
2013-09-10 08:58 - 2011-09-02 18:03 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2013-09-10 08:58 - 2011-04-17 18:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Thunderbird
2013-09-10 08:58 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-10 08:22 - 2011-04-17 16:59 - 00001356 _____ C:\Users\User\AppData\Local\d3d9caps.dat
2013-09-10 00:17 - 2011-07-17 21:34 - 00018432 _____ C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-09 23:36 - 2012-08-10 12:04 - 00000000 ____D C:\Windows\Sun
2013-09-09 18:16 - 2013-09-09 18:14 - 136201626 _____ C:\Users\User\Downloads\Apache_OpenOffice_4.0.0_Win_x86_install_en-GB.exe
2013-09-09 13:03 - 2013-09-09 13:03 - 00000000 __SHD C:\found.000
2013-09-09 09:39 - 2013-09-09 09:39 - 00001890 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2013-09-09 09:39 - 2013-09-09 09:39 - 00001874 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2013-09-09 07:53 - 2013-09-09 07:53 - 00000939 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-09-09 02:37 - 2013-09-09 02:37 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-09-09 01:08 - 2012-09-26 18:06 - 00000000 ____D C:\Users\User\AppData\Local\Avg2013
2013-09-09 00:17 - 2012-05-22 10:49 - 00000000 ___HD C:\$AVG
2013-09-08 19:11 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\ShellNew
2013-09-08 19:11 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-08 19:11 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-08 19:10 - 2013-04-20 12:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Josh MacDonald
2013-09-08 19:10 - 2011-10-03 18:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-08 19:10 - 2011-06-06 16:39 - 00000000 ____D C:\Program Files\WinRAR
2013-09-08 19:09 - 2012-04-13 21:27 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-08 19:09 - 2012-02-10 01:23 - 00000000 ____D C:\Program Files\Conduit
2013-09-08 19:07 - 2013-06-01 11:06 - 00000000 ____D C:\ProgramData\AVG
2013-09-08 19:07 - 2013-04-15 17:21 - 00000000 ____D C:\Program Files\OnlinePRSubmitter
2013-09-08 18:57 - 2011-09-01 19:49 - 00000000 ____D C:\Program Files\GIMP-2.0
2013-09-08 15:48 - 2013-09-08 15:48 - 00000851 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-08 12:44 - 2012-04-11 18:29 - 00000000 ___RD C:\Program Files\Skype
2013-09-05 12:57 - 2013-07-11 12:35 - 00000000 ____D C:\ProgramData\Real
2013-09-05 12:56 - 2013-07-11 12:37 - 00000000 ____D C:\Users\User\AppData\Roaming\Real
2013-09-03 20:19 - 2013-09-03 20:19 - 00000000 ____D C:\ProgramData\KeywordOrganizer
2013-09-02 12:55 - 2013-09-02 12:55 - 12079559 _____ C:\Users\User\Documents\qa-application.odt
2013-09-01 21:25 - 2013-09-01 21:25 - 01831878 _____ C:\Users\User\Documents\st-albans-light-removals-service.avi
2013-09-01 14:41 - 2011-04-18 11:24 - 00000000 ____D C:\WWW
2013-08-31 15:38 - 2013-08-31 15:23 - 369938320 _____ C:\Users\User\Downloads\PowerPoint For Video Templates(2).rar
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Users\User\AppData\Local\{63EDBD87-4263-46AD-9C4E-9DA9FDE3848D}
2013-08-30 17:17 - 2013-08-30 17:17 - 00000000 ____D C:\Users\User\AppData\Local\{5DDD3FAF-FA8A-4BD5-AB11-31FC4FAFCBC4}
2013-08-30 17:17 - 2012-05-21 01:53 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2013-08-30 16:53 - 2013-07-03 16:38 - 00000000 ____D C:\Users\User\Documents\PTT

ZeroAccess:
C:\Windows\Installer\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2}

ZeroAccess:
C:\Users\User\AppData\Local\87e1a660
C:\Users\User\AppData\Local\87e1a660\@

ZeroAccess:
C:\Users\User\AppData\Local\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2}

Files to move or delete:
====================
C:\Users\User\AppData\Roaming\eMail Extractor registration.ini
C:\ProgramData\chro.dat
C:\ProgramData\c__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_Crack_SuperHideIP.exe
C:\ProgramData\C__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_SuperHideIP.exe
C:\ProgramData\ffpw.dat
C:\ProgramData\mail.dat
C:\ProgramData\mess.dat


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-25 18:44

==================== End Of Log ============================

Addition.txt

[Maniac]

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

 

HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?

HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?

HKCU\...\CurrentVersion\Windows: [Load] C:\Users\User\LOCALS~1\Temp\msuoiua.com <===== ATTENTION

C:\Windows\Installer\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2}

C:\Users\User\AppData\Local\87e1a660

C:\Users\User\AppData\Local\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2}

C:\ProgramData\chro.dat

C:\ProgramData\c__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_Crack_SuperHideIP.exe

C:\ProgramData\C__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_SuperHideIP.exe

C:\ProgramData\ffpw.dat

C:\ProgramData\mail.dat

C:\ProgramData\mess.dat

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

[peewhy]

Thank you, U have done this and with your help successfully removed the files but I immediately got the white screen and crashed upon first reboot.

Is there more to do?

[peewhy]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by User at 2013-09-25 20:37:58 Run:1
Running from C:\Users\User\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\User\LOCALS~1\Temp\msuoiua.com <===== ATTENTION
C:\Windows\Installer\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2}
C:\Users\User\AppData\Local\87e1a660
C:\Users\User\AppData\Local\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2}
C:\ProgramData\chro.dat
C:\ProgramData\c__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_Crack_SuperHideIP.exe
C:\ProgramData\C__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_SuperHideIP.exe
C:\ProgramData\ffpw.dat
C:\ProgramData\mail.dat
C:\ProgramData\mess.dat
*****************

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
C:\Windows\Installer\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2} => Moved successfully.
C:\Users\User\AppData\Local\87e1a660 => Moved successfully.
C:\Users\User\AppData\Local\{ff6e5401-e669-ea1a-07d6-2c700fc2b9e2} => Moved successfully.
C:\ProgramData\chro.dat => Moved successfully.
C:\ProgramData\c__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_Crack_SuperHideIP.exe => Moved successfully.
C:\ProgramData\C__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_SuperHideIP.exe => Moved successfully.
C:\ProgramData\ffpw.dat => Moved successfully.
C:\ProgramData\mail.dat => Moved successfully.
C:\ProgramData\mess.dat => Moved successfully.

==== End of Fixlog ====

[Maniac]

Well done!

Please generate a new fresh DDS log files and post them in your next reply.

[peewhy]

It's still crashing. What are the DDS Log files?

[Maniac]

Take a look:

http://forums.malwarebytes.org/index.php?showtopic=9573

You already generate for us DDS log files (check your first post).

[peewhy]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.2.0
Run by User at 23:12:14 on 2013-09-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1915.437 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome_frame_helper.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Photodex\ProShow Producer\ScsiAccess.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Users\User\Downloads\FRST.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uProxyOverride = local
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [ChromeFrameHelper] "c:\users\user\appdata\local\google\chrome\application\29.0.1547.76\chrome_frame_helper.exe" --startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jaureg.exe" -u auto-update
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home



TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C85440FD-64D0-4239-A39A-B4FB29BEA25B} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E7A90C68-F9EC-4363-8AD3-5CE7E7E15D4D} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\users\user\appdata\local\google\chrome\application\29.0.1547.76\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\t4ou8iir.default\

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
.
---- FIREFOX POLICIES ----
.
user_pref('extensions.dealply.partner', 'inff');
.
user_pref('extensions.dealply.channel', 'inffphp01');
.
user_pref('extensions.dealply.installId', 'v24300257402207709389262012112902240225');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '5');

FF - user.js: extensions.BabylonToolbar.id - fe92e637000000000000002163e705ce
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15673
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.82:25:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKsl0c393cfa;MpKsl0c393cfa;c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\MpKsl0c393cfa.sys [2013-9-25 40392]
R1 MpKsl65228435;MpKsl65228435;c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\MpKsl65228435.sys [2013-9-25 40392]
R1 MpKsl97886df4;MpKsl97886df4;c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\MpKsl97886df4.sys [2013-9-25 40392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-4-17 21504]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-9-12 106280]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-15 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-11 701512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-11-30 2916736]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2013-1-31 1532728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-11 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-25 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\pspad editor\PSPad.exe" "%1"
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver 4\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2013-09-25 21:39:45    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\MpKsl97886df4.sys
2013-09-25 20:35:13    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\MpKsl0c393cfa.sys
2013-09-25 19:07:22    --------    d-----w-    C:\FRST
2013-09-25 17:39:42    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\MpKsl65228435.sys
2013-09-25 17:00:15    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-25 07:43:29    60872    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\offreg.dll
2013-09-25 07:42:50    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{ebf194e7-98b9-46f6-a393-09f863192046}\mpengine.dll
2013-09-24 21:58:14    74703    ----a-w-    c:\windows\system32\mfc45.dat
2013-09-24 21:57:51    --------    d-----w-    c:\programdata\iolo
2013-09-24 21:57:51    --------    d-----w-    c:\program files\iolo
2013-09-23 22:22:21    7328304    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-20 14:44:41    --------    d-----w-    c:\users\user\Video templates
2013-09-12 21:33:01    --------    d-----w-    c:\users\user\appdata\roaming\OpenOffice
2013-09-12 21:26:09    --------    d-----w-    c:\program files\OpenOffice 4
2013-09-12 15:26:32    --------    d-----w-    c:\program files\HitmanPro
2013-09-12 15:25:49    --------    d-----w-    c:\programdata\HitmanPro
2013-09-12 03:59:48    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-11 13:22:03    615936    ----a-w-    c:\windows\system32\themeui.dll
2013-09-11 13:21:55    2049536    ----a-w-    c:\windows\system32\win32k.sys
2013-09-09 12:03:24    --------    d-sh--w-    C:\found.000
2013-09-09 08:42:19    22328    ----a-w-    c:\windows\system32\authuitu.dll
2013-09-09 08:42:15    30008    ----a-w-    c:\windows\system32\uxtuneup.dll
2013-09-09 08:39:34    32568    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-09-09 07:35:02    --------    d-----w-    c:\users\user\appdata\local\ElevatedDiagnostics
2013-09-08 10:20:06    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-09-08 10:20:06    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-09-08 10:18:56    914880    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 10:18:55    31232    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-09-08 10:17:37    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-09-08 10:16:59    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-09-08 10:16:55    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-09-08 10:16:54    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-09-08 10:16:44    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-09-08 10:16:30    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-09-08 10:16:27    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-09-08 10:15:04    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-09-08 10:15:03    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-09-08 10:15:03    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-09-08 10:15:03    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-09-08 10:15:02    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-09-08 10:15:01    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-09-08 10:15:01    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-09-08 10:14:58    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-09-08 10:14:56    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-09-08 10:14:43    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-09-08 10:14:42    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-09-08 10:14:41    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-09-08 10:14:34    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-09-08 10:14:25    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-09-08 10:13:45    936960    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2013-09-08 10:13:44    1218048    ----a-w-    c:\program files\windows journal\NBDoc.DLL
2013-09-08 10:13:43    983552    ----a-w-    c:\program files\windows journal\JNTFiltr.dll
2013-09-08 10:13:43    964608    ----a-w-    c:\program files\windows journal\JNWDRV.dll
2013-09-08 10:08:27    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-08 10:08:26    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-09-08 10:08:26    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-09-08 10:08:25    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-09-08 09:55:28    718712    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{210616fc-06f1-49a3-9a8b-b7b0c08bf73e}\gapaengine.dll
2013-09-03 19:19:52    --------    d-----w-    c:\programdata\KeywordOrganizer
2013-09-03 19:18:49    --------    d-----w-    c:\users\user\appdata\local\KeywordOrganizer
2013-09-03 19:18:30    --------    d-----w-    c:\program files\Keyword Organizer
2013-08-31 14:44:45    --------    d-----w-    c:\users\user\video-templates
2013-08-30 16:17:39    --------    d-----w-    c:\users\user\appdata\local\{63EDBD87-4263-46AD-9C4E-9DA9FDE3848D}
2013-08-30 16:17:38    --------    d-----w-    c:\users\user\appdata\local\{5DDD3FAF-FA8A-4BD5-AB11-31FC4FAFCBC4}
.
==================== Find3M  ====================
.
2013-09-23 10:46:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 10:46:11    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-31 10:00:20    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-31 09:52:44    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-07-31 09:48:43    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-31 09:48:09    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-31 09:45:42    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:14:29.89 ===============
 

[Maniac]

What about the content of Attach.txt ?

[peewhy]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 17/04/2011 16:50:54
System Uptime: 25/09/2013 22:37:03 (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Pentium® Dual  CPU  T3400  @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 74.271 GiB free.
E: is FIXED (NTFS) - 269 GiB total, 258.284 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Allway Sync version 11.2.2
Amazon Kindle
Article Indexer
Article Submitter 3.0.4.0
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
calibre
Camtasia Studio 7
Canon iP4600 series Printer Driver
CCleaner
CD/DVD Drive Acoustic Silencer
ClientFinder_1.0
CuteFTP
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
DirectorySubmitter
Dropbox
DVD MovieFactory for TOSHIBA
Easy Target Lead Generator
FileZilla Client 3.6.0
ForumBot
Garmin POI Loader
Garmin USB Drivers
GIMP 2.6.11
Google Chrome
Google Chrome Frame
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart 5520 series Basic Device Software
HP Update
HPDiagnosticAlert
IBP 11.9
InfraRecorder
Inno Script Studio version 1.0.0.24
Inno Setup QuickStart Pack version 5.4.3
InnoIDE 1.0.0.78
Instant Video Articles v1.03
InstantArticleWizard
Intel® Matrix Storage Manager
Java Auto Updater
Java 7 Update 2
Keyword Organizer version 2.26
Keyword Scout Lite
KeywordOptimizerPro
KompoZer 0.8b3
Lethal Command Center
Localizer Leads Tool
Macromedia Dreamweaver 4
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mobile Renegade 1.60
Mobilizer
Mozilla Firefox 24.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
News Publisher 1.0
NX-Local Cash Scraper
Office 2010 Trial Extender
OnlinePRSubmitter
OpenOffice 4.0.0
Paint.NET v3.5.11
Photodex Presenter
PinAutomation - Traffic Robot v1.1
Press Release Submitter 3.0.0.1
PressBot
ProShow Producer
PSPad editor
Rapid Email Sender Advance
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Segoe UI
SEO Link Robot - Fast Indexer 2.0.1.0
SEO Warrior Pro
Sigil 0.6.2
Simple Search-Replace
Skype Click to Call
Skype™ 5.10
Speccy
Strategic Link Builder
Synaptics Pointing Device Driver
System Checkup 3.4
TeamViewer 7
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update or Uninstall SENukeX
Valid Email Collector Advance
VLC media player 1.1.11
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
WinRAR 4.01 (32-bit)
WinSCP 4.4
XULRunner6
Xvid MPEG-4 Video Codec
.
==== End Of File ===========================
 

[peewhy]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 17/04/2011 16:50:54
System Uptime: 25/09/2013 22:37:03 (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Pentium® Dual  CPU  T3400  @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 195 GiB total, 74.271 GiB free.
E: is FIXED (NTFS) - 269 GiB total, 258.284 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Allway Sync version 11.2.2
Amazon Kindle
Article Indexer
Article Submitter 3.0.4.0
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
calibre
Camtasia Studio 7
Canon iP4600 series Printer Driver
CCleaner
CD/DVD Drive Acoustic Silencer
ClientFinder_1.0
CuteFTP
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
DirectorySubmitter
Dropbox
DVD MovieFactory for TOSHIBA
Easy Target Lead Generator
FileZilla Client 3.6.0
ForumBot
Garmin POI Loader
Garmin USB Drivers
GIMP 2.6.11
Google Chrome
Google Chrome Frame
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart 5520 series Basic Device Software
HP Update
HPDiagnosticAlert
IBP 11.9
InfraRecorder
Inno Script Studio version 1.0.0.24
Inno Setup QuickStart Pack version 5.4.3
InnoIDE 1.0.0.78
Instant Video Articles v1.03
InstantArticleWizard
Intel® Matrix Storage Manager
Java Auto Updater
Java 7 Update 2
Keyword Organizer version 2.26
Keyword Scout Lite
KeywordOptimizerPro
KompoZer 0.8b3
Lethal Command Center
Localizer Leads Tool
Macromedia Dreamweaver 4
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mobile Renegade 1.60
Mobilizer
Mozilla Firefox 24.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.6 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
News Publisher 1.0
NX-Local Cash Scraper
Office 2010 Trial Extender
OnlinePRSubmitter
OpenOffice 4.0.0
Paint.NET v3.5.11
Photodex Presenter
PinAutomation - Traffic Robot v1.1
Press Release Submitter 3.0.0.1
PressBot
ProShow Producer
PSPad editor
Rapid Email Sender Advance
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Segoe UI
SEO Link Robot - Fast Indexer 2.0.1.0
SEO Warrior Pro
Sigil 0.6.2
Simple Search-Replace
Skype Click to Call
Skype™ 5.10
Speccy
Strategic Link Builder
Synaptics Pointing Device Driver
System Checkup 3.4
TeamViewer 7
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update or Uninstall SENukeX
Valid Email Collector Advance
VLC media player 1.1.11
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
WinRAR 4.01 (32-bit)
WinSCP 4.4
XULRunner6
Xvid MPEG-4 Video Codec
.
==== End Of File ===========================
 

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 3

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log
• Malwarebytes' Anti-Malware log

[peewhy]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows Vista Home Premium x86
Ran by User on 26/09/2013 at 14:27:45.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\pricegongie.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealply
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2481032
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{279EA4B1-83F7-4E38-9157-5AE2C9FD1636}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9C304156-7DA5-4FF7-A123-3709A72B05B5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\DealPly
Successfully deleted: [File] C:\Windows\System32\Tasks\DealPlyUpdate
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\Users\User\AppData\Local\{6A67DD11-9D15-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ammyy"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\lyricskid"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dealply"
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{1496EF38-0876-49B2-AA9B-3775CFF5D9FE}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{5DDD3FAF-FA8A-4BD5-AB11-31FC4FAFCBC4}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{63EDBD87-4263-46AD-9C4E-9DA9FDE3848D}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{71DDE2CC-9AF2-44B7-B362-9DF0E6CDAF1C}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{9AC68C54-1D74-4DC4-9E52-5CF027D7D787}
Successfully deleted: [Folder] C:\Users\User\AppData\Local\{6A67DD11-9D15-11E1-826E-B8AC6F996F26} [Trojan:JS/Medfos.A]



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t4ou8iir.default\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t4ou8iir.default\searchplugins\web search.xml
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t4ou8iir.default\prefs.js

user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "fe92e637000000000000002163e705ce");
user_pref("extensions.BabylonToolbar.instlDay", "15673");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.82:25:24");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\t4ou8iir.default\minidumps [32 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/09/2013 at 14:33:17.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[peewhy]

# AdwCleaner v3.005 - Report created 26/09/2013 at 14:38:56
# Updated 22/09/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : User - USER-LAPTOP
# Running from : C:\Users\User\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Mail.Ru
Folder Deleted : C:\Users\User\AppData\Local\PackageAware
Folder Deleted : C:\Users\User\AppData\LocalLow\Mail.Ru

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{851EA7AD-B85B-42E6-9A53-0A68D34CC866}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{851EA7AD-B85B-42E6-9A53-0A68D34CC866}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92398CBD-2EE0-4C71-A1AE-F2481A44C2C7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92398CBD-2EE0-4C71-A1AE-F2481A44C2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : keyword

*************************

AdwCleaner[R0].txt - [4130 octets] - [26/09/2013 14:38:06]
AdwCleaner[s0].txt - [3731 octets] - [26/09/2013 14:38:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3791 octets] ##########
 

[peewhy]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.26.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-LAPTOP [administrator]

Protection: Enabled

26/09/2013 14:45:41
mbam-log-2013-09-26 (14-45-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259833
Time elapsed: 24 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[Maniac]

Well done!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[peewhy]

Having read your warning. I am very nervous about running combofix - are there any safeguards or protection I can use?

[Maniac]

ComboFix will create a restore point and will backup your windows registry. Just follow the instructions strictly.

[peewhy]

ComboFix 13-09-26.03 - User 26/09/2013  16:40:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1915.1042 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Temp\_MEI24322\_ctypes.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\_elementtree.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\_hashlib.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\_multiprocessing.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\_socket.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\_ssl.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\msvcp100.dll
c:\users\User\AppData\Local\Temp\_MEI24322\msvcr100.dll
c:\users\User\AppData\Local\Temp\_MEI24322\pyexpat.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\pysqlite2._sqlite.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\python27.dll
c:\users\User\AppData\Local\Temp\_MEI24322\pythoncom27.dll
c:\users\User\AppData\Local\Temp\_MEI24322\PyWinTypes27.dll
c:\users\User\AppData\Local\Temp\_MEI24322\select.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\unicodedata.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32api.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32com.shell.shell.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32crypt.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32event.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32file.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32inet.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32pdh.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32process.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32profile.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32security.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\win32ts.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\windows._cacheinvalidation.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._controls_.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._core_.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._gdi_.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._html2.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._misc_.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._windows_.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wx._wizard.pyd
c:\users\User\AppData\Local\Temp\_MEI24322\wxbase294u_net_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI24322\wxbase294u_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI24322\wxmsw294u_adv_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI24322\wxmsw294u_core_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI24322\wxmsw294u_html_vc90.dll
c:\users\User\AppData\Local\Temp\_MEI24322\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-26 to 2013-09-26  )))))))))))))))))))))))))))))))
.
.
2013-09-26 15:52 . 2013-09-26 16:19    --------    d-----w-    c:\users\User\AppData\Local\temp
2013-09-26 15:52 . 2013-09-26 15:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-26 14:11 . 2013-09-05 05:02    7328304    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B911AB1F-DE72-4F80-A438-A8F1F3559296}\mpengine.dll
2013-09-26 13:38 . 2013-09-26 13:39    --------    d-----w-    C:\AdwCleaner
2013-09-26 13:26 . 2013-09-26 13:26    --------    d-----w-    c:\windows\ERUNT
2013-09-25 19:07 . 2013-09-25 19:07    --------    d-----w-    C:\FRST
2013-09-24 21:58 . 2013-09-24 21:58    74703    ----a-w-    c:\windows\system32\mfc45.dat
2013-09-24 21:57 . 2013-09-24 21:58    --------    d-----w-    c:\programdata\iolo
2013-09-24 21:57 . 2013-09-24 21:57    --------    d-----w-    c:\program files\iolo
2013-09-23 22:22 . 2013-09-05 05:02    7328304    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-20 14:44 . 2013-09-20 14:44    --------    d-----w-    c:\users\User\Video templates
2013-09-12 21:33 . 2013-09-12 21:33    --------    d-----w-    c:\users\User\AppData\Roaming\OpenOffice
2013-09-12 21:26 . 2013-09-12 21:27    --------    d-----w-    c:\program files\OpenOffice 4
2013-09-12 15:26 . 2013-09-12 15:26    --------    d-----w-    c:\program files\HitmanPro
2013-09-12 15:25 . 2013-09-12 15:45    --------    d-----w-    c:\programdata\HitmanPro
2013-09-12 03:59 . 2013-07-31 09:52    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-11 13:22 . 2013-07-16 04:35    615936    ----a-w-    c:\windows\system32\themeui.dll
2013-09-11 13:21 . 2013-08-08 01:45    2049536    ----a-w-    c:\windows\system32\win32k.sys
2013-09-09 12:03 . 2013-09-09 12:03    --------    d-----w-    C:\found.000
2013-09-09 08:42 . 2013-01-31 14:44    22328    ----a-w-    c:\windows\system32\authuitu.dll
2013-09-09 08:42 . 2013-01-31 14:44    30008    ----a-w-    c:\windows\system32\uxtuneup.dll
2013-09-09 08:39 . 2013-01-31 14:44    32568    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-09-09 07:35 . 2013-09-09 07:35    --------    d-----w-    c:\users\User\AppData\Local\ElevatedDiagnostics
2013-09-09 01:37 . 2013-09-09 01:37    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-09-08 10:20 . 2013-06-15 13:22    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-09-08 10:20 . 2013-06-15 11:23    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-09-08 10:18 . 2013-07-05 03:20    914880    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 10:18 . 2013-07-05 01:43    31232    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2013-09-08 10:17 . 2013-07-17 19:41    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-09-08 10:16 . 2013-07-10 09:47    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-09-08 10:16 . 2013-05-02 04:04    443904    ----a-w-    c:\windows\system32\win32spl.dll
2013-09-08 10:16 . 2013-05-02 04:03    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-09-08 10:16 . 2013-08-02 04:09    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-09-08 10:16 . 2013-04-24 01:46    812544    ----a-w-    c:\windows\system32\certutil.exe
2013-09-08 10:16 . 2013-04-24 04:00    41984    ----a-w-    c:\windows\system32\certenc.dll
2013-09-08 10:15 . 2013-04-17 10:10    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-09-08 10:15 . 2013-04-17 11:28    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-09-08 10:15 . 2013-04-17 10:33    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-09-08 10:15 . 2013-04-17 10:10    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-09-08 10:15 . 2013-04-17 11:28    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-09-08 10:15 . 2013-04-17 11:28    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-09-08 10:15 . 2013-04-17 10:34    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-09-08 10:14 . 2013-04-17 10:14    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-09-08 10:14 . 2013-04-17 11:28    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-09-08 10:14 . 2013-07-08 04:55    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-09-08 10:14 . 2013-07-08 04:55    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-09-08 10:14 . 2013-07-09 12:10    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-09-08 10:14 . 2013-06-01 04:06    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-09-08 10:14 . 2013-04-17 12:30    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-09-08 10:13 . 2013-04-09 03:51    936960    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-09-08 10:13 . 2013-04-09 03:52    1218048    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-09-08 10:13 . 2013-04-09 03:51    983552    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-09-08 10:13 . 2013-04-09 03:51    964608    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-09-08 10:08 . 2013-07-08 04:16    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-08 10:08 . 2013-07-08 04:16    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-09-08 10:08 . 2013-07-08 04:16    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-09-08 10:08 . 2013-07-08 04:20    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-09-08 09:55 . 2013-09-04 20:58    718712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{210616FC-06F1-49A3-9A8B-B7B0C08BF73E}\gapaengine.dll
2013-09-03 19:19 . 2013-09-03 19:19    --------    d-----w-    c:\programdata\KeywordOrganizer
2013-09-03 19:18 . 2013-09-22 10:20    --------    d-----w-    c:\users\User\AppData\Local\KeywordOrganizer
2013-09-03 19:18 . 2013-09-12 18:22    --------    d-----w-    c:\program files\Keyword Organizer
2013-08-31 14:44 . 2013-08-31 14:49    --------    d-----w-    c:\users\User\video-templates
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-23 10:46 . 2012-04-03 17:01    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 10:46 . 2011-06-16 05:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-05-20 22:09    208096    ----a-w-    c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-05-20 22:09    208096    ----a-w-    c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-05-20 22:09    208096    ----a-w-    c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.3347.0416\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12    94208    ----a-w-    c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 15:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 15:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 15:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 15:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 15:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 15:11    579024    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"ChromeFrameHelper"="c:\users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome_frame_helper.exe" [2013-09-17 82896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jaureg.exe" [2011-09-30 232328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0 /sync /restart\0 /sync /restart\0 /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
2007-06-25 09:34    291504    ----a-w-    c:\program files\Lexmark 3400 Series\lxcymon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24    581632    ----a-w-    c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2C7196Y105ST:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"NDSTray.exe"=NDSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:46]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 17:20]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-08 17:20]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184993116-2111681921-2428476457-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 20:31]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184993116-2111681921-2428476457-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 20:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\

.
.
------- File Associations -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{124D001A-BDCB-472F-AA59-BBE7E4BC3204} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-26 17:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3204)
c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\HitmanPro\hmpsched.exe
c:\program files\HitmanPro\HitmanPro.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\lxcycoms.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Photodex\ProShow Producer\ScsiAccess.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WUDFHost.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2013-09-26  17:24:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-26 16:24
.
Pre-Run: 80,019,050,496 bytes free
Post-Run: 80,225,505,280 bytes free
.
- - End Of File - - 9D96CD1F545F734A4E9829C59844DEE9
5C616939100B85E558DA92B899A0FC36
 

[peewhy]

Unfortunately it is still crashing - is there anything else I can do?

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.