Random crashing - white screen

[peewhy]

Unfortunatey I can't locate the report but is cleaned 27 harmful files that the others didn't pick up, I ran it again, it shows all is clean - howver the computer crashed soon after. Same white screen, no warning.

[Maniac]

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[peewhy]

Thank you for this. it detected 'no threats' - but the problem of the white screen and crashing still exists. Is there anything else I can do?

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[peewhy]

OTL logfile created on: 01/10/2013 22:10:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.42% Memory free
3.98 Gb Paging File | 2.81 Gb Available in Paging File | 70.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 87.40 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
Drive E: | 268.98 Gb Total Space | 258.33 Gb Free Space | 96.04% Space Free | Partition Type: NTFS
 
Computer Name: USER-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/01 22:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/09/17 04:20:29 | 000,082,896 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome_frame_helper.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/12 16:26:35 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/31 15:44:08 | 001,532,728 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2013/01/31 15:44:08 | 001,222,456 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/04/07 11:44:42 | 000,186,760 | ---- | M] () -- C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe
PRC - [2011/11/29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/07/06 10:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/20 06:28:56 | 000,537,264 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/01 18:43:30 | 000,128,512 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\_elementtree.pyd
MOD - [2013/10/01 18:43:30 | 000,044,032 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\_socket.pyd
MOD - [2013/10/01 18:43:29 | 000,098,816 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32api.pyd
MOD - [2013/10/01 18:43:29 | 000,022,528 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32ts.pyd
MOD - [2013/10/01 18:43:28 | 000,557,056 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\pysqlite2._sqlite.pyd
MOD - [2013/10/01 18:43:26 | 000,320,512 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32com.shell.shell.pyd
MOD - [2013/10/01 18:43:26 | 000,070,656 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._html2.pyd
MOD - [2013/10/01 18:43:26 | 000,026,624 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\_multiprocessing.pyd
MOD - [2013/10/01 18:43:25 | 000,805,888 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._gdi_.pyd
MOD - [2013/10/01 18:43:25 | 000,504,832 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\windows._cacheinvalidation.pyd
MOD - [2013/10/01 18:43:25 | 000,011,264 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32crypt.pyd
MOD - [2013/10/01 18:43:22 | 000,364,544 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\pythoncom27.dll
MOD - [2013/10/01 18:43:22 | 000,087,040 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\_ctypes.pyd
MOD - [2013/10/01 18:43:22 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32profile.pyd
MOD - [2013/10/01 18:43:21 | 000,735,232 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._misc_.pyd
MOD - [2013/10/01 18:43:20 | 000,110,080 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\PyWinTypes27.dll
MOD - [2013/10/01 18:43:19 | 000,108,544 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32security.pyd
MOD - [2013/10/01 18:43:18 | 001,175,040 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._core_.pyd
MOD - [2013/10/01 18:43:17 | 001,153,024 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\_ssl.pyd
MOD - [2013/10/01 18:43:14 | 000,035,840 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32process.pyd
MOD - [2013/10/01 18:43:14 | 000,025,600 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32pdh.pyd
MOD - [2013/10/01 18:43:13 | 000,811,008 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._windows_.pyd
MOD - [2013/10/01 18:43:13 | 000,711,680 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\_hashlib.pyd
MOD - [2013/10/01 18:43:13 | 000,122,368 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._wizard.pyd
MOD - [2013/10/01 18:43:13 | 000,119,808 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32file.pyd
MOD - [2013/10/01 18:43:12 | 000,038,912 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32inet.pyd
MOD - [2013/10/01 18:42:59 | 001,062,400 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\wx._controls_.pyd
MOD - [2013/10/01 18:42:59 | 000,127,488 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\pyexpat.pyd
MOD - [2013/10/01 18:42:59 | 000,018,432 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\win32event.pyd
MOD - [2013/10/01 18:42:58 | 000,686,080 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\unicodedata.pyd
MOD - [2013/10/01 18:42:56 | 000,010,240 | ---- | M] () -- C:\Users\User\AppData\Local\temp\_MEI23002\select.pyd
MOD - [2012/11/10 20:57:08 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/09/23 11:46:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/18 08:24:51 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/12 16:26:35 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/31 15:44:08 | 001,532,728 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2013/01/31 15:44:06 | 000,030,008 | ---- | M] (AVG) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/07 11:44:42 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/11/29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/06/20 06:28:56 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xryega.sys -- (hekawrfb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/10/01 18:44:15 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F857EA-1C39-4A56-BCF7-612B99B6732D}\MpKsl2811a27d.sys -- (MpKsl2811a27d)
DRV - [2013/10/01 18:38:49 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F857EA-1C39-4A56-BCF7-612B99B6732D}\MpKsl95e761a5.sys -- (MpKsl95e761a5)
DRV - [2013/10/01 17:16:30 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4F857EA-1C39-4A56-BCF7-612B99B6732D}\MpKsl92e8ba41.sys -- (MpKsl92e8ba41)
DRV - [2013/10/01 14:37:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/04 14:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/18 22:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/13 15:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/12/14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.google.com
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 F4 7D D6 03 41 CC 01  [binary data]
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB452
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/09/09 02:37:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6A67DD11-9D15-11E1-826E-B8AC6F996F26}: C:\Users\User\AppData\Local\{6A67DD11-9D15-11E1-826E-B8AC6F996F26}\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/09/09 02:37:36 | 000,000,000 | ---D | M]
 
[2011/10/02 16:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2011/04/17 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/09/27 18:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\extensions
[2013/07/31 11:37:37 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}(2540)
[2013/08/01 11:48:39 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\t4ou8iir.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/30 10:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/30 10:55:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 10:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/30 10:55:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/18 08:24:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.17.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcppcocablbakkaboahjmljpodddkcp\1.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\1.0.5_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcjeejpbinpibjicmpcdeenfmehlpjk\0.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiokdflbdpmipnndehcppclincpplcnb\5.0.0.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.5.3.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgcgahdbgbdenffckohanhobdcnkoip\1.19.76_0\crossrider
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgcgahdbgbdenffckohanhobdcnkoip\1.19.76_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehfpbphnjppmganambkgdnkfliaipgd\1.62_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmonhedbcpagbphilnoajiencllnpoii\0.3.0_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oenpjldbckebacipkfbcoppmiflglnib\4.0.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\5.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkbnhjgdngcfcaikoocdanfijkgdli\1.5.5_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/09/26 17:19:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000..\Run: [ChromeFrameHelper] C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\chrome_frame_helper.exe (Google Inc.)
O4 - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_74631272.lnk = C:\Users\User\AppData\Local\temp\_uninst_74631272.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C85440FD-64D0-4239-A39A-B4FB29BEA25B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7A90C68-F9EC-4363-8AD3-5CE7E7E15D4D}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\System32\Msdxm6.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/06 10:46:52 | 016,770,944 | ---- | M] () - E:\AutoBlogFeederWeb.mp4 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3184993116-2111681921-2428476457-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/01 14:37:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/09/28 17:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/09/27 11:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/26 17:24:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/26 17:24:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2013/09/26 17:19:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/09/26 15:49:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/26 15:49:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/26 15:49:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/26 15:49:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/26 15:48:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/26 14:38:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/26 14:26:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/26 14:25:10 | 001,030,038 | ---- | C] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
[2013/09/25 20:07:22 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/24 22:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/09/24 22:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2013/09/20 15:44:41 | 000,000,000 | ---D | C] -- C:\Users\User\Video templates
[2013/09/19 09:04:07 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\handwriting
[2013/09/19 09:03:48 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\New Folder (14)
[2013/09/18 08:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/12 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OpenOffice
[2013/09/12 22:29:06 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/09/12 22:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2013/09/12 20:43:44 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\1a-keywords
[2013/09/12 19:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keyword Organizer
[2013/09/12 16:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/09/12 16:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/09/12 16:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/09 13:03:24 | 000,000,000 | ---D | C] -- C:\found.000
[2013/09/09 09:42:19 | 000,022,328 | ---- | C] (AVG) -- C:\Windows\System32\authuitu.dll
[2013/09/09 09:42:15 | 000,030,008 | ---- | C] (AVG) -- C:\Windows\System32\uxtuneup.dll
[2013/09/09 09:39:34 | 000,032,568 | ---- | C] (AVG) -- C:\Windows\System32\TURegOpt.exe
[2013/09/09 09:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/09/09 08:35:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2013/09/09 02:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/09/03 20:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\KeywordOrganizer
[2013/09/03 20:18:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\KeywordOrganizer
[2013/09/03 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Keyword Organizer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/01 22:00:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3184993116-2111681921-2428476457-1000UA.job
[2013/10/01 21:45:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 21:27:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 20:42:47 | 000,005,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 20:42:47 | 000,005,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 20:08:55 | 000,018,432 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/01 18:42:51 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 18:42:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 14:37:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/10/01 10:56:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3184993116-2111681921-2428476457-1000Core.job
[2013/10/01 07:04:03 | 000,645,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/01 07:04:03 | 000,123,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/29 01:17:25 | 000,206,333 | ---- | M] () -- C:\Users\User\Documents\infant-first-aid-cards.jpg
[2013/09/28 18:51:36 | 000,000,807 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_74631272.lnk
[2013/09/27 23:49:25 | 000,000,043 | ---- | M] () -- C:\Users\User\Documents\rotting flesh.gif
[2013/09/26 20:54:43 | 000,011,735 | ---- | M] () -- C:\Users\User\Documents\galaxy1.jpg
[2013/09/26 20:51:01 | 000,026,474 | ---- | M] () -- C:\Users\User\Documents\galaxy1.png
[2013/09/26 17:19:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/26 14:26:06 | 001,030,038 | ---- | M] (Thisisu) -- C:\Users\User\Desktop\JRT.exe
[2013/09/25 16:28:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/24 22:58:14 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dat
[2013/09/24 22:58:04 | 000,000,973 | ---- | M] () -- C:\Users\User\Desktop\System Checkup.lnk
[2013/09/22 14:03:35 | 000,058,315 | ---- | M] () -- C:\Users\User\Documents\cfr-tea.jpg
[2013/09/20 18:15:11 | 000,225,572 | ---- | M] () -- C:\Users\User\Documents\red0nipples.png
[2013/09/19 08:57:52 | 000,019,773 | ---- | M] () -- C:\Users\User\Documents\hand.gif
[2013/09/18 19:23:38 | 000,002,044 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/18 00:00:42 | 000,024,121 | ---- | M] () -- C:\Users\User\Documents\cfr-icons.jpg
[2013/09/14 10:02:47 | 000,014,156 | ---- | M] () -- C:\Users\User\Documents\blobfish.jpg
[2013/09/13 03:53:41 | 000,353,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/12 22:29:08 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/09/12 19:22:37 | 000,000,912 | ---- | M] () -- C:\Users\User\Desktop\Keyword Organizer.lnk
[2013/09/12 16:44:28 | 000,001,968 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/09/11 23:10:28 | 000,518,024 | ---- | M] () -- C:\Users\User\Documents\facebook-cover-peter.png
[2013/09/10 08:22:37 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2013/09/09 09:39:25 | 000,001,898 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/09/09 09:39:25 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/09/09 07:53:32 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/09/08 15:48:16 | 000,000,875 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/08 15:48:16 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/04 07:44:26 | 000,120,948 | ---- | M] () -- C:\Users\User\Documents\me-car-3.png
[2013/09/03 16:35:35 | 000,056,572 | ---- | M] () -- C:\Users\User\Documents\QA_AED_Trainer_Approval_Form_V1 (2).pdf
[2013/09/03 14:22:54 | 002,423,406 | ---- | M] () -- C:\Users\User\Documents\qa-bill.png
[2013/09/02 16:24:19 | 003,419,876 | ---- | M] () -- C:\Users\User\Documents\qa7.png
[2013/09/02 12:57:10 | 003,081,432 | ---- | M] () -- C:\Users\User\Documents\qa-application.pdf
[2013/09/02 12:55:27 | 012,079,559 | ---- | M] () -- C:\Users\User\Documents\qa-application.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/29 01:13:24 | 000,206,333 | ---- | C] () -- C:\Users\User\Documents\infant-first-aid-cards.jpg
[2013/09/28 18:51:36 | 000,000,807 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_74631272.lnk
[2013/09/27 23:49:11 | 000,000,043 | ---- | C] () -- C:\Users\User\Documents\rotting flesh.gif
[2013/09/26 20:54:40 | 000,011,735 | ---- | C] () -- C:\Users\User\Documents\galaxy1.jpg
[2013/09/26 20:50:50 | 000,026,474 | ---- | C] () -- C:\Users\User\Documents\galaxy1.png
[2013/09/26 15:49:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/26 15:49:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/26 15:49:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/26 15:49:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/26 15:49:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/24 22:58:14 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/09/24 22:58:04 | 000,000,973 | ---- | C] () -- C:\Users\User\Desktop\System Checkup.lnk
[2013/09/22 14:02:26 | 000,058,315 | ---- | C] () -- C:\Users\User\Documents\cfr-tea.jpg
[2013/09/20 18:15:06 | 000,225,572 | ---- | C] () -- C:\Users\User\Documents\red0nipples.png
[2013/09/19 08:57:52 | 000,019,773 | ---- | C] () -- C:\Users\User\Documents\hand.gif
[2013/09/18 00:00:32 | 000,024,121 | ---- | C] () -- C:\Users\User\Documents\cfr-icons.jpg
[2013/09/14 10:02:39 | 000,014,156 | ---- | C] () -- C:\Users\User\Documents\blobfish.jpg
[2013/09/12 22:29:08 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/09/12 19:22:37 | 000,000,912 | ---- | C] () -- C:\Users\User\Desktop\Keyword Organizer.lnk
[2013/09/12 16:44:28 | 000,001,968 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/09/09 09:39:25 | 000,001,898 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/09/09 09:39:25 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk
[2013/09/09 09:39:22 | 000,001,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/09/09 07:53:32 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/09/08 15:48:16 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/08 15:48:16 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/04 07:44:26 | 000,120,948 | ---- | C] () -- C:\Users\User\Documents\me-car-3.png
[2013/09/03 16:35:35 | 000,056,572 | ---- | C] () -- C:\Users\User\Documents\QA_AED_Trainer_Approval_Form_V1 (2).pdf
[2013/09/03 14:22:48 | 002,423,406 | ---- | C] () -- C:\Users\User\Documents\qa-bill.png
[2013/09/02 16:24:06 | 003,419,876 | ---- | C] () -- C:\Users\User\Documents\qa7.png
[2013/09/02 12:57:10 | 003,081,432 | ---- | C] () -- C:\Users\User\Documents\qa-application.pdf
[2013/09/02 12:55:27 | 012,079,559 | ---- | C] () -- C:\Users\User\Documents\qa-application.odt
[2013/06/21 12:51:18 | 000,000,849 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2013/04/15 17:21:29 | 000,000,877 | ---- | C] () -- C:\Program Files\OnlinePRSubmitter.lnk
[2013/03/26 13:10:02 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2012/12/06 00:18:42 | 000,196,318 | ---- | C] () -- C:\Users\User\centurion.zip
[2012/05/21 18:52:33 | 000,000,050 | -HS- | C] () -- C:\Users\User\AppData\Roaming\6.dat
[2012/05/21 18:37:57 | 000,000,000 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Fgt13OKza
[2012/05/21 18:36:00 | 000,114,691 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0.dat
[2012/05/20 22:47:01 | 000,007,315 | ---- | C] () -- C:\Users\User\AppData\Roaming\service32
[2012/05/20 22:46:31 | 000,000,032 | ---- | C] () -- C:\Users\User\AppData\Roaming\service32_pslzq
[2012/05/20 19:50:00 | 000,000,032 | ---- | C] () -- C:\Users\User\AppData\Roaming\test_gstxt
[2012/05/19 23:59:21 | 000,001,701 | ---- | C] () -- C:\Users\User\AppData\Roaming\blah
[2012/05/19 23:58:42 | 000,000,032 | ---- | C] () -- C:\Users\User\AppData\Roaming\blah_bohnw
[2012/05/19 23:54:24 | 000,001,433 | ---- | C] () -- C:\Users\User\AppData\Roaming\Logs1
[2012/05/19 23:53:53 | 000,000,112 | ---- | C] () -- C:\Users\User\AppData\Roaming\Logs1_nnvvg
[2012/05/19 23:53:23 | 000,000,032 | ---- | C] () -- C:\Users\User\AppData\Roaming\Logs1_wreje
[2012/05/19 23:29:13 | 000,000,050 | -HS- | C] () -- C:\Users\User\AppData\Roaming\6.dat_mbrsr
[2012/05/19 23:16:49 | 000,022,500 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0.dat_htime
[2012/05/19 21:39:34 | 000,000,050 | -HS- | C] () -- C:\Users\User\AppData\Roaming\6.dat_pgjzz
[2012/05/19 20:16:58 | 000,000,050 | -HS- | C] () -- C:\Users\User\AppData\Roaming\6.dat_crpub
[2012/05/19 20:08:37 | 000,238,103 | ---- | C] () -- C:\Users\User\AppData\Roaming\Server.7z
[2012/05/19 19:40:04 | 000,000,000 | -HS- | C] () -- C:\Users\User\AppData\Roaming\v9PRtPuGa
[2012/05/19 19:38:23 | 000,022,459 | -HS- | C] () -- C:\Users\User\AppData\Roaming\0.dat_zmwyt
[2012/05/19 02:05:30 | 000,010,248 | ---- | C] () -- C:\Users\User\AppData\Roaming\fusionmatrix
[2012/05/19 02:05:00 | 000,000,032 | ---- | C] () -- C:\Users\User\AppData\Roaming\fusionmatrix_kbeuv
[2012/05/15 15:46:27 | 000,017,387 | ---- | C] () -- C:\Users\User\AppData\Roaming\WindowsUpdates
[2012/05/15 14:16:04 | 000,152,382 | ---- | C] () -- C:\Users\User\AppData\Roaming\User
[2012/04/19 23:25:16 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/04/19 23:25:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/03/15 20:18:35 | 000,012,062 | ---- | C] () -- C:\Users\User\thinking.odt
[2012/02/26 12:02:10 | 000,004,936 | ---- | C] () -- C:\ProgramData\zjyopzph.wxh
[2012/01/23 01:06:09 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/01 16:57:13 | 000,000,049 | ---- | C] () -- C:\Users\User\AppData\Roaming\eMail Extractor registration.ini
[2011/12/29 21:47:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\krx280.dat
[2011/11/10 14:35:06 | 000,000,212 | ---- | C] () -- C:\Windows\System32\winiog_019.dat
[2011/09/03 12:44:49 | 000,000,073 | ---- | C] () -- C:\Users\User\.gtk-bookmarks
[2011/07/17 21:34:59 | 000,018,432 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/17 16:59:19 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/13 10:01:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 10:01:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/05/22 12:49:25 | 000,000,000 | RHSD | M] -- C:\Users\User\AppData\Roaming\9kcqYI
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2013/06/02 18:18:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AutomagicIM
[2013/06/01 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2013
[2013/02/17 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre
[2013/06/02 18:13:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.pageone.evcc
[2011/09/08 11:46:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.springbox.mobilizer
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\c__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_Crack_SuperHideIP.exe
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\C__Users_User_Desktop_Super Hide IP v3.1.9.6 Full_SuperHideIP.exe
[2012/05/21 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2011/05/14 17:27:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Easy Click Commissions
[2013/06/19 21:16:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2013/06/02 18:16:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeHideIP
[2012/11/18 02:09:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Garmin
[2011/04/18 16:19:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlobalSCAPE
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GSA Email Spider
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012/05/19 15:20:27 | 000,000,000 | RHSD | M] -- C:\Users\User\AppData\Roaming\I10js
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IBP
[2011/12/18 07:04:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IMBuzz Creators
[2011/04/17 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InfraRecorder
[2013/09/10 09:01:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InnoIDE
[2012/05/05 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JonathanLeger.com
[2012/05/19 14:16:20 | 000,000,000 | RHSD | M] -- C:\Users\User\AppData\Roaming\jQFl
[2011/10/12 08:02:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\KeywordOptimizerPro
[2011/07/15 11:26:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\kompozer.net
[2012/02/04 17:27:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Kymoto Solutions
[2012/11/08 00:11:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LocalizerLeadsTool
[2013/06/02 18:29:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/01/01 16:56:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Maxprog
[2013/09/11 23:43:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mega Robot Bomber
[2013/09/10 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mobile Renegade
[2012/05/22 11:18:32 | 000,000,000 | RHSD | M] -- C:\Users\User\AppData\Roaming\mousedrv
[2012/04/07 11:46:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Netscape
[2013/09/10 08:58:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\onlineprsubmitter
[2013/09/12 22:33:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice
[2011/04/18 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2012/04/07 11:41:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Photodex
[2011/11/02 11:54:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ResData
[2011/06/06 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2012/08/11 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Security
[2011/12/05 23:01:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SeoOganizer
[2013/09/10 08:58:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SkyMonk
[2012/05/13 17:30:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Soft Solutions
[2012/06/19 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2011/11/26 15:27:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Software Defender
[2013/06/02 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SuperHideIP
[2011/04/17 22:56:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sync App Settings
[2012/02/10 12:30:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thinstall
[2013/09/10 08:58:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2011/09/02 15:44:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TOSHIBA
[2012/05/20 23:38:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP
[2012/09/26 19:00:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2012/05/18 00:55:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UBot Studio
[2011/11/17 07:52:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ulead Systems
[2011/11/02 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\VecData
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

 

[peewhy]

OTL Extras logfile created on: 01/10/2013 22:10:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.42% Memory free
3.98 Gb Paging File | 2.81 Gb Available in Paging File | 70.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 87.40 Gb Free Space | 44.75% Space Free | Partition Type: NTFS
Drive E: | 268.98 Gb Total Space | 258.33 Gb Free Space | 96.04% Space Free | Partition Type: NTFS
 
Computer Name: USER-LAPTOP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10C3857B-7BBA-4999-A809-B9ED99973734}" = lport=445 | protocol=6 | dir=in | app=system |
"{14FA0ABE-7825-44E9-8DE3-3FC0B0683CDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{2B678BBD-3B95-4146-9F7F-BAEAB27AC43A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5775A672-011C-4C76-8C13-905D95B8B6D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F59A660-10BA-4396-97AD-648658BD077B}" = lport=137 | protocol=17 | dir=in | app=system |
"{819C4698-A860-4F92-8052-31EA0D5880D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{91DEB993-E3A2-4E5B-A01B-27B7310B9B37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7E3E967-5F07-41AB-A1A9-FDED85CFA845}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA69328D-61F3-4FE2-8AA3-538AA98666B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B257BED0-8BDA-4FB7-BFB3-130AB06D7E6A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{B7875C82-DEB5-4416-BD9C-73A295514A36}" = lport=139 | protocol=6 | dir=in | app=system |
"{BF0AF213-AF4D-4BAA-87FC-DB9B486CBDDD}" = rport=445 | protocol=6 | dir=out | app=system |
"{E32BA3CC-A125-4ECC-A401-D3A18580E700}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EF8F1574-04DD-4970-9248-A49DFD61EB94}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AEFB5F-C906-4D70-804B-71EAB08779C3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{041DFFF1-DF78-481D-BD38-D85712AF6EF2}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{188D5736-FF88-4E63-9A26-392373B45043}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{22624448-358F-4081-A7F9-7C53D76B5C53}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
"{2AF34D5B-28C5-4E8D-813A-C15C757DB7E5}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{2C773D5E-FA24-4F38-A465-21CC76D44FCB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{30436548-D857-49F4-B6D5-0D6C1A47C87A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4CA91F44-FBD0-4C0D-9F32-D94B27B879C6}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{507615EF-FE44-4436-B8DC-1392E96D90ED}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{5BAC121C-17FB-4D67-AEDA-CC376F850E20}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DE84C88-D030-432C-BA8E-3F07E798B2DD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5ED5B910-0890-4C70-A247-BF5FBE3AFB36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60F2CDC9-9A80-49C7-8FF7-294A397B20F8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{6A03CD69-3B34-40CA-BA55-2DCE3F81D8D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7F788525-7B45-4922-A626-473D89CF5FA1}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{7FE7615B-2D46-49D9-B1EC-B6E19BB10BDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85AF77AC-D254-4C31-A95A-EC3BDE9D53CD}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicatorcom.exe |
"{9713C24B-CADE-419E-94A6-2BF757ACA108}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A58FB71B-E28F-4635-A5F4-E907B31B03E7}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\devicesetup.exe |
"{D06F5679-A292-4FFA-A4D6-EF499B092260}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{D5ABF635-79C6-401E-8933-1776509408F6}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F4C69302-C098-494D-9EC8-85DA18BBC4E4}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
"{F840D891-58EA-4C09-80D9-02A6BD83B6EE}" = dir=in | app=c:\program files\hp\hp photosmart 5520 series\bin\hpnetworkcommunicator.exe |
"{F9154E3D-D5DC-48CB-8B97-F5C5552FDFEF}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{FF8D7F3B-0442-4212-A8DA-2501691FD3E4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{37627D63-28C8-4B8D-A7D7-C01EA7517DF5}C:\windows\system32\hkcmd.exe" = protocol=6 | dir=in | app=c:\windows\system32\hkcmd.exe |
"TCP Query User{3906E135-AA72-4206-8FE7-815983C85F2B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{3C9FD50A-3AC1-45EC-82E8-BE56E04393C8}C:\program files\paint.net\paintdotnet.exe" = protocol=6 | dir=in | app=c:\program files\paint.net\paintdotnet.exe |
"TCP Query User{5806905D-161A-4EB3-90B9-85EFAF4B2866}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{893A7CFA-8C4D-462C-8BB5-A9DE876FFBAC}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"TCP Query User{9B4B307B-43E8-4F81-B3BC-84403F80BDEE}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=6 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe |
"TCP Query User{A651C205-660A-4082-9795-DAA430F488D1}C:\windows\system32\wuauclt.exe" = protocol=6 | dir=in | app=c:\windows\system32\wuauclt.exe |
"TCP Query User{DE7DAC1A-A96C-4E90-8FDA-9F55F0D9001A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{FF2BD0C9-A4C3-48C3-A514-F0408B98CCC8}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{01A5FE15-EBE9-424E-BA0A-A0071BA7343B}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"UDP Query User{0F419991-DF5C-4453-AC78-0F7B9071BACF}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
"UDP Query User{1BEB6FC4-10E6-48C1-9572-E72BACECCAD7}C:\program files\paint.net\paintdotnet.exe" = protocol=17 | dir=in | app=c:\program files\paint.net\paintdotnet.exe |
"UDP Query User{2379C8FB-B231-495C-B888-8D6E5C6B3A77}C:\windows\system32\hkcmd.exe" = protocol=17 | dir=in | app=c:\windows\system32\hkcmd.exe |
"UDP Query User{39296677-F129-476A-B109-14B53A0FF83A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{7BEB472B-002B-4643-A857-348C03061C16}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=17 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe |
"UDP Query User{7E880278-D4C4-42EA-B881-30E28992E593}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{F7F62007-6B7F-42B3-918A-A5EE2B9DC38D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{FF2AA84D-EFEE-401F-960C-0989409D2D3B}C:\windows\system32\wuauclt.exe" = protocol=17 | dir=in | app=c:\windows\system32\wuauclt.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02BC38BC-2B9D-4537-A330-479C6862D64C}" = SEO Warrior Pro
"{04D645A0-18D5-4C33-8D2A-7E93944982DB}" = Simple Search-Replace
"{06966274-3BA4-4F1B-8B31-69E75BEC823B}" = Valid Email Collector Advance
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F4873CA-75C6-4B7C-927D-3BBFB5BBEFBD}" = DirectorySubmitter
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E8BAA74-62A9-421D-A61F-164C7C3943E9}_is1" = InnoIDE 1.0.0.78
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235F60EF-E34F-4CA6-A076-562399E36EC9}" = OnlinePRSubmitter
"{249F13C9-889B-405E-8987-F4E6AA90BD8E}" = calibre
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java 7 Update 2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{490D126A-CA6A-48B4-A5A4-987F4E1481DA}" = NX-Local Cash Scraper
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.4
"{4E097EB0-0674-4CAD-B73F-2A3179BB477A}_is1" = Press Release Submitter 3.0.0.1
"{5258E4BA-7420-43EF-8882-0E545357F6EE}" = PinAutomation - Traffic Robot v1.1
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5AC54C83-060F-9610-CC29-9310CBDF80CB}" = Mobilizer
"{5CA74EDC-CFC3-4FA0-AED7-1415CA19F250}" = Garmin POI Loader
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7054BEC1-08BB-4B0D-9750-02A33FA0DFDC}" = XULRunner6
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EF03F5-0507-4861-9A44-D99FD4C41417}" = Paint.NET v3.5.11
"{76C42BBD-632F-FAEA-CD5B-5405DBCCE9ED}" = Localizer Leads Tool
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{78C6B8B0-C4E8-4EEA-9BEB-645EC1F079A3}_is1" = Article Submitter 3.0.4.0
"{7C22BD69-9939-43CE-B16E-437DB2A39492}_is1" = Inno Script Studio version 1.0.0.24
"{7D112138-66C9-4289-9398-1B9E391C035F}" = Article Indexer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9F77E9-8C21-4DEE-8295-A9599CECA49D}" = SEO Link Robot - Fast Indexer 2.0.1.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90206544-8DAA-416E-8D78-A6A3352BC10B}" = PressBot
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C15DA410-F192-4B81-81E8-68CD1769D3F7}" = Rapid Email Sender Advance
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C809B0C4-9F6C-4958-9C67-EE7A4A9D0E12}" = Strategic Link Builder
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}" = HP Photosmart 5520 series Basic Device Software
"{EA1DC8F8-C357-44CA-A332-AB9762DF698C}" = OpenOffice 4.0.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18ADBD4-320F-4A67-9709-0FE9412BB0FA}_is1" = Office 2010 Trial Extender
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F512A66C-EE26-47DF-B1BA-9BC753AB7DD4}_is1" = News Publisher 1.0
"{F8E2838E-AA8B-5BCF-D8F5-5645EB13B798}" = KeywordOptimizerPro
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 11.2.2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG PC TuneUp" = AVG PC TuneUp
"CCleaner" = CCleaner
"com.springbox.mobilizer" = Mobilizer
"CuteFTP" = CuteFTP
"Defraggler" = Defraggler
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.6.0
"ForumBot_is1" = ForumBot
"HitmanPro37" = HitmanPro 3.7
"IBP11_is1" = IBP 11.9
"InfraRecorder" = InfraRecorder
"Inno Setup 5_is1" = Inno Setup QuickStart Pack version 5.4.3
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Instant Video Articles_is1" = Instant Video Articles v1.03
"InstantArticleWizard" = InstantArticleWizard
"Keyword Organizer_is1" = Keyword Organizer version 2.26
"KeywordOptimizerPro" = KeywordOptimizerPro
"LocalizerLeadsTool" = Localizer Leads Tool
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Renegade 1.60" = Mobile Renegade 1.60
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Photodex Presenter" = Photodex Presenter
"ProShow Producer" = ProShow Producer
"PSPad editor_is1" = PSPad editor
"Revo Uninstaller" = Revo Uninstaller 1.94
"SEO Warrior Pro 1.1.8" = SEO Warrior Pro
"Sigil_is1" = Sigil 0.6.2
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"winscp3_is1" = WinSCP 4.4
"Xvid_is1" = Xvid MPEG-4 Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3184993116-2111681921-2428476457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"065b42c809538e1c" = Update or Uninstall SENukeX
"1aea539d7d8543ed" = Easy Target Lead Generator
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"e021b03ef55bb1d6" = Keyword Scout Lite
"e86b2f3af2c4a0e1" = Lethal Command Center
"eeee92643db1ffde" = ClientFinder_1.0
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/09/2013 09:10:17 | Computer Name = User-LAPTOP | Source = Windows Search Service | ID = 3013
Description =
 
Error - 30/09/2013 03:38:44 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: ba4  Start Time: 01cebd6249680cdd  Termination Time: 12968
 
Error - 30/09/2013 03:52:31 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 12b8  Start Time: 01cebdb005c1f2ed  Termination Time: 60000
 
Error - 30/09/2013 06:06:48 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: ed0  Start Time: 01cebdc35779dd0c  Termination Time: 269
 
Error - 30/09/2013 08:15:48 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: e8c  Start Time: 01cebdd617a5ca87  Termination Time: 62
 
Error - 30/09/2013 08:22:12 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: a0  Start Time: 01cebdd6d5b464a7  Termination Time: 16
 
Error - 30/09/2013 10:29:59 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 5e8  Start Time: 01cebde3591814f6  Termination Time: 3919
 
Error - 01/10/2013 02:33:56 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 17.0.8.4961 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 174c  Start Time: 01cebe6f53b3d766  Termination Time: 36
 
Error - 01/10/2013 17:07:08 | Computer Name = User-LAPTOP | Source = Windows Search Service | ID = 3013
Description =
 
Error - 01/10/2013 17:09:51 | Computer Name = User-LAPTOP | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: 1754  Start Time: 01cebeea3c3700cf  Termination Time: 0
 
[ System Events ]
Error - 01/10/2013 13:36:02 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/10/2013 13:36:02 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/10/2013 13:36:02 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/10/2013 13:36:02 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7026
Description =
 
Error - 01/10/2013 13:42:41 | Computer Name = User-LAPTOP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:41:14 on 01/10/2013 was unexpected.
 
Error - 01/10/2013 13:43:52 | Computer Name = User-LAPTOP | Source = DCOM | ID = 10016
Description =
 
Error - 01/10/2013 13:44:36 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/10/2013 13:44:36 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/10/2013 13:44:36 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01/10/2013 13:44:36 | Computer Name = User-LAPTOP | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
 

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xryega.sys -- (hekawrfb)

  [2012/02/26 12:02:10 | 000,004,936 | ---- | C] () -- C:\ProgramData\zjyopzph.wxh

  [2012/05/22 12:49:25 | 000,000,000 | RHSD | M] -- C:\Users\User\AppData\Roaming\9kcqYI

  :files

  ipconfig /flushdns /c

  :Commands

  [emptytemp]

  [clearallrestorepoints]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[peewhy]

All processes killed
========== OTL ==========
Service hekawrfb stopped successfully!
Service hekawrfb deleted successfully!
File System32\drivers\xryega.sys not found.
C:\ProgramData\zjyopzph.wxh moved successfully.
C:\Users\User\AppData\Roaming\9kcqYI folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: User
->Temp folder emptied: 1031300706 bytes
->Temporary Internet Files folder emptied: 2132891 bytes
->Java cache emptied: 1640 bytes
->FireFox cache emptied: 98983707 bytes
->Google Chrome cache emptied: 116055828 bytes
->Flash cache emptied: 219305 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5622060 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,196.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 10012013_224615

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[peewhy]

It crashed a few minutes after rebooting.

[Maniac]

Step 1

Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

  

• Put a checkmark beside loaded modules.

  

• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.

  

• Click the Start Scan button.

  

• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.

  

• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

  

  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
• In your next reply, post the following log files:
  • Malwarebytes' Anti-Rootkit
  • TDSSKiller log

[peewhy]

These are the MBAR files

system-log.txt

mbar-log-2013-10-03 (08-46-54).txt

[peewhy]

The system will not let me post the copy and paste as it is 'too long'

TDSSKiller.3.0.0.11_03.10.2013_12.02.22_log.txt

[Maniac]

Please run this tool:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2013_3341.exe

When you are ready, reboot your system. Let me know.

[peewhy]

Thank you, I'm ready to reboot

[Maniac]

Reboot and let me know how are things then.

[peewhy]

Unfortunately it crashed two minutes after I rebooted but when I run Microsoft Security Essentials it seems to run crash-free for some time.

[Maniac]

As I explain in my first post in this thread:

http://forums.malwarebytes.org/index.php?showtopic=133901&p=734523

Your computer was compromised and looks like is pretty damaged, so I recommend you to re-install your Windows.

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.