Solved Infected PC help

F

Fotchy

Posts: 9   +0
Hi,

My computer is awfully slow at the moment. Processes take forever to complete and browsing on the internet is slow and hangs. I think my pc is infected. Can you please have a look at my logs. Thanks in advance.

Here's my Malwarebytes log.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.18.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shane :: SHANE-PC [administrator]
19/10/2012 6:37:11 AM
mbam-log-2012-10-19 (06-37-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213484
Time elapsed: 2 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Nothing logged for GMER, since it didn't find any modifications

Here is DDS.txt (Attach.txt below)

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Shane at 7:04:12 on 2012-10-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6142.4486 [GMT 10.5:30]
.
AV: Total Defense Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: C:\Windows\System32\VetRedir.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{DCFC9489-EDDE-4FC5-94AD-F3DFBD59BE8B} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: PFW - UmxWnp.Dll
SSODL: WebCheck - <orphaned>
x64-BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll
x64-Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: PFW - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\ucjufafh.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;C:\Windows\System32\drivers\KmxAMRT.sys [2011-10-27 182352]
R0 KmxFw;KmxFw;C:\Windows\System32\drivers\KmxFw.sys [2011-9-6 143824]
R1 KmxAgent;KmxAgent;C:\Windows\System32\drivers\KmxAgent.sys [2011-10-26 113744]
R1 KmxCfg;KmxCfg;C:\Windows\System32\drivers\KmxCfg.sys [2011-9-6 365136]
R1 KmxFile;KmxFile;C:\Windows\System32\drivers\KmxFile.sys [2011-9-6 87120]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\System32\drivers\KmxFilter.sys [2011-9-6 99024]
R2 CAAMSvc;CAAMSvc;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe [2012-6-12 293704]
R2 CAISafe;CAISafe;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe [2012-6-12 312656]
R2 ccSchedulerSVC;CA Common Scheduler Service;C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2012-6-12 287280]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-12 13592]
R2 KmxCF;KmxCF;C:\Windows\System32\drivers\KmxCF.sys [2011-9-6 201936]
R2 KmxSbx;KmxSbx;C:\Windows\System32\drivers\KmxSbx.sys [2011-9-6 81488]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-12 1262400]
R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-12 646248]
R3 WFSONORA;WinFast PxDVR3200 H (XC3028);C:\Windows\System32\drivers\wfsonora.sys [2012-6-12 369280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 oibdev;OpeniBoot Console Connection;C:\Windows\System32\drivers\oibdev.sys [2010-11-18 20576]
S3 SRS_AE_Service;SRS Audio;C:\Windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-6-11 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-11 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-12 250808]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-10 114144]
S4 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2012-3-28 3288400]
.
=============== Created Last 30 ================
.
2012-10-18 20:06:33 -------- d-----w- C:\Users\Shane\AppData\Roaming\Malwarebytes
2012-10-18 20:06:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-18 20:06:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-18 20:01:35 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C76DCC02-9C4B-4723-8528-77DECE8768D1}\mpengine.dll
2012-10-18 20:01:33 9291768 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-10-17 23:49:15 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-17 01:56:08 -------- d-----w- C:\Program Files (x86)\OpeniBoot Tools
2012-10-14 21:18:45 -------- d-----w- C:\Windows\pss
2012-10-12 04:39:38 -------- d-----w- C:\ProgramData\RELOADED
2012-10-12 04:34:10 -------- d-----w- C:\Program Files (x86)\Torchlight II
2012-10-12 04:29:25 -------- d-----w- C:\Users\Shane\AppData\Roaming\PowerISO
2012-10-12 04:28:34 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-10-12 04:28:34 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-10-11 21:26:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 09:05:43 -------- d-----w- C:\ProgramData\Tarma Installer
2012-10-04 22:42:06 -------- d-----w- C:\Users\Shane\AppData\Roaming\redsn0w
2012-10-04 03:28:12 -------- d-----w- C:\Users\Shane\AppData\Roaming\iFunbox_UserCache
2012-10-04 03:28:07 -------- d-----w- C:\Program Files (x86)\I-Funbox DevTeam
2012-10-03 23:19:24 -------- d-----w- C:\Users\Shane\AppData\Local\SKIDROW
2012-10-02 21:55:09 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-10-02 21:54:34 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-28 01:14:55 -------- d-----w- C:\Games
2012-09-24 09:18:44 -------- d-----w- C:\Users\Shane\AppData\Roaming\NVIDIA
.
==================== Find3M ====================
.
2012-10-09 09:50:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 09:50:11 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 13:46:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-30 13:46:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 7:04:45.25 ===============

And Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/06/2012 12:31:51 AM
System Uptime: 19/10/2012 6:30:12 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EX58-UD4P
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 1366 | 2661/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 133.861 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CA Anti-Virus Plus
CCleaner
Codec-TS SDK
De-interlace SDK
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
DivX Setup
DNAMigrator
e-tax 2012
Foxit Reader
iFunbox (v1.99.958.697), iFunbox DevTeam
ImgBurn
Intel(R) Control Center
Intel(R) Rapid Storage Technology
iriver plus 4
iTunes
Jazz Jackrabbit 2
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC90_x64
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.8.15
NVIDIA Update Components
O&O Defrag Professional
PowerISO
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Tixati
Torchlight II (c) Runic Games version 1
Total Defense Internet Security Suite
TT-SB SDK
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
Winamp
WinFast Multimedia Driver Installation
WinFast PVR2
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
19/10/2012 6:27:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
19/10/2012 6:27:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
19/10/2012 6:27:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
19/10/2012 6:24:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
19/10/2012 6:24:05 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
19/10/2012 6:24:03 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
19/10/2012 6:22:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19/10/2012 6:22:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19/10/2012 6:22:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/10/2012 6:22:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/10/2012 6:22:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KmxAgent KmxCfg KmxFile KmxFilter KmxFw SCDEmu spldr Wanarpv6
19/10/2012 5:42:38 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
18/10/2012 5:41:04 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Access is denied.
18/10/2012 5:40:24 AM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.
18/10/2012 5:40:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
15/10/2012 7:59:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
15/10/2012 7:59:49 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/10/2012 7:59:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/10/2012 7:59:38 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
15/10/2012 7:59:38 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
13/10/2012 4:35:23 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Broni,

Thanks for your help. Here is RogueKiller logs.

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shane [Admin rights]
Mode : Scan -- Date : 10/19/2012 11:23:02
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4676 : wscript.exe C:\Users\Shane\AppData\Local\Temp\launchie.vbs //B -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200KS-00PFB0 +++++
--- User ---
[MBR] def747ae83fb1da6d49d865c62113978
[BSP] 65cc776b2f484c2b3d4f64d7c011fa4b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shane [Admin rights]
Mode : Remove -- Date : 10/19/2012 11:24:33
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4676 : wscript.exe C:\Users\Shane\AppData\Local\Temp\launchie.vbs //B -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200KS-00PFB0 +++++
--- User ---
[MBR] def747ae83fb1da6d49d865c62113978
[BSP] 65cc776b2f484c2b3d4f64d7c011fa4b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

And aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-19 11:26:34
-----------------------------
11:26:34.727 OS Version: Windows x64 6.1.7601 Service Pack 1
11:26:34.727 Number of processors: 8 586 0x1A04
11:26:34.727 ComputerName: SHANE-PC UserName: Shane
11:26:36.958 Initialize success
11:28:45.847 AVAST engine defs: 12101802
11:28:59.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
11:28:59.934 Disk 0 Vendor: WDC_WD32 21.0 Size: 305245MB BusType: 3
11:28:59.950 Disk 0 MBR read successfully
11:28:59.950 Disk 0 MBR scan
11:28:59.950 Disk 0 Windows 7 default MBR code
11:28:59.965 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:28:59.981 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
11:29:00.012 Disk 0 scanning C:\Windows\system32\drivers
11:29:10.760 Service scanning
11:29:26.064 Modules scanning
11:29:26.064 Disk 0 trace - called modules:
11:29:26.080 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:29:26.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008f92790]
11:29:26.080 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80075d4050]
11:29:27.499 AVAST engine scan C:\Windows
11:29:29.558 AVAST engine scan C:\Windows\system32
11:31:52.049 AVAST engine scan C:\Windows\system32\drivers
11:32:00.426 AVAST engine scan C:\Users\Shane
11:39:10.940 AVAST engine scan C:\ProgramData
11:39:38.662 Scan finished successfully
11:40:47.406 Disk 0 MBR has been saved successfully to "C:\Users\Shane\Desktop\MBR.dat"
11:40:47.406 The log file has been saved successfully to "C:\Users\Shane\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Broni,

Thanks again for your help, much appreciated. Here is ComboFix log

ComboFix 12-10-18.03 - Shane 19/10/2012 12:39:45.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6142.5066 [GMT 10.5:30]
Running from: c:\users\Shane\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-18 20:06 . 2012-10-19 02:01 -------- d-----w- c:\users\Shane\AppData\Roaming\Malwarebytes
2012-10-18 20:01 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C76DCC02-9C4B-4723-8528-77DECE8768D1}\mpengine.dll
2012-10-17 23:49 . 2012-10-17 23:49 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-17 01:56 . 2012-10-17 01:56 -------- d-----w- c:\program files (x86)\OpeniBoot Tools
2012-10-12 04:39 . 2012-10-12 04:39 -------- d-----w- c:\programdata\RELOADED
2012-10-12 04:34 . 2012-10-12 04:39 -------- d-----w- c:\program files (x86)\Torchlight II
2012-10-12 04:29 . 2012-10-12 04:29 -------- d-----w- c:\users\Shane\AppData\Roaming\PowerISO
2012-10-12 04:28 . 2012-10-12 04:28 -------- d-----w- c:\program files (x86)\PowerISO
2012-10-12 04:28 . 2012-08-24 07:56 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-10-11 21:26 . 2012-08-20 18:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 09:05 . 2012-10-09 10:25 -------- d-----w- c:\programdata\Tarma Installer
2012-10-04 22:42 . 2012-10-05 00:30 -------- d-----w- c:\users\Shane\AppData\Roaming\redsn0w
2012-10-04 03:28 . 2012-10-16 04:48 -------- d-----w- c:\users\Shane\AppData\Roaming\iFunbox_UserCache
2012-10-04 03:28 . 2012-10-16 04:48 -------- d-----w- c:\program files (x86)\I-Funbox DevTeam
2012-10-03 23:19 . 2012-10-03 23:19 -------- d-----w- c:\users\Shane\AppData\Local\SKIDROW
2012-10-02 21:54 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-28 01:14 . 2012-09-28 01:14 -------- d-----w- C:\Games
2012-09-24 09:18 . 2012-09-24 09:18 -------- d-----w- c:\users\Shane\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 21:28 . 2012-06-10 20:17 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 09:50 . 2012-06-11 23:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 09:50 . 2012-06-11 23:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 13:46 . 2012-08-30 13:46 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-08-30 13:46 . 2012-08-30 13:46 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-08-22 18:12 . 2012-09-18 01:21 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-18 01:21 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-18 01:21 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-18 01:21 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-11 21:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-09 10:26 . 2012-08-09 10:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-08-09 10:26 . 2012-08-09 10:26 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-02 17:58 . 2012-09-18 01:21 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-18 01:21 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 oibdev;OpeniBoot Console Connection;c:\windows\system32\Drivers\oibdev.sys [2010-11-17 20576]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys [2012-06-21 549704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-10 1255736]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-17 114144]
R4 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-03-28 3288400]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 WFSONORA;WinFast PxDVR3200 H (XC3028);c:\windows\system32\drivers\wfsonora.sys [2010-03-23 369280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 09:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-03-28 3998032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\ucjufafh.default\
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="88E604EEE51E0AF2B2C03AFE1020C2604D6D66797133EF7EEAD1F33A04B129980DDBCFF54CA98052AF55D0684CF81EE2A5587F10CB07245CC5BFA07DE502EB8065BB9AB476B48D26A8E3A49748E8B4339AE4C3671BD54E1F1C3C2050F7A77D0DA07F230ED510E4EFBA3C6890916741C1F4DCFB452BE0CDC98426715BDF4D0074403F3B2B8EEC10B572D1629F684F5006EFAB05B5F9CC54E40603250AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452BA7FD869164D6794A9C6AECB7A5D1407616F87754973C861DE977F5E4D1BE6221EC6C43BAE8A6050E388309FE265C44712E03D84AFA3BCDAAABE3156A1C6E0E928039406BE2755F81A0D7E301B4FBDE3A4E0A7562FE17B1A3B59D321889940EDB9EA923A43CF6BF0C9743934589ABD681322CAF9BBF1D743C562145DC3710D3268E3ABA9E91B80BD81AEB5C9D6B617788ABD8201BD3D3B3DB4B9EEAE884E667FF93924A7554087A7080D1C99C437B37EED2E7B04104D2033A725B7BE7F567BE26A15158D9B2086BBD2C6E9CBC3500CA950D2379C84549892EE4C1536C5D192AAE98A69B7463A98CC1176ED8DEC60B0EA7D6F8B695DA4C69114BB82C76BAD85EB5B10E087D336EBED23994F91C9E3C3FA712BA30DD3B5E5A4CEE3CD25777A417F567C106136DCC07A9B93850EDAFEFE50DE11FA2E9325BF8710199A85616DC5002710DDAD531C6F8CC4A95EBA12782C2B2A116678BC32B5BB7893DEA6175FA94ECB6907D88507E1099B87F857563A2A0E6D7E099862403C80606F66C6794D178EF89099D31A529692CD3B4CA38254ECBEF590DC438ED65BDFCF2ECEA9DCD749A9166D7A9353581F12C2B61FE6E6F97B4746E2312EBA23AE2487340B968A44124A3ECDE110E617A136124F0F6AC500EF7492F52714D974E7DC7948635B40FBD7E141E15B4680B0D8EF88C18DFAD6E27C5AC4AAB333CCBFC9DC4B98F0C32E8A92A3234146B63CE994F2A52B5DE9C242E14FFACA21CE6E1B2D3AD8B3A2A77922508899E3D6662EAD333A9E8E1A8FABDE786B867F0E2D8843FED1B0903C5CBB96B24C13A714DE590B2F81DBD1AEC123A12B0FEB5A6B195C973E421384533D81E16EEE2CCE5AAABBB0904BFABEDBE1AF93F95A66CCFD619E9D01ED79CE54AACB1FCCB53AFC59DBBFF6755CCA06374F4DE5763562B061D7F5FA6DFC8D8E7C8990122A2744BB158649D711BC51B729EF6AE84A4881BF83D47EFDC1D9AB47DEBEB79D7A90857964C3AD6FA9B9454AEDAD6A16AE039919A4324914CCB469E2E2B81EC9BF016E88F4AF37021966151A18F5A407F39733415A4D595374FE0B2D43E496C5954EA19B44EB24F34E95E0630ABBE27A7DFA0E9E110B2771AEF10DD60E38E2E1A78E764EA79C"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 12:48:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-19 02:18
.
Pre-Run: 141,213,921,280 bytes free
Post-Run: 140,942,426,112 bytes free
.
- - End Of File - - 5BBA21B2D0B433B265A14D7B1A52394F
 
Looks good.

Any current issues?

You can reinstall Total Defense now.

========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni,

Thanks for your support. My pc feels more responsive after scans. Are there any other scans you would recommend running? Before I re-install CA Total Defense, could I ask for your opinion please. I believe CA Total Defense is not up to standard with other security suites in terms of its protection level. Would you recommend changing antivirus suites? Could you recommend any free antivirus? Here is the OTL.txt

OTL logfile created on: 19/10/2012 1:14:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.01 Gb Available Physical Memory | 83.60% Memory free
11.99 Gb Paging File | 10.92 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 131.36 Gb Free Space | 44.08% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/19 13:13:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
PRC - [2012/10/09 19:20:24 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/05/15 21:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/24 16:01:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/09/24 16:01:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/09/24 16:01:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/09/24 16:01:24 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/09/24 16:01:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/09/24 16:01:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/09/24 16:01:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/09/24 16:01:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/09/24 16:01:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/09/24 16:00:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/28 19:04:02 | 003,288,400 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/18 10:19:15 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 20:20:11 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/15 21:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/12/13 05:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/24 18:26:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/06/21 17:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2012/04/25 13:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 17:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 20:00:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/20 10:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 17:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 00:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:37:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/18 02:00:18 | 000,020,576 | ---- | M] (iDroid Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\oibdev.sys -- (oibdev)
DRV:64bit: - [2010/03/23 18:29:40 | 000,369,280 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wfsonora.sys -- (WFSONORA)
DRV:64bit: - [2009/09/24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/09/14 15:30:00 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 13:56:00 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/28 21:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 12:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:40:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/19 11:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 10:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Shane\Desktop
IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 16 D4 18 D6 47 CD 01 [binary data]
IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/18 10:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/10 08:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Extensions
[2012/10/09 20:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\ucjufafh.default\extensions
[2012/08/10 08:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/18 10:19:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/18 10:19:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/18 10:19:14 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/19 12:46:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCFC9489-EDDE-4FC5-94AD-F3DFBD59BE8B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 13:13:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
[2012/10/19 12:48:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/19 12:46:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/19 12:38:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/19 12:38:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/19 12:38:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/19 12:38:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/19 12:38:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/19 12:37:16 | 004,984,103 | R--- | C] (Swearware) -- C:\Users\Shane\Desktop\ComboFix.exe
[2012/10/19 12:28:06 | 011,044,768 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Shane\Desktop\AppRemover.exe
[2012/10/19 11:25:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Shane\Desktop\aswMBR.exe
[2012/10/19 11:22:01 | 000,000,000 | ---D | C] -- C:\Users\Shane\Desktop\RK_Quarantine
[2012/10/19 06:36:33 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Malwarebytes
[2012/10/19 06:35:10 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Shane\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/17 12:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpeniBoot Tools
[2012/10/15 07:48:45 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/12 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Shane\Documents\My Games
[2012/10/12 15:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/10/12 15:04:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Torchlight II
[2012/10/12 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\PowerISO
[2012/10/12 14:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2012/10/12 14:58:34 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2012/10/12 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2012/10/10 09:48:34 | 000,000,000 | ---D | C] -- C:\Users\Shane\Desktop\Music
[2012/10/09 19:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/10/05 09:12:06 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\redsn0w
[2012/10/04 13:58:12 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\iFunbox_UserCache
[2012/10/04 13:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Funbox DevTeam
[2012/10/04 13:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I-Funbox DevTeam
[2012/10/04 09:49:24 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\SKIDROW
[2012/09/28 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/09/28 11:44:55 | 000,000,000 | ---D | C] -- C:\Games
[2012/09/24 19:48:44 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\NVIDIA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 13:13:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Desktop\OTL.exe
[2012/10/19 12:56:51 | 000,023,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 12:56:51 | 000,023,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 12:55:48 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/19 12:55:48 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/19 12:55:48 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/19 12:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 12:51:35 | 2145,697,791 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 12:51:34 | 000,270,734 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/10/19 12:46:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/19 12:37:25 | 004,984,103 | R--- | M] (Swearware) -- C:\Users\Shane\Desktop\ComboFix.exe
[2012/10/19 12:33:31 | 000,282,252 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2012/10/19 12:28:58 | 011,044,768 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Shane\Desktop\AppRemover.exe
[2012/10/19 12:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 11:40:47 | 000,000,512 | ---- | M] () -- C:\Users\Shane\Desktop\MBR.dat
[2012/10/19 11:26:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Shane\Desktop\aswMBR.exe
[2012/10/19 11:20:36 | 001,425,920 | ---- | M] () -- C:\Users\Shane\Desktop\RogueKiller.exe
[2012/10/19 06:42:46 | 000,302,592 | ---- | M] () -- C:\Users\Shane\Desktop\1xf2mgjh.exe
[2012/10/19 06:35:16 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Shane\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/19 06:20:58 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/10/19 06:14:45 | 004,053,911 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k0
[2012/10/19 06:14:45 | 000,000,381 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k0
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k7
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k6
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k5
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k4
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k3
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k2
[2012/10/19 06:14:45 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k1
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k7
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k6
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k5
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k4
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k3
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k2
[2012/10/19 06:14:45 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k1
[2012/10/17 12:28:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_oibdev_01009.Wdf
[2012/10/15 07:59:41 | 000,338,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/03 08:21:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/24 15:47:07 | 000,767,330 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/19 12:38:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/19 12:38:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/19 12:38:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/19 12:38:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/19 12:38:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/19 11:40:47 | 000,000,512 | ---- | C] () -- C:\Users\Shane\Desktop\MBR.dat
[2012/10/19 11:20:36 | 001,425,920 | ---- | C] () -- C:\Users\Shane\Desktop\RogueKiller.exe
[2012/10/19 06:42:46 | 000,302,592 | ---- | C] () -- C:\Users\Shane\Desktop\1xf2mgjh.exe
[2012/10/19 06:20:58 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/10/17 12:28:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_oibdev_01009.Wdf
[2012/10/15 07:59:13 | 000,338,424 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/12 15:06:24 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
[2012/09/18 00:29:40 | 000,767,330 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/20 22:48:57 | 000,005,578 | ---- | C] () -- C:\Users\Shane\AppData\Local\Temp11.html
[2012/08/20 22:44:59 | 000,001,858 | ---- | C] () -- C:\Users\Shane\AppData\Local\Temp1.html
[2012/08/07 08:35:18 | 000,000,144 | ---- | C] () -- C:\Windows\HotFixList.ini
[2012/06/12 13:12:02 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2012/06/12 09:58:26 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\WFEXEC.DLL
[2012/06/12 09:54:35 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/06/12 09:54:34 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT

========== ZeroAccess Check ==========

[2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/12 09:04:57 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Foxit Software
[2012/10/16 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\iFunbox_UserCache
[2012/07/11 10:37:33 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\ImgBurn
[2012/07/23 09:07:52 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Iriver
[2012/10/12 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\PowerISO
[2012/10/05 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\redsn0w
[2012/10/19 11:21:37 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\tixati

========== Purity Check ==========


< End of report >
 
And Extras.txt

OTL Extras logfile created on: 19/10/2012 1:14:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.01 Gb Available Physical Memory | 83.60% Memory free
11.99 Gb Paging File | 10.92 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 131.36 Gb Free Space | 44.08% Space Free | Partition Type: NTFS

Computer Name: SHANE-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032D97FC-AAE1-4F51-9CD9-92E46BFC8611}" = lport=138 | protocol=17 | dir=in | app=system |
"{13231549-9678-43D9-9CFE-1B7CA6A613BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{151EAB4E-19CE-425E-8080-84E65DF565B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{270779AE-1987-4867-8633-6015EDBE0025}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2BD37543-5FD0-4CA6-A7E5-76E9388B62BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{378AA6E9-3460-48EA-A729-30F5A1ED763B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4964E862-8006-4E8A-8761-672ACBCB512C}" = rport=445 | protocol=6 | dir=out | app=system |
"{4CE20922-2A3E-414E-AAE1-DA9D5FBB6F7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5002EE76-51BB-49ED-8373-8A2BAE273CA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6128549A-D163-461C-A7F5-962BE51926D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{64D9CC1E-61D2-46F0-A4E7-1D9B3E68CD5A}" = lport=137 | protocol=17 | dir=in | app=system |
"{67296200-F113-4BA0-8F87-806493A6048A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F1A1B55-337E-42DF-88B0-D07D44EA8DE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{735E31FF-D3D2-4991-B938-69A1149CDEA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{75C70845-7E37-4397-958F-9266E310CC84}" = rport=138 | protocol=17 | dir=out | app=system |
"{901D28E8-C0FE-4A26-8539-CB2FECD3D12E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99675511-A32E-4FAD-AACC-7E31EC74D943}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C6D7D70-325E-4050-AEFB-197A0048C69B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CABF7572-DBAB-4F82-84C6-4FE62C2953F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DED3FE30-13C1-4438-BF46-B2F9C51A1B00}" = lport=139 | protocol=6 | dir=in | app=system |
"{E97C1512-DEA0-4B16-AE74-7069F3D002C0}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9DD5224-83DF-4661-9ACB-27EB0DC1368F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0A500F7-483B-4D5E-9C6E-A1B3F42302FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1811080-5D1E-45F8-8518-D6B2C2C1DE40}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0764C6BF-034D-4D64-8287-FA3B9F1FBE15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CADF844-B4FA-49A8-984D-2CE855DC4962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{171C2B7A-AE99-46DA-860D-0DAF4F203864}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2992B8F2-7297-4356-8FFA-9CD87B885FFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{35306D8F-50BD-48FF-8E0B-C82476FEEFEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\nbirv4svr.exe |
"{3CC417F1-5BAA-4F01-9640-C2DFE79C4E8D}" = protocol=17 | dir=in | app=c:\windows\syswow64\nbirv4svr.exe |
"{3CF36F0B-2B2E-463B-B30B-0E71DDB6FBD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E97185A-B673-4802-A408-FC5992221613}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3EB44FC9-E1CC-4689-A9D1-CD158395E9D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F838D37-887A-45FB-B722-FBAFB70B81B3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{481417BF-E97B-48F3-8809-6AA3E40BE7B7}" = protocol=17 | dir=in | app=c:\program files\ca\ca internet security suite\casc.exe |
"{66932327-0FEC-4F99-B264-8F40B7B21CFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7837FA40-B655-4EC1-8897-38C733981E00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BC18E06-9783-4015-8C2B-131043453B88}" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
"{7DF58A8F-5E76-4927-897B-8D768AF78D8A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93C1B2B6-C29E-48A3-8ADE-4B01DEDA5A80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9ECCAD45-7044-4F03-AD8D-036F5503574D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9FFA5A99-F841-4F01-BB2C-3BFF37CE67C8}" = protocol=6 | dir=in | app=c:\program files\ca\ca internet security suite\casc.exe |
"{B61FE523-3E58-4971-B981-1DA9BB712C02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9A67979-AD7B-4316-9471-273D1C880736}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB2ABE5D-73BB-4106-BE17-598D3E9C521C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2A24977-2274-43F5-BEFA-6A5757A78606}" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
"{C3163150-2F3E-4C43-A7F6-7DE0A2EA3AEC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC6C2D94-B5B0-42C5-9E98-8EF8B5783685}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CFD51094-1321-48BF-99C2-FC4FFAD8534B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D046F830-7F5A-42DD-96B0-ABB61751F4B2}" = protocol=6 | dir=out | app=system |
"{D06A72C5-4835-4EB7-8E9D-5806AA874397}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7F1FECE-3D11-4D69-BC29-40983C296456}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DCB165FF-5F1F-4E90-AE0D-3E45CCBD227B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F00BB9DC-907F-44C1-A6E4-9535DBB45F33}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F0D37915-84F1-40AA-AF6A-F05A611C9020}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD472022-EBD3-459D-B925-0451507E4D22}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FF82E358-FA0F-40CB-9BD3-8BF4B46DBB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{64166F72-F656-43D8-A6A2-173452C03C7D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{A9B832BB-0EFA-4C62-B9CA-A47AA1401730}C:\program files\winfast\wfdtv\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\winfast\wfdtv\liveupdate\liveupdate.exe |
"UDP Query User{3DF07F81-7559-4F28-9E34-E899054F2AF7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{86D1AFC9-1755-4972-92A0-1F897DD1BAD8}C:\program files\winfast\wfdtv\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\winfast\wfdtv\liveupdate\liveupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}" = Codec-TS SDK
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}" = WinFast Multimedia Driver Installation
"{5E7F8D38-6FFF-424E-B68B-354ACA64B91C}" = iriver plus 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A0E0340-C3D7-42D1-96D4-64179FD456AE}" = De-interlace SDK
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9848E2-5F19-4E49-9E6E-044FBDC28404}" = TT-SB SDK
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Foxit Reader_is1" = Foxit Reader
"iFunbox_is1" = iFunbox (v1.99.958.697), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{5E7F8D38-6FFF-424E-B68B-354ACA64B91C}" = iriver plus 4
"Jazz Jackrabbit 2" = Jazz Jackrabbit 2
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"tixati" = Tixati
"Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3320350283-3089774432-1552666470-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2012 5:29:37 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 14/10/2012 5:29:37 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 14/10/2012 5:29:37 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 14/10/2012 5:29:37 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 14/10/2012 5:29:38 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 14/10/2012 5:29:38 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 14/10/2012 5:29:38 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 14/10/2012 5:29:38 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 14/10/2012 5:29:38 PM | Computer Name = Shane-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 16/10/2012 12:47:31 AM | Computer Name = Shane-PC | Source = Application Hang | ID = 1002
Description = The program iFunBox.exe version 1.99.958.697 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2db0 Start
Time: 01cdab58e8c98d87 Termination Time: 7 Application Path: C:\Program Files (x86)\I-Funbox
DevTeam\iFunBox.exe Report Id: 967b7b46-174c-11e2-8c28-00241d155da5

[ System Events ]
Error - 18/10/2012 3:54:05 PM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 18/10/2012 3:54:05 PM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 18/10/2012 3:54:05 PM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 18/10/2012 3:54:34 PM | Computer Name = Shane-PC | Source = DCOM | ID = 10005
Description =

Error - 18/10/2012 3:57:02 PM | Computer Name = Shane-PC | Source = DCOM | ID = 10005
Description =

Error - 18/10/2012 3:57:11 PM | Computer Name = Shane-PC | Source = DCOM | ID = 10005
Description =

Error - 18/10/2012 3:57:11 PM | Computer Name = Shane-PC | Source = DCOM | ID = 10005
Description =

Error - 18/10/2012 10:12:35 PM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 18/10/2012 10:14:06 PM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 18/10/2012 10:14:12 PM | Computer Name = Shane-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
There is no perfect security program.
It's always about your computing habits.
You need to reinstall it as soon as possible.
You can't be using your computer unprotected.

==================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1001\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O4 - HKU\S-1-5-21-3320350283-3089774432-1552666470-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 16:13:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 15:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==========================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni,

Sorry about the delay in responding to your post. When I spoke to CA Total Defense, in order to re-install my security suite, they had to perform a scan on my computer for threats. Their scan showed 20 threats (tracking cookies) on my pc and told me the threats had to be removed (for a additional fee) before the product could be installed. I refused and told them to install the security suite anyway, however installation failed. Long story short, I installed AVG Free 2013 instead. What program would you recommend to remove these tracking cookies please?

Here are the logs....

OTL

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3320350283-3089774432-1552666470-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3320350283-3089774432-1552666470-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shane
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 264957612 bytes
->FireFox cache emptied: 113076150 bytes
->Flash cache emptied: 5740 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shane

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Shane
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10192012_140837
Files\Folders moved on Reboot...
C:\Users\Shane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Broni,

Here is Security Check log

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.4.402.287
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````
And Farbar Service Scanner log

Farbar Service Scanner Version: 07-10-2012
Ran by Shane (administrator) on 19-10-2012 at 15:22:57
Running from "C:\Users\Shane\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-12 07:56] - [2012-06-02 16:11] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

And adwcleaner

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 15:30:23
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shane - SHANE-PC
# Boot Mode : Normal
# Running from : C:\Users\Shane\Desktop\adwcleaner (2).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Shane\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Shane\AppData\LocalLow\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\ucjufafh.default\prefs.js
C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\ucjufafh.default\user.js ... Deleted !
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [5701 octets] - [19/10/2012 15:30:23]
########## EOF - C:\AdwCleaner[S1].txt - [5761 octets] ##########
 
Broni,

Here is OTL log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3320350283-3089774432-1552666470-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-3320350283-3089774432-1552666470-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shane
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 264957612 bytes
->FireFox cache emptied: 113076150 bytes
->Flash cache emptied: 5740 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 361.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Shane

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Shane
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10192012_140837
Files\Folders moved on Reboot...
C:\Users\Shane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Eset didn't find any threats and therefore didn't produce a log. CA Total Defense detected 20 adaware tracking cookies and security suite failed to install, as a result. Can you recommend a program to remove these threats? Is my computer now safe and clean of all threats? Thanks for all your help, much appreciated.
 
When I spoke to CA Total Defense, in order to re-install my security suite, they had to perform a scan on my computer for threats. Their scan showed 20 threats (tracking cookies) on my pc and told me the threats had to be removed (for a additional fee) before the product could be installed.
Click to expand...
This is one of the most bizarre things I've ever heard in my life.
You did good by dumping them.
I don't think they'll be getting too many happy customers with that kind of behavior.

Tracking cookies are not considered as security threats and most scanners don't even bother with them, neither do I so simply do nothing about it.

====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
Broni,

Thank you for all your support and for helping me find and remove all threats from my pc. Your instructions and advice are clear and precise, you are a well respected team member. My pc is running smoother now and I can be assured I am free from virus / spyware infections.

Cheers,
Shane
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back