TechSpot

Mbam log posting more than 1,000 infected files please assist me!

Solved
By BillAllen55
Mar 8, 2014
  1. Can someone take a look at this mbam and advise? This log shows more than 6000 virus infections listed. Help greatly appreciated.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    I only see 81 items so I'm not sure about 6000.

    Then you've been to this forum before so you should know exactly what to do...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    I'm sending a zipped folder such that you are able to see the mbam results. The DDS scan is part of this folder.
     

    Attached Files:

  4. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    I'm sending you a snipet of the results of my mbam scan. Is there another way to go about removing the listed files short of clicking more than 6000 times to remove each file?
    upload_2014-3-9_8-46-49.png
     
  5. Broni

    Broni Malware Annihilator Posts: 47,022   +255

  6. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/12/2011 6:36:07 AM
    System Uptime: 3/9/2014 8:17:36 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0FT292
    Processor: Genuine Intel(R) CPU T2600 @ 2.16GHz | Microprocessor | 2167/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 30.399 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&13FD3FCA&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&13FD3FCA&0
    Service: i8042prt
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Sftfs
    Device ID: ROOT\LEGACY_SFTFS\0000
    Manufacturer:
    Name: Sftfs
    PNP Device ID: ROOT\LEGACY_SFTFS\0000
    Service: Sftfs
    .
    ==== System Restore Points ===================
    .
    RP964: 3/8/2014 11:22:13 AM - Installed MozyHome
    RP965: 3/8/2014 11:31:09 AM - Removed MozyHome
    RP966: 3/8/2014 4:59:06 PM - 03-08-2014
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 13 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Reader XI (11.0.06)
    Adobe Shockwave Player 12.0
    Adobe SVG Viewer 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics DiskDefrag
    avast! Free Antivirus
    Bonjour
    Broadcom Advanced Control Suite
    Broadcom Gigabit Integrated Controller
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    Broadcom TPM Driver Installer
    CCleaner
    Compatibility Pack for the 2007 Office system
    Dell System Detect
    Digital Line Detect
    FileHippo.com Update Checker
    Google Apps
    Google Chrome
    Google Drive
    Google Update Helper
    Google+ Auto Backup
    HiJackThis
    iCloud
    IHA_MessageCenter
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    IObit Uninstaller
    iTunes
    Kits Configuration Installer
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft DirectX SDK (June 2010)
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MotoHelper MergeModules
    Mozilla Firefox 28.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    NetBeans IDE 7.3.1
    NVIDIA Drivers
    Online Games Manager v1.21
    OZ776 SCR Driver V1.1.4.202
    Picasa 3
    Picasa Uploader
    QuickSet
    QuickTime 7
    Rich Media Player
    Royal Jigsaw
    Safari
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
    SigmaTel Audio
    SlimCleaner
    SlimComputer
    SlimDrivers
    Smart Defrag 3
    SUPERAntiSpyware
    Surfing Protection
    swMSM
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vista Profile Pack
    Vz In-Home Agent
    Windows Driver Kit
    Windows Driver Package - Intel (NETwNs32) net (07/14/2010 13.3.0.24)
    Windows Installer Clean Up
    Windows Media Center Add-in for Flash
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2014 8:22:16 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    3/9/2014 8:22:16 AM, Error: Service Control Manager [7001] - The Application Virtualization Client service depends on the Sftfs service which failed to start because of the following error: A device attached to the system is not functioning.
    3/9/2014 8:22:16 AM, Error: Service Control Manager [7000] - The Sftfs service failed to start due to the following error: A device attached to the system is not functioning.
    3/9/2014 8:20:28 AM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
    3/9/2014 8:20:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Internal Network Card Power Management service to connect.
    3/9/2014 8:19:18 AM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    3/9/2014 8:19:18 AM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    3/9/2014 8:19:18 AM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    3/9/2014 8:17:41 AM, Error: volmgr [46] - Crash dump initialization failed!
    3/8/2014 7:39:59 PM, Error: Service Control Manager [7034] - The Dell Internal Network Card Power Management service terminated unexpectedly. It has done this 1 time(s).
    3/8/2014 5:31:36 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    3/8/2014 5:24:23 PM, Error: Service Control Manager [7034] - The pcregservice Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2014 5:24:23 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    3/8/2014 4:54:47 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'O2 O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The handle is invalid. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
    3/8/2014 4:18:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    3/8/2014 4:18:16 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/8/2014 4:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
    3/8/2014 4:17:43 PM, Error: Service Control Manager [7000] - The IHA_MessageCenter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/3/2014 8:27:41 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    .
    ==== End Of File ===========================


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.16518
    Run by Owner at 8:23:42 on 2014-03-09
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.406 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Windows\system32\crypserv.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_154.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_154.exe
    C:\Program Files\Online Games Manager\ogmservice.exe
    C:\Program Files\pcreg\pcreg.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\System32\snmp.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
    uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
    uPolicies-Explorer: NoDriveAutoRun- = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-System: NoScrSavPage = dword:0
    uPolicies-System: NoDispApprearancePage = dword:0
    mPolicies-Explorer: NoDriveAutoRun- = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 216.228.160.4 216.228.160.3
    TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A} : DHCPNameServer = 198.224.166.135 198.224.167.135
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9} : DHCPNameServer = 216.228.160.4 216.228.160.3
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737 : DHCPNameServer = 172.16.44.186 172.16.44.185
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6 : DHCPNameServer = 216.228.160.7 216.228.160.8 216.228.160.5
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\m68v3rw9.default-1391359149158\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1209149.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_154.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-10 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-10 180248]
    R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2012-8-9 102728]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-10 775952]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-10 410784]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-9 37664]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-10 67824]
    R2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [2014-2-1 18224]
    R2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [2014-2-1 18224]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-10 64168]
    R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2011-12-17 13824]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2012-9-4 384824]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-9-3 115008]
    .
    =============== Created Last 30 ================
    .
    2014-03-09 15:21:34 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2014-03-09 01:38:52 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-03-09 01:23:29 -------- d-----w- C:\ComboFix
    2014-03-09 01:00:00 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-09 00:15:48 -------- d-----w- c:\users\owner\appdata\local\temp
    2014-03-05 11:38:58 4550656 ----a-w- c:\windows\system32\GPhotos.scr
    2014-03-01 18:42:20 -------- d-----w- c:\program files\Online Games Manager
    2014-03-01 18:41:55 -------- d-----w- c:\programdata\Trymedia
    2014-03-01 18:41:24 -------- d-----w- C:\GameHouse Games
    2014-03-01 18:19:20 -------- d-----w- c:\program files\Jigsaw Mania demo
    2014-03-01 17:59:10 -------- d-----w- c:\program files\iPod
    2014-03-01 17:59:08 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-03-01 17:59:08 -------- d-----w- c:\program files\iTunes
    2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2014-03-01 17:54:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2014-02-16 21:29:17 -------- d-----w- c:\users\owner\appdata\local\Downloaded Installations
    2014-02-15 18:33:32 -------- d-----w- c:\program files\GUMFD33.tmp
    2014-02-15 16:56:19 454656 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-15 16:54:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-15 16:54:13 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-15 16:53:36 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2014-02-15 16:53:36 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-02-10 18:18:52 102400 ----a-w- c:\windows\system32\stacsv.exe
    2014-02-10 18:18:51 4947968 ----a-w- c:\windows\system32\stacgui.cpl
    2014-02-10 18:18:51 1601536 ----a-w- c:\windows\system32\stlang.dll
    2014-02-10 17:58:01 -------- d-----w- C:\Dell Management Packs
    2014-02-10 17:49:16 595456 ----a-w- c:\windows\system32\stapo.dll
    2014-02-10 17:49:16 328704 ----a-w- c:\windows\system32\stcplx.dll
    2014-02-10 17:49:16 299520 ----a-w- c:\windows\system32\stapi32.dll
    2014-02-10 17:37:47 -------- d-----w- c:\users\owner\appdata\local\Deployment
    2014-02-10 17:37:47 -------- d-----w- c:\users\owner\appdata\local\Apps
    2014-02-08 22:19:28 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2014-02-08 22:18:57 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2014-02-08 22:18:25 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
    2014-02-08 22:18:13 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2014-02-08 22:06:50 -------- d-----w- c:\users\owner\appdata\roaming\ProductData
    2014-02-08 22:05:41 -------- d-----w- c:\programdata\IObit
    2014-02-08 22:05:38 -------- d-----w- c:\programdata\ProductData
    2014-02-08 19:51:20 -------- d-----w- c:\windows\system32\Wat
    .
    ==================== Find3M ====================
    .
    2014-03-08 19:36:46 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-03-08 19:36:46 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
    2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
    2014-02-01 16:17:03 18224 ----a-w- c:\windows\system32\drivers\mi2c.sys
    2014-02-01 16:14:27 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
    2014-01-26 19:27:08 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-26 19:27:08 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-01-26 19:27:08 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-01-26 19:27:07 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-18 00:24:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2014-01-18 00:24:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2014-01-10 11:32:12 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-01-10 11:32:12 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-01-10 11:32:12 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-18 14:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
    2013-12-13 18:35:56 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2013-12-13 18:35:51 2755072 ----a-w- c:\windows\system32\themeui.dll
    2013-12-13 18:35:45 37376 ----a-w- c:\windows\system32\themeservice.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: SAMSUNG_HM080HI rev.AB100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x8303C000]<< >>UNKNOWN [0x895B0000]<< >>UNKNOWN [0x8959F000]<< >>UNKNOWN [0x88EA3000]<< >>UNKNOWN [0x83005000]<< >>UNKNOWN [0x890E9000]<< >>UNKNOWN [0x88FF3000]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x83072BBA] -> \Device\Harddisk0\DR0[0x86061720]
    \Driver\Disk[0x86060D00] -> IRP_MJ_CREATE -> 0x895B439F
    3 [0x895B459E] -> ntkrnlpa!IofCallDriver[0x83072BBA] -> [0x85B89938]
    \Driver\ACPI[0x85231030] -> IRP_MJ_CREATE -> 0x88EAC4CC
    5 [0x88EAC3D4] -> ntkrnlpa!IofCallDriver[0x83072BBA] -> \Device\Ide\IdeDeviceP0T0L0-0[0x852A8610]
    \Driver\atapi[0x85B7D658] -> IRP_MJ_CREATE -> 0x891038CE
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 8:28:39.16 ===============

    mbam log to follow
     
  7. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    Latest mbam log:
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.09.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16518
    Owner :: OWNER-PC [limited]

    3/9/2014 9:08:55 AM
    mbam-log-2014-03-09 (09-08-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214770
    Time elapsed: 15 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  8. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    The TDDS file was too large to paste into this reply, I hope it's not a problem for me to upload the file.
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    I'll accept it this time but in the future please paste all logs.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  11. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    Mr Broni,
    This is always been exceptional support whenever I have issues with infections on my systems. While I'm waiting for the rouge killer to finish with it's scan I want to ask you if I want to dive into attempting to restore my device back to a useable state moving forward, am I able to follow the directions as you have earlier dictated them to me?

    Or is this the type of thing that based on one group of text logs gives the adviser direction in what should happen next?

    I'm asking such that I would not have to pester you guys in future should this type of event occur again.

    I know there are preliminary scans that are ask for but what about the specifics that you provide can these actions be done without supervision?
     
     
  12. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 03/09/2014 10:34:09
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    [Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x65EE1FD9)

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM080HI ATA Device +++++
    --- User ---
    [MBR] 0c73aefa2c61e73e8d63966c70cbbc91
    [BSP] b885cf893c28e2877b56a18dfe1cd75d : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_03092014_103409.txt >>
    RKreport[0]_D_03082014_165734.txt;RKreport[0]_S_03082014_165710.txt;RKreport[0]_S_03092014_102924.txt
     
  13. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    MBAR reported after scan there were not signs of malware to clean.
     
  14. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    ComboFix 14-03-05.01 - Owner 03/09/2014 11:03:24.27.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2038.860 [GMT -7:00]
    Running from: c:\users\Owner\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-09 to 2014-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-09 18:15 . 2014-03-09 18:15 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-03-09 18:15 . 2014-03-09 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-09 17:37 . 2014-03-09 17:37 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-03-09 16:56 . 2014-03-09 16:56 -------- d-----w- c:\program files\RealArcade
    2014-03-09 16:46 . 2014-03-09 16:51 -------- d-----w- c:\programdata\Trymedia
    2014-03-09 01:00 . 2014-03-09 17:37 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-09 00:15 . 2014-03-09 18:18 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2014-03-05 11:38 . 2014-03-05 11:38 4550656 ----a-w- c:\windows\system32\GPhotos.scr
    2014-03-01 18:42 . 2014-03-01 18:42 -------- d-----w- c:\program files\Online Games Manager
    2014-03-01 18:41 . 2014-03-09 16:56 -------- d-----w- C:\GameHouse Games
    2014-03-01 18:19 . 2014-03-01 18:37 -------- d-----w- c:\program files\Jigsaw Mania demo
    2014-03-01 17:59 . 2014-03-01 17:59 -------- d-----w- c:\program files\iPod
    2014-03-01 17:59 . 2014-03-01 17:59 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2014-03-01 17:59 . 2014-03-01 17:59 -------- d-----w- c:\program files\iTunes
    2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-03-01 17:54 . 2014-03-01 17:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2014-03-01 17:54 . 2014-03-01 17:54 -------- d-----w- c:\program files\QuickTime
    2014-02-16 21:29 . 2014-02-16 21:29 -------- d-----w- c:\users\Owner\AppData\Local\Downloaded Installations
    2014-02-15 18:33 . 2014-02-15 18:34 -------- d-----w- c:\program files\GUMFD33.tmp
    2014-02-15 16:56 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-15 16:54 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-15 16:54 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-15 16:53 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-02-15 16:53 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2014-02-10 18:18 . 2007-09-13 22:45 102400 ----a-w- c:\windows\system32\stacsv.exe
    2014-02-10 18:18 . 2007-09-13 22:45 4947968 ----a-w- c:\windows\system32\stacgui.cpl
    2014-02-10 18:18 . 2007-04-11 01:02 1601536 ----a-w- c:\windows\system32\stlang.dll
    2014-02-10 17:58 . 2014-02-10 17:58 -------- d-----w- C:\Dell Management Packs
    2014-02-10 17:49 . 2007-09-13 22:45 328704 ----a-w- c:\windows\system32\stcplx.dll
    2014-02-10 17:49 . 2007-09-13 22:45 595456 ----a-w- c:\windows\system32\stapo.dll
    2014-02-10 17:49 . 2007-09-13 22:44 299520 ----a-w- c:\windows\system32\stapi32.dll
    2014-02-10 17:37 . 2014-03-08 23:32 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
    2014-02-10 17:37 . 2014-02-10 17:37 -------- d-----w- c:\users\Owner\AppData\Local\Apps
    2014-02-08 22:19 . 2014-02-08 22:19 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    2014-02-08 22:18 . 2013-11-20 00:52 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
    2014-02-08 22:18 . 2014-01-08 23:54 103424 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
    2014-02-08 22:18 . 2013-12-24 18:40 18624 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
    2014-02-08 22:06 . 2014-02-08 22:06 -------- d-----w- c:\users\Owner\AppData\Roaming\ProductData
    2014-02-08 22:05 . 2014-02-08 22:22 -------- d-----w- c:\programdata\IObit
    2014-02-08 22:05 . 2014-03-09 15:20 -------- d-----w- c:\programdata\ProductData
    2014-02-08 19:51 . 2014-02-08 19:51 -------- d-----w- c:\windows\system32\Wat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-08 19:36 . 2013-12-07 17:22 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-03-08 19:36 . 2012-03-02 17:33 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-02-01 16:17 . 2014-02-01 16:17 18224 ----a-w- c:\windows\system32\drivers\mi2c.sys
    2014-02-01 16:14 . 2014-02-01 16:14 18224 ----a-w- c:\windows\system32\drivers\ei2c.sys
    2014-01-26 19:27 . 2014-01-10 11:32 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-01-26 19:27 . 2014-01-10 11:32 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-01-26 19:27 . 2014-01-10 11:32 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-01-26 19:27 . 2014-01-10 11:32 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-01-26 19:27 . 2014-01-10 11:32 270240 ----a-w- c:\windows\system32\aswBoot.exe
    2014-01-26 19:27 . 2014-01-10 11:32 43152 ----a-w- c:\windows\avastSS.scr
    2014-01-18 00:24 . 2014-01-18 00:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2014-01-18 00:24 . 2014-01-18 00:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2014-01-10 11:32 . 2014-01-10 11:32 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-01-10 11:32 . 2014-01-10 11:32 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-01-10 11:32 . 2014-01-10 11:32 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-18 14:13 . 2011-03-12 14:58 231584 ------w- c:\windows\system32\MpSigStub.exe
    2013-12-13 18:35 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2013-12-13 18:35 . 2011-04-30 17:17 2755072 ----a-w- c:\windows\system32\themeui.dll
    2013-12-13 18:35 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
    2014-02-08 22:05 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-01-26 19:27 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-01-30 23:05 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
    "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoScrSavPage"= 0 (0x0)
    "NoDispApprearancePage"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
    backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
    backup=c:\windows\pss\CNET TechTracker.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
    backup=c:\windows\pss\Facebook Messenger.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSystemDetect]
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-09-24 03:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleIEDAV]
    2013-11-15 20:01 1326408 ----a-w- c:\program files\Common Files\Apple\Internet Services\AppleIEDAV.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
    2013-11-20 23:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2014-02-13 04:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\com.apple.dav.bookmarks.daemon]
    c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
    2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup]
    2014-01-06 18:59 3619096 ----a-w- c:\users\Owner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HowToSimplified Search Scope Monitor]
    c:\progra~1\HOWTOS~2\bar\1.bin\8esrchmn.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
    2013-11-20 23:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    c:\program files\Microsoft Security Client\msseces.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2014-01-18 00:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-09-13 22:44 405504 ----a-w- c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
    c:\users\Owner\AppData\Roaming\Spotify\Spotify.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
    c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2014-01-06 21:37 5625624 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
    c:\program files\AVG SafeGuard toolbar\vprot.exe [BU]
    .
    R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-02-08 822624]
    R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-02-08 2151744]
    R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
    R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [2012-09-03 115008]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2012-08-23 24416]
    R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfswin7.sys [2011-10-01 581480]
    R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirwin7.sys [2011-10-01 21864]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-26 94208]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-02-08 1343400]
    R4 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-08 127488]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF32.sys [2010-11-04 102728]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-26 775952]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-26 410784]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-16 37664]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-26 67824]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2012-08-03 154624]
    S2 ei2c;ei2c;c:\windows\system32\drivers\ei2c.sys [2014-02-01 18224]
    S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2013-09-14 350792]
    S2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [2014-02-01 18224]
    S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2013-08-08 559552]
    S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe [2013-12-05 25600]
    S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-26 64168]
    S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2006-11-07 13824]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
    S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaywin7.sys [2011-10-01 194408]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvolwin7.sys [2011-10-01 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-05 19:34 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-08 14:50]
    .
    2014-01-26 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-10 19:27]
    .
    2014-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2a7c71846576.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 14:43]
    .
    2014-02-01 c:\windows\Tasks\SlimCleaner Run.job
    - c:\program files\SlimCleaner\SlimCleaner.exe [2013-07-10 16:53]
    .
    2014-02-16 c:\windows\Tasks\SlimComputer Run.job
    - c:\program files\SlimComputer\SlimComputer.exe [2013-07-10 17:19]
    .
    2014-03-08 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
    - c:\program files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-08 22:05]
    .
    2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{A73C834D-636D-46F7-A165-BE4EE7F25BAD}.job
    - c:\windows\system32\msfeedssync.exe [2013-11-16 18:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uStart Page = https://www.google.com/
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 216.228.160.4 216.228.160.3
    TCP: Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: DhcpNameServer = 198.224.166.135 198.224.167.135
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\3616D6075737F577962756C6563737: NameServer = 8.8.8.8,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\4656661657C647: NameServer = 205.171.3.25,216.228.160.7
    TCP: Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}\F40756E60234F6D6D657E696479702E4564777F627B6: NameServer = 8.8.8.8,216.228.160.7
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
    "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
    dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    "{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,c0,aa,
    31,75,5c,5e,35,aa,62,82,42,b5,d5,f4,71
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:6a,97,1c,dc,64,07,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e6,21,91,1f,54,0e,52,44,a9,c7,62,\
    .
    [HKEY_USERS\LocalService\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    @DACL=(02 0000)
    "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
    .
    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    @DACL=(02 0000)
    "ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_154_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_154_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\crypserv.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\System32\snmp.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Dell\QuickSet\NicConfigSvc.exe
    c:\windows\System32\WUDFHost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2014-03-09 11:22:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-09 18:22
    ComboFix2.txt 2014-03-09 01:44
    ComboFix3.txt 2014-03-09 00:23
    .
    Pre-Run: 32,517,402,624 bytes free
    Post-Run: 32,728,715,264 bytes free
    .
    - - End Of File - - A814B9E32858A1F381252314080153D4
    A36C5E4F47E84449FF07ED3517B43A31
     
  15. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.09.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16518
    Owner :: OWNER-PC [administrator]

    3/9/2014 11:26:27 AM
    mbam-log-2014-03-09 (11-26-27).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 361410
    Time elapsed: 1 hour(s), 42 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  16. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    I'm not sure what your question is.

    Re-read my rules:
    Like Combofix....

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    # AdwCleaner v3.020 - Report created 09/03/2014 at 14:44:58
    # Updated 27/02/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
    # Username : Owner - OWNER-PC
    # Running from : C:\Users\Owner\Downloads\adwcleaner(4).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\Software\Trymedia Systems

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v28.0 (en-US)

    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\prefs.js ]


    [ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\prefs.js ]


    -\\ Google Chrome v33.0.1750.146

    [ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [29221 octets] - [24/11/2013 10:05:18]
    AdwCleaner[R1].txt - [1154 octets] - [28/11/2013 12:20:27]
    AdwCleaner[R2].txt - [6004 octets] - [07/12/2013 14:52:35]
    AdwCleaner[R3].txt - [7854 octets] - [09/03/2014 08:58:23]
    AdwCleaner[R4].txt - [1551 octets] - [09/03/2014 14:42:01]
    AdwCleaner[S0].txt - [28083 octets] - [24/11/2013 10:07:31]
    AdwCleaner[S1].txt - [1218 octets] - [28/11/2013 12:22:50]
    AdwCleaner[S2].txt - [6087 octets] - [07/12/2013 14:53:26]
    AdwCleaner[S3].txt - [5541 octets] - [09/03/2014 08:59:26]
    AdwCleaner[S4].txt - [1474 octets] - [09/03/2014 14:44:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1534 octets] ##########
     
  18. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Ultimate x86
    Ran by Owner on Sun 03/09/2014 at 14:50:49.14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 03/09/2014 at 14:54:21.57
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    OTL logfile created on: 3/9/2014 2:56:49 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16518)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
    1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.53% Memory free
    1.99 Gb Paging File | 0.84 Gb Available in Paging File | 42.03% Paging File free
    Paging file location(s): [binary data]
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.43 Gb Total Space | 30.51 Gb Free Space | 40.99% Space Free | Partition Type: NTFS
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
    ========== Processes (SafeList) ==========
    PRC - [2014/03/09 09:32:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(2).exe
    PRC - [2014/03/08 12:36:46 | 001,863,344 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_154.exe
    PRC - [2014/03/08 12:12:12 | 000,277,616 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2014/01/26 12:27:02 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/01/26 12:27:02 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/12/04 17:53:42 | 000,025,600 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
    PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    PRC - [2013/08/08 07:18:38 | 000,559,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Online Games Manager\ogmservice.exe
    PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] () -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/08/02 18:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    PRC - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
    PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    PRC - [2007/07/20 19:11:12 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    ========== Modules (No Company Name) ==========
    MOD - [2014/03/08 12:36:46 | 016,337,584 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_154.dll
    MOD - [2014/03/08 12:12:11 | 003,641,968 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/01/10 04:32:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
    ========== Services (SafeList) ==========
    SRV - [2014/03/08 12:12:12 | 000,119,408 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/02/22 07:50:11 | 000,257,920 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/02/08 15:05:32 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
    SRV - [2014/02/08 12:51:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2014/02/06 02:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2014/01/26 12:27:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/12/04 17:53:42 | 000,025,600 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
    SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
    SRV - [2013/08/08 07:18:38 | 000,559,552 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files\Online Games Manager\ogmservice.exe -- (ogmservice)
    SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/08/02 18:30:44 | 000,154,624 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
    SRV - [2012/07/25 19:04:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
    SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
    SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/07/20 19:11:12 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
    SRV - [2006/11/07 18:26:52 | 000,127,488 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe -- (BthFilterHelper)
    ========== Driver Services (SafeList) ==========
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
    DRV - [2014/02/01 09:17:03 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mi2c.sys -- (mi2c)
    DRV - [2014/02/01 09:14:27 | 000,018,224 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ei2c.sys -- (ei2c)
    DRV - [2014/01/26 12:27:08 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/01/26 12:27:08 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/01/26 12:27:08 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/01/26 12:27:08 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
    DRV - [2014/01/10 04:32:12 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/01/10 04:32:12 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/01/10 04:32:12 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/12/24 11:40:32 | 000,018,624 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2013/11/16 10:37:01 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013/03/25 14:41:44 | 000,065,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2012/09/03 16:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)
    DRV - [2012/08/23 15:56:08 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
    DRV - [2012/06/06 10:50:54 | 000,113,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
    DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2011/10/01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvolwin7.sys -- (Sftvol)
    DRV - [2011/10/01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirwin7.sys -- (Sftredir)
    DRV - [2011/10/01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaywin7.sys -- (Sftplay)
    DRV - [2011/10/01 01:30:36 | 000,581,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfswin7.sys -- (Sftfs)
    DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 03:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 03:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/11/04 15:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\MxEFUF32.sys -- (MxEFUF)
    DRV - [2010/10/07 05:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
    DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
    DRV - [2009/05/28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
    DRV - [2008/03/17 09:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
    DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/01/16 10:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC)
    DRV - [2006/11/06 23:13:36 | 000,013,824 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthFilt.sys -- (BTHFILT)
    ========== Standard Registry (SafeList) ==========
    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    ========== FireFox ==========
    FF - prefs.js..browser.startup.homepage: "https://www.google.com"
    FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_154.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/26 12:27:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Users\Owner\AppData\Local\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2014/01/26 15:58:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/08 12:12:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files\Social Privacy\FF\
    [2013/07/24 10:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2014/02/08 15:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions
    [2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com
    [2014/02/08 15:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions
    [2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com
    [2013/07/02 10:59:36 | 000,068,722 | R--- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\extensions\NoiaFoxoption@davidvincent.tld.xpi
    [2013/07/02 10:59:36 | 002,511,800 | R--- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\r18ei3ko.default-1343151942524\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
    [2014/03/08 12:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/03/08 12:12:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/03/12 01:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll
    ========== Chrome ==========
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://mysearch.avg.com?cid={19FB14...n&ds=ts024&coid=avgtbdists&pr=sa&d=2013-11-09 15:44:11&v=17.0.0.12&pid=safeguard&sg=0&sap=hp
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_2\
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_2\
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_3\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_1\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_2\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_3\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_2\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_3\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_3\
    CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_0\
    CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_1\
    CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_2\
    CHR - Extension: Download Video = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.4.1_3\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\
    CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
    CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\
    CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_3\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_4\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_5\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_6\
    O1 HOSTS File: ([2014/03/09 11:17:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
     
  20. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoScrSavPage = 0
    O7 - HKU\S-1-5-21-1552026397-1008680744-895623460-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispApprearancePage = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.160.4 216.228.160.3
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4966B34F-BFAF-49D2-9DC8-FFF506C7304A}: DhcpNameServer = 198.224.166.135 198.224.167.135
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE2C0F72-3496-4135-9EC1-A45251CA19E9}: DhcpNameServer = 216.228.160.4 216.228.160.3
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
    ========== Files/Folders - Created Within 30 Days ==========
    [2014/03/09 14:50:17 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT_NEW.exe
    [2014/03/09 11:17:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2014/03/09 11:02:15 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2014/03/09 09:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
    [2014/03/09 08:30:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TechSpot logs
    [2014/03/08 18:00:00 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/03/08 17:59:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar
    [2014/03/08 17:54:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
    [2014/03/08 17:15:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/03/08 17:15:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2014/03/08 12:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/03/01 11:42:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\8floor
    [2014/03/01 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Online Games Manager
    [2014/03/01 11:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
    [2014/03/01 11:41:24 | 000,000,000 | ---D | C] -- C:\GameHouse Games
    [2014/03/01 11:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jigsaw Mania
    [2014/03/01 11:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Jigsaw Mania demo
    [2014/03/01 10:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/03/01 10:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/03/01 10:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2014/03/01 10:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2014/03/01 10:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2014/02/16 14:29:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Downloaded Installations
    [2014/02/10 11:18:52 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    [2014/02/10 11:18:51 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
    [2014/02/10 10:58:01 | 000,000,000 | ---D | C] -- C:\Dell Management Packs
    [2014/02/10 10:49:16 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
    [2014/02/10 10:49:16 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
    [2014/02/10 10:49:16 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
    [2014/02/10 10:38:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    [2014/02/10 10:37:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
    [2014/02/10 10:37:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
    [2014/02/08 15:23:00 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
    [2014/02/08 15:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
    [2014/02/08 15:18:57 | 000,031,008 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
    [2014/02/08 15:18:25 | 000,103,424 | ---- | C] (IObit) -- C:\Windows\System32\IObitSmartDefragExtension.dll
    [2014/02/08 15:18:13 | 000,018,624 | ---- | C] (IObit) -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2014/02/08 15:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
    [2014/02/08 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ProductData
    [2014/02/08 15:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2014/02/08 15:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    [2014/02/08 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
    [2014/02/08 12:51:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    ========== Files - Modified Within 30 Days ==========
    [2014/03/09 14:54:13 | 000,017,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/03/09 14:54:13 | 000,017,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/03/09 14:53:58 | 000,665,982 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/03/09 14:53:58 | 000,123,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/03/09 14:46:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/03/09 11:17:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/03/09 10:37:06 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/03/09 09:57:17 | 000,000,834 | ---- | M] () -- C:\Users\Owner\Desktop\Royal Jigsaw.lnk
    [2014/03/09 09:56:55 | 000,000,140 | ---- | M] () -- C:\Users\Owner\Desktop\More Games at GameHouse.com.url
    [2014/03/09 09:36:03 | 000,462,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/03/09 09:12:12 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/03/08 12:41:23 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
    [2014/03/08 12:36:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/03/08 12:30:43 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
    [2014/03/01 10:59:47 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/03/01 10:54:18 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2014/02/23 15:19:00 | 000,002,201 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2014/02/19 22:33:41 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT_NEW.exe
    [2014/02/16 15:40:10 | 000,001,866 | ---- | M] () -- C:\Users\Owner\Desktop\cc_20140216_144005.reg
    [2014/02/16 15:36:22 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\SlimComputer Run.job
    [2014/02/15 11:34:34 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
    [2014/02/15 11:34:34 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
    [2014/02/15 11:34:34 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
    [2014/02/15 11:33:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf2a7c71846576.job
    [2014/02/09 11:49:40 | 042,681,344 | ---- | M] () -- C:\Sandynphilip@bendbroadband (3).pst
    [2014/02/09 10:43:22 | 016,778,240 | ---- | M] () -- C:\heavenbound47@icloud.com.pst
    [2014/02/08 15:18:12 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
    [2014/02/08 15:05:39 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
    [4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    ========== Files Created - No Company Name ==========
    [2014/03/09 09:57:17 | 000,000,834 | ---- | C] () -- C:\Users\Owner\Desktop\Royal Jigsaw.lnk
    [2014/03/09 09:35:41 | 000,462,600 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/03/01 11:41:28 | 000,000,140 | ---- | C] () -- C:\Users\Owner\Desktop\More Games at GameHouse.com.url
    [2014/03/01 10:59:47 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/03/01 10:54:18 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2014/02/16 15:40:08 | 000,001,866 | ---- | C] () -- C:\Users\Owner\Desktop\cc_20140216_144005.reg
    [2014/02/16 14:36:58 | 000,002,201 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
    [2014/02/15 11:33:38 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf2a7c71846576.job
    [2014/02/09 10:20:42 | 042,681,344 | ---- | C] () -- C:\Sandynphilip@bendbroadband (3).pst
    [2014/02/09 10:11:45 | 016,778,240 | ---- | C] () -- C:\heavenbound47@icloud.com.pst
    [2014/02/08 15:18:12 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
    [2014/02/08 15:05:44 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_Administrator.job
    [2014/02/08 15:05:39 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
    [2014/01/11 17:13:27 | 000,093,016 | ---- | C] () -- C:\Users\Owner\logger.PNG
    [2014/01/10 04:32:17 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/10 04:32:16 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/12/13 11:25:45 | 000,082,664 | ---- | C] () -- C:\Users\Owner\UniversalThemePatcher_20090409.zip
    [2013/12/08 09:25:41 | 000,007,607 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
    [2013/12/01 10:47:44 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
    [2013/12/01 10:47:00 | 000,000,127 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2013/12/01 10:46:20 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2013/12/01 10:46:20 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
    [2013/12/01 10:46:20 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2013/12/01 10:46:20 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2013/11/28 14:00:45 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/08/01 14:49:19 | 000,385,768 | ---- | C] () -- C:\Users\Owner\COCC-certificates.PNG
    [2013/08/01 14:17:16 | 015,046,808 | ---- | C] () -- C:\Users\Owner\COCC-4 001.tif
    [2013/08/01 14:15:34 | 018,402,336 | ---- | C] () -- C:\Users\Owner\COCC-3 001.tif
    [2013/08/01 14:08:54 | 001,029,195 | ---- | C] () -- C:\Users\Owner\COCC-2 001.jpg
    [2013/08/01 14:04:40 | 018,367,284 | ---- | C] () -- C:\Users\Owner\COCC-1 005.tif
    [2013/07/25 15:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/07/25 15:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/07/25 15:13:39 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/07/25 13:42:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/07/25 13:42:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/07/25 13:42:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/07/25 13:42:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/07/25 13:42:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/07/24 14:23:14 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2013/03/09 20:11:02 | 000,030,926 | ---- | C] () -- C:\Users\Owner\alex7.jpg
    [2013/03/09 20:10:45 | 000,022,789 | ---- | C] () -- C:\Users\Owner\alex6.jpg
    [2013/03/09 20:09:28 | 000,065,555 | ---- | C] () -- C:\Users\Owner\alex5.jpg
    [2013/03/09 20:09:04 | 000,044,542 | ---- | C] () -- C:\Users\Owner\alex4.jpg
    [2013/03/09 20:07:58 | 000,040,506 | ---- | C] () -- C:\Users\Owner\alex3.jpg
    [2013/03/09 20:06:51 | 000,031,286 | ---- | C] () -- C:\Users\Owner\alex2.jpg
    [2013/03/09 20:06:03 | 000,002,575 | ---- | C] () -- C:\Users\Owner\alex1.jpg
    [2012/12/02 13:07:59 | 000,002,012 | ---- | C] () -- C:\Users\Owner\Avira Control Center.lnk
    [2012/11/22 13:00:12 | 000,000,592 | ---- | C] () -- C:\Windows\RegistryKit.ini
    [2012/11/22 12:59:41 | 000,001,032 | ---- | C] () -- C:\Users\Owner\Registry Kit.lnk
    [2012/11/10 14:21:27 | 000,001,815 | ---- | C] () -- C:\Users\Owner\QuickTime Player.lnk
    [2012/11/04 14:59:53 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
    [2012/10/29 15:31:29 | 000,001,787 | ---- | C] () -- C:\Users\Owner\Tech-101 - Shortcut.lnk
    [2012/10/29 14:01:46 | 000,001,385 | ---- | C] () -- C:\Users\Owner\google gmail name philipmoore59passworduserid - Shortcut.lnk
    [2012/10/29 12:04:42 | 000,000,512 | ---- | C] () -- C:\Users\Owner\MBR.dat
    [2012/10/07 15:04:14 | 000,001,142 | ---- | C] () -- C:\Users\Owner\bettycrockeruserid - Shortcut.lnk
    [2012/09/15 15:11:05 | 000,000,099 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/09/06 08:53:03 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
    [2012/09/04 19:17:27 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2012/08/30 11:00:08 | 000,001,688 | ---- | C] () -- C:\Users\Owner\08-30-2012.reg
    [2012/08/30 09:00:09 | 000,005,602 | ---- | C] () -- C:\Users\Owner\ESETexe-fix.bat
    [2012/08/08 15:00:33 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
    [2012/08/02 10:17:07 | 000,000,984 | ---- | C] () -- C:\Users\Owner\PDF Reader.lnk
    [2012/07/20 14:19:43 | 000,001,683 | ---- | C] () -- C:\Users\Owner\Google Drive.lnk
    [2012/06/25 16:19:10 | 000,646,461 | ---- | C] () -- C:\Users\Owner\OED.pdf
    [2012/06/25 16:09:42 | 000,650,648 | ---- | C] () -- C:\Users\Owner\IMG_0001_NEW.pdf
    [2012/06/25 15:53:41 | 000,475,979 | ---- | C] () -- C:\Users\Owner\2011IRSTaxTranscriptII.pdf
    [2012/06/25 15:52:27 | 000,674,649 | ---- | C] () -- C:\Users\Owner\2011IRSTaxTranscript.pdf
    [2012/06/09 14:39:36 | 004,116,163 | ---- | C] () -- C:\Users\Owner\SGC Power Point.pdf
    [2012/05/25 10:53:57 | 000,169,078 | ---- | C] () -- C:\Users\Owner\RMH letter for donations.pdf
    [2012/05/15 07:35:31 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2012/05/11 13:23:43 | 000,009,097 | ---- | C] () -- C:\Users\Owner\3.2 Solving Linear Equations.SAV
    [2012/04/05 18:46:10 | 000,215,220 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2012/03/28 10:52:33 | 000,000,040 | ---- | C] () -- C:\Users\Owner\Access.cod
    [2012/03/23 13:18:34 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\MSBlint.dat
    [2012/03/23 13:18:33 | 000,000,288 | ---- | C] () -- C:\ProgramData\PDF2XL-4-14.TrialData
    [2012/03/17 08:07:49 | 000,009,185 | ---- | C] () -- C:\Users\Owner\II.5 Metric System Weight and Volume.SAV
    [2012/03/16 15:48:49 | 000,024,926 | ---- | C] () -- C:\Users\Owner\II.6 U.S. Customary Measurements and Metric Equivalents.SAV
    [2012/03/02 08:13:52 | 000,197,608 | ---- | C] () -- C:\Users\Owner\Capture.PNG
    [2011/12/17 16:55:55 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Recycle Bin - Shortcut.lnk
    [2011/12/14 08:41:02 | 000,000,359 | ---- | C] () -- C:\Users\Owner\Recycle Bin - Shortcut (2).lnk
    [2011/09/17 12:08:44 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.googlewebacchosts
    [2011/08/30 13:09:59 | 000,000,040 | ---- | C] () -- C:\Users\Owner\Access code.COD
    [2011/05/23 08:21:54 | 000,000,598 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/05/17 09:43:48 | 000,012,945 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).CAL
    [2011/05/17 09:37:28 | 000,038,383 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
    ========== ZeroAccess Check ==========
    [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    ========== LOP Check ==========
    [2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2012/10/13 15:35:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
    [2014/01/10 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
    [2012/05/15 09:15:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
    [2012/08/30 06:42:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BACS.exe
    [2012/01/24 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blackboard
    [2013/05/11 14:29:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
    [2012/01/24 18:25:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Collaborate
    [2011/10/21 09:50:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ColorCop
    [2011/12/26 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.Shutterfly.ExpressUploader
    [2012/09/27 14:36:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.webkinesis.PicasaUploaderDesktop
    [2011/12/17 14:56:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CSR
    [2012/12/02 18:08:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
    [2013/08/02 17:21:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easeware
    [2012/08/30 10:55:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeFixer
    [2013/07/12 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GlarySoft
    [2012/07/13 08:20:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICQ Search
    [2014/02/08 15:18:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
    [2012/08/26 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iolo
    [2011/12/26 10:09:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
    [2013/09/14 11:46:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeeperData
    [2012/07/22 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KompoZer
    [2012/12/01 15:43:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MotoCast
    [2012/12/01 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola
    [2012/06/15 16:58:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola Mobility
    [2011/03/12 08:05:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
    [2012/05/15 08:34:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security
    [2012/08/31 08:37:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Utility Kit
    [2014/02/08 15:06:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProductData
    [2012/11/22 10:04:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Qualcomm
    [2013/09/02 10:43:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Radiocom
    [2012/11/22 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Kit
    [2012/02/07 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SecondLife
    [2012/10/30 11:55:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
    [2012/10/13 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SumatraPDF
    [2013/07/09 07:54:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SyncTunesDesktop
    [2012/05/16 08:14:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
    [2012/09/02 10:33:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
    [2011/09/17 11:32:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
    [2012/09/13 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\URSoft
    [2012/03/29 06:45:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
    [2011/12/08 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZeoBIT
    ========== Purity Check ==========
    ========== Files - Unicode (All) ==========

    [2013/10/19 12:21:07 | 101,983,560 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\㯄‌᭔a
    [2013/10/19 12:21:07 | 101,983,560 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\㯄‌᭔a
    [2013/10/18 15:44:49 | 101,880,815 | ---- | M] ()(C:\Windows\System32\???w) -- C:\Windows\System32\㎚烏᭔w
    [2013/10/18 15:44:49 | 101,880,815 | ---- | C] ()(C:\Windows\System32\???w) -- C:\Windows\System32\㎚烏᭔w
    [2013/10/13 08:15:14 | 100,742,045 | ---- | M] ()(C:\Windows\System32\???q) -- C:\Windows\System32\읃�᭔q
    [2013/10/13 08:15:14 | 100,742,045 | ---- | C] ()(C:\Windows\System32\???q) -- C:\Windows\System32\읃�᭔q
    [2013/09/29 14:02:51 | 098,466,785 | ---- | M] ()(C:\Windows\System32\???_) -- C:\Windows\System32\獵ᣉ᭔_
    [2013/09/29 14:02:51 | 098,466,785 | ---- | C] ()(C:\Windows\System32\???_) -- C:\Windows\System32\獵ᣉ᭔_

    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
    DRV - [2012/09/03 16:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)
    [2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com
    [2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\
    CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\
    O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    [2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    C:\Program Files\IObit
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    All processes killed
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)> in the current context!
    Error: Unable to interpret <DRV - [2012/09/03 16:47:18 | 000,115,008 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\efavdrv.sys -- (efavdrv)> in the current context!
    Error: Unable to interpret <[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com> in the current context!
    Error: Unable to interpret <[2014/02/08 15:19:38 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com> in the current context!
    Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\> in the current context!
    Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\> in the current context!
    Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\> in the current context!
    Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\> in the current context!
    Error: Unable to interpret <CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\> in the current context!
    Error: Unable to interpret <O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)> in the current context!
    Error: Unable to interpret <[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit> in the current context!
    Error: Unable to interpret <[2012/01/11 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit> in the current context!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    C:\Program Files\IObit\Surfing Protection\Language folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\Database folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\nfengeggddojhakldhlpjdlddgkkjkdd folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\images folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com\chrome folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect\ascsurfingprotection@iobit.com folder moved successfully.
    C:\Program Files\IObit\Surfing Protection\BrowerProtect folder moved successfully.
    C:\Program Files\IObit\Surfing Protection folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Update folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Temp folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Skins\White folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Skins\Blue folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Skins\Black folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Skins folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\SDReport folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\LatestNews folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Language folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Help\img folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Help folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Freeware folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Extension folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\wxp_x86 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\wxp_x64 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\wnet_x86 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\wnet_x64 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\wlh_x86 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\wlh_x64 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\win8_x86 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\win8_x64 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\win7_x86 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers\win7_x64 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\drivers folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3\Database folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 3 folder moved successfully.
    C:\Program Files\IObit\Smart Defrag 2 folder moved successfully.
    C:\Program Files\IObit\LiveUpdate\update\Uninstaller folder moved successfully.
    C:\Program Files\IObit\LiveUpdate\update folder moved successfully.
    C:\Program Files\IObit\LiveUpdate\Language folder moved successfully.
    C:\Program Files\IObit\LiveUpdate folder moved successfully.
    C:\Program Files\IObit\IObit Uninstaller\LatestNews folder moved successfully.
    C:\Program Files\IObit\IObit Uninstaller\Lan_LiveUpt folder moved successfully.
    C:\Program Files\IObit\IObit Uninstaller\Language folder moved successfully.
    C:\Program Files\IObit\IObit Uninstaller\Images folder moved successfully.
    C:\Program Files\IObit\IObit Uninstaller folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 5\Update folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 5\SecurityHole_Backup folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 5\LatestNews folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 5\BootTimeLog folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 5 folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 4\Update folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 4\LatestNews folder moved successfully.
    C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
    C:\Program Files\IObit folder moved successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Owner
    ->Temp folder emptied: 2221037 bytes
    ->Temporary Internet Files folder emptied: 687571 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 20619562 bytes
    ->Google Chrome cache emptied: 856432 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 815 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 205 bytes
    RecycleBin emptied: 9069649 bytes
    Total Files Cleaned = 32.00 mb
    [EMPTYJAVA]
    User: All Users
    User: Default
    User: Default User
    User: Owner
    ->Java cache emptied: 0 bytes
    User: Public
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: All Users
    User: Default
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: Owner
    ->Flash cache emptied: 0 bytes
    User: Public
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 03092014_152952

    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  23. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    OTL fix log is incorrect.
    It looks like you didn't copy my entire script especially a colon in front of "OTL" (first line).
    Redo.
     
  24. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    Results of screen317's Security Check version 0.99.80
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    SlimCleaner
    Adobe Flash Player 13.0.0.154
    Adobe Reader XI
    Mozilla Firefox (28.0)
    Google Chrome 33.0.1750.117
    Google Chrome 33.0.1750.146
    ````````Process Check: objlist.exe by Laurent````````
    Online Games Manager ogmservice.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  25. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 421

    All processes killed
    ========== OTL ==========
    Service motusbdevice stopped successfully!
    Service motusbdevice deleted successfully!
    File system32\DRIVERS\motusbdevice.sys not found.
    Service Motousbnet stopped successfully!
    Service Motousbnet deleted successfully!
    File system32\DRIVERS\Motousbnet.sys not found.
    Service MotoSwitchService stopped successfully!
    Service MotoSwitchService deleted successfully!
    File system32\DRIVERS\motswch.sys not found.
    Service motmodem stopped successfully!
    Service motmodem deleted successfully!
    File system32\DRIVERS\motmodem.sys not found.
    Service motccgpfl stopped successfully!
    Service motccgpfl deleted successfully!
    File system32\DRIVERS\motccgpfl.sys not found.
    Service motccgp stopped successfully!
    Service motccgp deleted successfully!
    File system32\DRIVERS\motccgp.sys not found.
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\Users\Owner\AppData\Local\Temp\catchme.sys not found.
    Service BTCFilterService stopped successfully!
    Service BTCFilterService deleted successfully!
    File system32\DRIVERS\motfilt.sys not found.
    Service efavdrv stopped successfully!
    Service efavdrv deleted successfully!
    C:\Windows\System32\drivers\efavdrv.sys moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\m68v3rw9.default-1391359149158\extensions\ascsurfingprotection@iobit.com folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully.
    C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\r18ei3ko.default-1343151942524\extensions\ascsurfingprotection@iobit.com folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin\Img folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin\img folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1 folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\Plugin\img folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2\Plugin folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_2 folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\Plugin\img folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3\Plugin folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_3 folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\Plugin\img folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4\Plugin folder moved successfully.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_4 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
    File C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll not found.
    C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
    C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
    Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    File\Folder C:\Program Files\IObit not found.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Owner
    ->Temp folder emptied: 1056683 bytes
    ->Temporary Internet Files folder emptied: 128 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 18132867 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes
    User: Public
    ->Temp folder emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 205 bytes
    RecycleBin emptied: 0 bytes
    Total Files Cleaned = 18.00 mb
    [EMPTYJAVA]
    User: All Users
    User: Default
    User: Default User
    User: Owner
    ->Java cache emptied: 0 bytes
    User: Public
    Total Java Files Cleaned = 0.00 mb
    [EMPTYFLASH]
    User: All Users
    User: Default
    ->Flash cache emptied: 0 bytes
    User: Default User
    ->Flash cache emptied: 0 bytes
    User: Owner
    ->Flash cache emptied: 0 bytes
    User: Public
    Total Flash Files Cleaned = 0.00 mb
    OTL by OldTimer - Version 3.2.69.0 log created on 03092014_154548

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.