TechSpot

Virus removal

Solved
By bruce66
Jun 16, 2013
  1. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    AdwCleaner Log

    # AdwCleaner v2.303 - Logfile created 06/23/2013 at 01:45:37
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Jean - SWINDLEHURST
    # Boot Mode : Normal
    # Running from : C:\Users\Jean\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Yontoo Desktop Updater

    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Jean\AppData\Roaming\Yontoo

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16618

    [OK] Registry is clean.

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\algc20ss.default\prefs.js

    [OK] File is clean.

    -\\ Opera v [Unable to get version]

    File : C:\Users\Jean\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2784 octets] - [23/06/2013 01:43:32]
    AdwCleaner[S1].txt - [2620 octets] - [23/06/2013 01:45:37]

    ########## EOF - C:\AdwCleaner[S1].txt - [2680 octets] ##########
  2. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Any idea what Yontoo is ?
  3. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Yontoo is an unwanted toolbar.

    Is this a file or a folder?
  4. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Folder with zzzz and ..... in it which keep replicating when trying to delete
  5. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Have just noticed that folder with file inside has disappeared whilst in the middle of running JRT and OTL programs so what is next step or is that it ?
  6. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    OTL Log

    OTL logfile created on: 23/06/2013 12:00:16 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jean\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16618)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.91 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.56% Memory free
    5.83 Gb Paging File | 3.54 Gb Available in Paging File | 60.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119.24 Gb Total Space | 78.17 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
    Drive D: | 153.85 Gb Total Space | 153.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

    Computer Name: SWINDLEHURST | User Name: Jean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/23 11:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
    PRC - [2013/06/23 01:53:57 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jean\Desktop\JRT.exe
    PRC - [2013/06/20 15:00:08 | 002,095,752 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2013/06/14 10:03:16 | 001,515,328 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    PRC - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    PRC - [2013/04/17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    PRC - [2013/04/17 11:57:08 | 000,207,560 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    PRC - [2013/04/17 11:57:08 | 000,194,760 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    PRC - [2013/04/17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/02/20 14:37:48 | 001,611,584 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/12 07:49:46 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
    PRC - [2011/12/06 17:21:36 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    PRC - [2011/11/30 18:10:34 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    PRC - [2011/11/30 18:10:32 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    PRC - [2011/10/04 21:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
    PRC - [2011/10/04 00:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    PRC - [2011/10/03 12:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/09/13 22:33:14 | 002,317,312 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2011/07/22 00:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    PRC - [2010/12/21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/20 13:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
    PRC - [2010/08/20 18:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    PRC - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/06 17:21:34 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    MOD - [2011/09/13 22:33:14 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
    MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2010/08/20 18:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
    MOD - [2010/08/20 18:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/04/25 01:30:18 | 005,784,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2013/04/15 18:38:22 | 000,158,928 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2012/07/11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2011/03/04 01:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/06/20 15:00:08 | 002,095,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2013/06/20 11:01:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - [2013/04/17 13:27:24 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2013/04/17 11:57:08 | 000,070,344 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/11/30 18:10:32 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/12/21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/04/15 18:38:52 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013/02/28 09:36:34 | 000,177,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/02/28 09:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/02/28 09:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/02/28 09:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/02/28 09:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2013/02/18 13:07:50 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/02/18 13:07:50 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2013/02/18 13:07:50 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/04/16 17:52:40 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/03 19:09:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2011/11/03 19:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/11/01 15:23:19 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/11/01 15:23:19 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/03 19:48:40 | 000,394,728 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/10/03 19:48:38 | 000,129,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/08/31 08:42:04 | 002,769,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/26 04:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/03/18 06:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2010/12/31 11:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/11/20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/08/24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/07/20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2013/03/26 19:34:08 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
    DRV - [2013/03/26 19:33:52 | 000,034,336 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
    DRV - [2013/03/23 15:48:46 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
    DRV - [2012/09/03 08:20:00 | 000,037,976 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\CFRMD.sys -- (CFRMD)
    DRV - [2011/09/07 18:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{27B3AA8C-0276-44B0-8CD2-7F5F4C9E41DB}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7DSGO_enGB474
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/06/19 11:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
    [2013/06/19 11:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/06/19 11:28:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
    File not found (No name found) -- C:\USERS\JEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ALGC20SS.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM

    O1 HOSTS File: ([2013/06/22 12:26:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
    O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0891618E-10D5-489F-9C0A-94E10A60D2FB}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A775E71-8C4A-462E-8DC0-68AA9D8B6BDB}: NameServer = 8.26.56.26,156.154.70.22
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  7. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/23 11:57:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
    [2013/06/23 01:55:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/06/23 01:54:58 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/23 01:53:55 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jean\Desktop\JRT.exe
    [2013/06/22 12:37:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/06/22 12:26:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/06/22 11:57:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/06/22 11:57:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/06/22 11:57:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/06/22 11:54:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/06/22 11:53:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/06/22 11:47:04 | 005,082,201 | R--- | C] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
    [2013/06/21 16:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/21 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\mbar-1.06.0.1003
    [2013/06/21 16:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Macromedia
    [2013/06/21 12:09:29 | 000,056,072 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2013/06/21 12:09:29 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2013/06/21 12:05:19 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2013/06/19 21:38:55 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/06/19 11:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Mozilla
    [2013/06/19 11:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Mozilla
    [2013/06/19 11:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/06/19 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/06/19 11:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/06/19 11:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
    [2013/06/19 11:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
    [2013/06/19 11:19:19 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/06/19 11:19:04 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/06/19 11:19:04 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/06/19 11:19:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/06/19 11:18:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/06/19 11:18:55 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/06/19 11:18:55 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/06/19 11:18:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/06/19 11:18:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/06/19 11:18:51 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/06/19 11:18:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/06/19 11:18:45 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/06/19 11:18:44 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/06/19 11:18:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/06/19 11:18:41 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/06/19 11:18:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/06/19 11:18:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/06/19 11:18:36 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/06/19 11:18:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/06/19 11:18:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/06/19 11:18:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/06/19 11:18:25 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/06/19 11:18:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/06/19 11:18:22 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/06/19 11:18:20 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/06/19 11:18:19 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/06/19 11:18:17 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/06/19 11:18:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/06/19 11:18:15 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/06/19 11:18:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/06/19 11:18:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/06/19 11:17:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/06/19 11:17:56 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/06/19 11:17:55 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/06/19 11:17:55 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/06/19 11:17:55 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/06/19 11:17:55 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/06/19 11:17:54 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/06/19 11:17:54 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/06/19 11:17:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/06/19 11:17:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/06/19 11:17:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/06/19 11:17:53 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/06/19 11:17:53 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/06/19 11:17:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/06/19 11:17:52 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/06/19 11:17:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/06/19 11:17:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/06/19 11:17:52 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/06/19 11:17:52 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/06/19 11:17:52 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/06/19 11:17:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/06/19 11:17:52 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/06/19 11:17:52 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/06/19 11:17:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/06/19 11:17:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/06/19 11:17:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/06/19 11:17:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/06/19 11:17:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/06/19 11:17:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/06/19 11:17:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/06/19 11:17:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/06/19 11:17:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/06/19 11:17:50 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/06/19 11:17:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/06/19 11:17:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/06/19 11:17:50 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/06/19 11:17:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/06/19 11:10:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/06/19 11:10:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/06/19 11:10:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/06/19 11:10:18 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/06/19 11:10:18 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/06/19 11:10:18 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/06/19 11:10:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/06/19 11:10:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/06/19 11:10:18 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/06/19 11:10:18 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/06/19 11:10:17 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/06/19 11:10:17 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/06/19 11:10:17 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/06/19 11:10:17 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/06/19 11:10:17 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/06/19 11:10:17 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/06/19 11:10:16 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/06/19 11:10:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/06/19 11:10:16 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/06/19 11:10:16 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/06/19 11:10:15 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/06/19 11:10:14 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/06/19 11:10:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/06/19 11:10:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/06/19 11:10:13 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/06/19 11:10:13 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/06/19 11:10:13 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/06/19 11:10:12 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/06/19 11:10:12 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/06/18 16:51:38 | 000,000,000 | ---D | C] -- C:\Users\Jean\Desktop\New folder
    [2013/06/17 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/06/17 21:21:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/06/17 21:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/06/17 21:15:08 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2013/06/17 21:14:50 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
    [2013/06/17 21:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2013/06/17 21:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
    [2013/06/17 21:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
    [2013/06/17 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Comodo
    [2013/06/17 21:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2013/06/17 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2013/06/17 16:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2013/06/16 17:36:18 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
    [2013/06/16 17:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
    [2013/06/16 17:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
    [2013/06/16 17:31:05 | 008,610,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/06/16 16:16:00 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/06/16 16:16:00 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/06/16 16:15:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2013/06/16 16:15:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2013/06/16 16:15:37 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2013/06/16 16:15:36 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/06/16 16:15:36 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2013/06/16 16:15:36 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/06/16 16:15:36 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2013/06/16 16:15:36 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2013/06/16 16:15:26 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/06/16 16:15:26 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/05/25 13:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2013/05/25 12:23:27 | 000,000,000 | ---D | C] -- C:\Users\Jean\Documents\Anti Virus, Spyware and Cleaning Programs

    ========== Files - Modified Within 30 Days ==========

    [2013/06/23 12:13:19 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2013/06/23 11:57:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Desktop\OTL.exe
    [2013/06/23 11:55:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/06/23 11:54:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/23 01:56:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/23 01:56:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/23 01:53:57 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jean\Desktop\JRT.exe
    [2013/06/23 01:49:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/23 01:48:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/23 01:48:07 | 2346,811,392 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/23 01:41:42 | 000,648,201 | ---- | M] () -- C:\Users\Jean\Desktop\adwcleaner.exe
    [2013/06/22 14:09:13 | 000,795,104 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/06/22 14:09:13 | 000,676,644 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/06/22 14:09:13 | 000,129,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/06/22 12:26:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/06/22 12:25:16 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
    [2013/06/22 11:53:07 | 005,082,201 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
    [2013/06/22 11:39:22 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
    [2013/06/21 12:09:29 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2013/06/21 12:09:29 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2013/06/21 12:05:19 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2013/06/20 11:01:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/06/20 11:01:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/06/20 10:43:50 | 000,001,499 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
    [2013/06/19 11:19:19 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2013/06/19 11:19:04 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
    [2013/06/19 11:19:04 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
    [2013/06/19 11:19:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/06/19 11:18:56 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2013/06/19 11:18:55 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2013/06/19 11:18:55 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
    [2013/06/19 11:18:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
    [2013/06/19 11:18:53 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
    [2013/06/19 11:18:51 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/06/19 11:18:48 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
    [2013/06/19 11:18:45 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/06/19 11:18:44 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
    [2013/06/19 11:18:41 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/06/19 11:18:41 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2013/06/19 11:18:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
    [2013/06/19 11:18:39 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2013/06/19 11:18:36 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
    [2013/06/19 11:18:35 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/06/19 11:18:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
    [2013/06/19 11:18:30 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/06/19 11:18:25 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2013/06/19 11:18:25 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
    [2013/06/19 11:18:22 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
    [2013/06/19 11:18:20 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2013/06/19 11:18:19 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/06/19 11:18:17 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/06/19 11:18:15 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
    [2013/06/19 11:18:15 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2013/06/19 11:18:14 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/06/19 11:18:14 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/06/19 11:18:14 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/06/19 11:17:56 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2013/06/19 11:17:56 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/06/19 11:17:55 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2013/06/19 11:17:55 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2013/06/19 11:17:55 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2013/06/19 11:17:55 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
    [2013/06/19 11:17:54 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
    [2013/06/19 11:17:54 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2013/06/19 11:17:54 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
    [2013/06/19 11:17:54 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/06/19 11:17:54 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/06/19 11:17:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/06/19 11:17:53 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2013/06/19 11:17:53 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/06/19 11:17:53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/06/19 11:17:52 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/06/19 11:17:52 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/06/19 11:17:52 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/06/19 11:17:52 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/06/19 11:17:52 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
    [2013/06/19 11:17:52 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
    [2013/06/19 11:17:52 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
    [2013/06/19 11:17:52 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/06/19 11:17:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2013/06/19 11:17:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/06/19 11:17:51 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
    [2013/06/19 11:17:51 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2013/06/19 11:17:51 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
    [2013/06/19 11:17:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
    [2013/06/19 11:17:51 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
    [2013/06/19 11:17:51 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
    [2013/06/19 11:17:51 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
    [2013/06/19 11:17:51 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2013/06/19 11:17:50 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/06/19 11:17:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/06/19 11:17:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/06/19 11:17:50 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
    [2013/06/19 11:17:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
    [2013/06/19 11:10:20 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/06/19 11:10:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/06/19 11:10:20 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    [2013/06/19 11:10:19 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    [2013/06/19 11:10:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    [2013/06/19 11:10:18 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2013/06/19 11:10:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/06/19 11:10:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
    [2013/06/19 11:10:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/06/19 11:10:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
    [2013/06/19 11:10:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/06/19 11:10:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
    [2013/06/19 11:10:17 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
    [2013/06/19 11:10:17 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
    [2013/06/19 11:10:17 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2013/06/19 11:10:17 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2013/06/19 11:10:17 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
    [2013/06/19 11:10:17 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2013/06/19 11:10:16 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2013/06/19 11:10:16 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2013/06/19 11:10:16 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
    [2013/06/19 11:10:16 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
    [2013/06/19 11:10:15 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/06/19 11:10:14 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
    [2013/06/19 11:10:13 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
    [2013/06/19 11:10:13 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
    [2013/06/19 11:10:13 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2013/06/19 11:10:13 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
    [2013/06/19 11:10:13 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2013/06/19 11:10:12 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
    [2013/06/19 11:10:12 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
    [2013/06/17 21:17:43 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
    [2013/06/17 21:17:43 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2013/06/17 21:17:41 | 000,000,595 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
    [2013/06/17 21:15:58 | 000,002,640 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
    [2013/06/17 21:15:08 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2013/06/17 21:14:08 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
    [2013/06/17 21:14:08 | 000,002,045 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2013/06/17 21:14:08 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [2013/06/17 21:13:47 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2013/06/16 17:31:41 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
    [2013/06/16 17:31:31 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
    [2013/06/16 17:31:05 | 008,610,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/06/16 15:59:20 | 000,000,000 | ---- | M] () -- C:\search.sqlite
    [2013/05/26 15:03:05 | 000,005,305 | ---- | M] () -- C:\Users\Jean\Documents\OUR KEV.odt
    [2013/05/25 12:38:16 | 000,001,963 | ---- | M] () -- C:\Users\Jean\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/05/25 12:34:05 | 000,294,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2013/06/23 01:41:38 | 000,648,201 | ---- | C] () -- C:\Users\Jean\Desktop\adwcleaner.exe
    [2013/06/22 11:57:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/22 11:57:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/22 11:57:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/22 11:57:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/22 11:57:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/06/22 11:39:22 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
    [2013/06/19 11:28:55 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/06/19 11:18:14 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/06/19 11:17:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/06/17 21:17:43 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
    [2013/06/17 21:17:43 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2013/06/17 21:17:41 | 000,000,595 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
    [2013/06/17 21:17:31 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2013/06/17 21:14:08 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
    [2013/06/17 21:14:08 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
    [2013/06/17 21:14:08 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
    [2013/06/17 21:13:47 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2013/06/16 17:31:41 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
    [2013/06/16 17:31:32 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
    [2013/06/16 17:31:31 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
    [2013/06/16 15:59:20 | 000,000,000 | ---- | C] () -- C:\search.sqlite
    [2013/05/26 15:02:51 | 000,005,305 | ---- | C] () -- C:\Users\Jean\Documents\OUR KEV.odt
    [2012/08/13 11:11:44 | 000,012,888 | ---- | C] () -- C:\Program Files (x86)\readme.html
    [2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
    [2012/02/05 14:05:46 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
    [2011/11/03 19:09:24 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/11/03 19:09:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/11/03 19:09:16 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/11/01 16:26:21 | 000,781,016 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/18 04:50:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/18 04:49:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >
  8. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    I did notice that while the OTL scan was running the afore mentioned file/folder was being scanned in the Recycling Bin but when I checked the Recycling Bin said it was empty
  9. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    I'm still waiting for JRT to finish. This has been going all night
  10. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    This is OTL Extras Log

    OTL Extras logfile created on: 23/06/2013 12:00:16 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jean\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16618)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.91 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.56% Memory free
    5.83 Gb Paging File | 3.54 Gb Available in Paging File | 60.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 119.24 Gb Total Space | 78.17 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
    Drive D: | 153.85 Gb Total Space | 153.72 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

    Computer Name: SWINDLEHURST | User Name: Jean | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{020DB173-1C57-4D1D-9ADA-D298C4CB2907}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{02A461FA-5291-4910-AAD5-BAD4282F14A6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{20E128D7-1784-4E24-AB16-661F57932068}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{31A0CCC4-E801-4E38-AC52-5C0D3224D334}" = rport=138 | protocol=17 | dir=out | app=system |
    "{31AA57DE-C2D4-42A3-982C-3E8866318A82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4A865E77-60FE-4F08-BE93-5E7E2DEC87EB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{51B628B8-5375-4B54-830E-38940C48B681}" = rport=139 | protocol=6 | dir=out | app=system |
    "{652A2D61-D430-4FDA-890A-F0274FCF22DE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6B98B7E9-9315-4663-A936-EB17D8638301}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{761DE145-4C77-4121-A794-EAC975FAEB5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{77573E66-D4D7-4209-A6A7-D5D761A9CF6C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{889F60A2-AFD2-4D73-89CD-614FD731CBCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{899F93EE-97C8-473B-A9A3-29C82C45CC99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{89F1240E-3485-467A-A9ED-4273EB3D3CF9}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A5150CF2-DA3C-42EE-9E42-0F4C9203F47C}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{ABB0B1F2-3965-4AD3-A2DD-C40350484168}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AED75FBC-C07D-43B7-85EE-60C8E1582096}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{BC2F5697-0E78-4B0F-A842-89E7A65052B4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{CFDB1CF7-771D-4BAD-AC80-0D443FCD24CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{D1EC8252-AC01-43C9-BF65-269D8CD77F9F}" = rport=445 | protocol=6 | dir=out | app=system |
    "{D71F7167-9B64-4130-B4FE-4C0952732FEB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E9CA12F2-EEF6-4803-8689-0F1FB9E7D562}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ED759418-2888-43FE-BC68-499C33AB27DC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F2EFFE77-DBB7-49DC-88CA-A610AA002DAC}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A4DD55-3EC2-42F9-B63B-D24DAFE32D12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{04016ED5-3F06-4B98-9654-626C1FF7418D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0449EC5C-F3C9-4DDF-B279-079056009621}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0DC9B600-A74A-41E0-92F0-DD4436772060}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{0E6D4C49-CE66-408F-99AC-1D811189087C}" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "{1F43F9EF-84AE-4676-A65D-162F1493932D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{23F46D73-A504-4737-BC14-A540A9CC7B94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{253CC7BA-986F-47DA-825F-647799BC3E34}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{2C230330-00F0-43A3-B981-4EA0464EA057}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{33C01D28-E93B-4AC8-9161-1667B917665C}" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "{3F12D76C-DFCB-4C21-948A-1EFD1BAC1B7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{416DEF44-FB2F-4A16-AED3-B55074378686}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{4A70CCFA-401C-4CF7-BE89-991E326E3649}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{55DEC8CD-2227-4778-B177-3D8E92C315E6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{587706B2-4642-4C21-BDF9-6D06BA3442E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{619EF396-F96C-458A-B03B-9E8126EA2067}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{68A893A1-4E45-49DA-8C9E-F1E6334C3926}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6D41992A-0A23-43BA-B195-B4257B1E23AF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{7294E157-0F19-4E09-BEF7-1251A6FBEEDE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{75248487-77F2-4774-B598-A786F3D3DCDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{782FD01F-A3D1-44AE-80DB-53BAAE88E041}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{78420451-7A90-4728-B020-39B9B52670C8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7B0484D0-0264-4AD0-8B53-D25DE1981453}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{8388C671-0B79-49AD-8F0D-5905E012AB2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C054CBD-8EB9-4DAC-81B9-930A477A27C0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8CFE7B80-F14F-49AA-8476-4830545F2ACC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{98C0ACDB-A9AA-45B6-8823-76A223C12FDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{9FABF1B2-F243-4A8D-B75F-409F37362009}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{A47A91E2-1483-4296-8CEB-8E66AD656E76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AEA50AF8-D375-4811-A553-DCE1AE54D291}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B86F2C20-2E45-4887-922A-612C97ED3814}" = protocol=6 | dir=out | app=system |
    "{C161124A-5FFE-4F3F-8F7F-B8F99BED2B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{C83F45CB-C14F-497E-B363-A1C412341EAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{C90D3BD9-AF48-4A9D-8B3D-01E21D289477}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{C986BC47-8E03-49C0-A303-0917DAD26796}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{CE8E37EF-6C30-4BCB-87CF-83AEE8D6A131}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D02DDA59-7C15-4A26-B19B-D8A76DFD63A7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E3AEFBCB-F409-4ADC-861C-C7C4326CCFF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E3C9B6F3-0264-4476-92D9-9D726EC2C68D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E5A3B4D8-6155-4D6B-B8EE-D265AFCE55B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{EABA33CE-0F8F-4A3D-AD57-ACD558E647C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{EB284B10-A0B3-44CF-BB7E-8F979FD41C83}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{EE6C1552-AE0B-4ED8-8EE6-823444F5CFB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{EFD649CA-93C9-483A-BC62-86F0C58054E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{F8364005-4380-4FDF-96EF-410B7B53D0F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "TCP Query User{F0FCE4BF-58DB-4BCF-9530-DE20DE9CA783}C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |
    "UDP Query User{6A4F7DB4-D22E-4EA0-B8EF-20D902DC27DC}C:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voipbuster.com\voipbuster\voipbuster.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F1EC4151-805B-4097-B9BB-7D71A417AAF1}" = COMODO Internet Security Premium
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Elantech" = ETDWare PS/2-X64 8.0.5.1_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
    "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
    "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}" = OpenOffice.org 3.4.1
    "{A47642B2-4CB5-4325-8093-C88D4747953F}" = GeekBuddy
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}" = Wireless Console 3
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
    "{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
    "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AmUStor" = Alcor Micro USB Card Reader
    "Asus Vibe2.0" = AsusVibe2.0
    "ASUS WebStorage" = ASUS WebStorage
    "ASUS_Screensaver" = ASUS_Screensaver
    "Comodo Dragon" = Comodo Dragon
    "Game Park Console" = Game Park Console
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "IObit Malware Fighter_is1" = IObit Malware Fighter
    "KNOWHOW(TM) APP CENTRE 23319" = KNOWHOW(TM) APP CENTRE
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Picasa 3" = Picasa 3
    "Smart Defrag 2_is1" = Smart Defrag 2
    "VoipBuster_is1" = VoipBuster
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 15/04/2013 08:49:55 | Computer Name = swindlehurst | Source = IMFservice | ID = 0
    Description =

    Error - 09/05/2013 04:36:20 | Computer Name = swindlehurst | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: b30 Start
    Time: 01ce4c900ca4f37c Termination Time: 47 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: 797e9c21-b883-11e2-aeb6-5404a64734a4

    Error - 12/05/2013 13:09:07 | Computer Name = swindlehurst | Source = System Restore | ID = 8193
    Description =

    Error - 16/05/2013 08:03:52 | Computer Name = swindlehurst | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary RegFilter. System Error: The system cannot find the file specified. .

    Error - 16/05/2013 08:04:34 | Computer Name = swindlehurst | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary RegFilter. System Error: The system cannot find the file specified. .

    Error - 17/05/2013 12:25:39 | Computer Name = swindlehurst | Source = Application Error | ID = 1000
    Description = Faulting application name: ACMON.exe, version: 1.0.8.0, time stamp:
    0x4eddd02a Faulting module name: urlmon.dll_unloaded, version: 0.0.0.0, time stamp:
    0x515df88c Exception code: 0xc0000005 Fault offset: 0x759c3484 Faulting process id:
    0xc80 Faulting application start time: 0x01ce5315b406ef7f Faulting application path:
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe Faulting module path: urlmon.dll Report
    Id: 68e857a8-bf0e-11e2-b74a-5404a64734a4

    Error - 17/05/2013 12:25:59 | Computer Name = swindlehurst | Source = Application Error | ID = 1000
    Description = Faulting application name: ACMON.exe, version: 1.0.8.0, time stamp:
    0x4eddd02a Faulting module name: urlmon.dll_unloaded, version: 0.0.0.0, time stamp:
    0x515df88c Exception code: 0xc0000005 Fault offset: 0x759b6b9f Faulting process id:
    0xc80 Faulting application start time: 0x01ce5315b406ef7f Faulting application path:
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe Faulting module path: urlmon.dll Report
    Id: 74961800-bf0e-11e2-b74a-5404a64734a4

    Error - 17/05/2013 12:38:01 | Computer Name = swindlehurst | Source = Application Hang | ID = 1002
    Description = The program APCT(no NSC).exe version 1.0.0.1 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1564 Start
    Time: 01ce531cdaaf9578 Termination Time: 31 Application Path: C:\Users\Jean\Documents\APCT(no
    NSC).exe Report Id: 209460cc-bf10-11e2-b74a-5404a64734a4

    Error - 25/05/2013 07:24:56 | Computer Name = swindlehurst | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: c1c Start
    Time: 01ce59394a986ead Termination Time: 31 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: b1779ef3-c52d-11e2-b759-5404a64734a4

    Error - 25/05/2013 07:42:13 | Computer Name = swindlehurst | Source = Application Hang | ID = 1002
    Description = The program UNKNOWN version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: f98 Start Time:
    01ce593bcdff3797 Termination Time: 60000 Application Path: UNKNOWN Report Id: f3ca009c-c52f-11e2-babe-5404a64734a4


    [ System Events ]
    Error - 01/06/2013 09:15:50 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 01/06/2013 09:16:07 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    aswSnx

    Error - 01/06/2013 10:01:10 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 16/06/2013 10:58:04 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 16/06/2013 10:58:26 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    aswSnx

    Error - 17/06/2013 11:54:42 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7001
    Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
    failed to start because of the following error: %%1058

    Error - 17/06/2013 11:55:22 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7001
    Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
    failed to start because of the following error: %%1058

    Error - 17/06/2013 16:00:53 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7001
    Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
    failed to start because of the following error: %%1058

    Error - 17/06/2013 16:01:07 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    aswSnx

    Error - 17/06/2013 16:11:46 | Computer Name = swindlehurst | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    aswSnx


    < End of report >
  11. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Jean on 23/06/2013 at 11:59:39.69
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\algc20ss.default\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/06/2013 at 14:32:27.49
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll File not found
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  13. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\ZEON/PDF,version=2.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jean
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3519 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 14102602 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5462 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 13.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Jean
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Jean
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06232013_205035
  14. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Results of screen317's Security Check version 0.99.67
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    COMODO Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Adobe Flash Player 11.7.700.224
    Adobe Reader XI
    Mozilla Firefox (21.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Comodo Firewall cmdagent.exe
    IObit IObit Malware Fighter IMFsrv.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    IObit IObit Malware Fighter IMF.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
  15. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Farbar Service Scanner Version: 16-06-2013
    Ran by Jean (administrator) on 23-06-2013 at 22:14:33
    Running from "C:\Users\Jean\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-06-16 16:16] - [2013-05-08 07:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2013-06-16 16:15] - [2013-05-13 06:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  16. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Whilst ESET scanner was running I noticed that the File/Folder in question was still showing in the Recycle Bin. But when I click on it there is nothing in it
  17. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Let Eset finish.
  18. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    ESET had finished but no log to post
  19. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  20. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    So does this mean that the troublesome folder in the Recycle Bin is Quarantined and is safe?
  21. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Did you try to empty Recycle Bin?
  22. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Also I would like to take this oppurtunity to thankyou for all your help as your help was much appreciated.
  23. bruce66

    bruce66 TS Rookie Topic Starter Posts: 64

    Yes only after all scans were finished only to see if I could see it and manually empty it but to no avail
  24. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    You're very welcome [​IMG]

  25. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    I need more details.
    What exactly you did and you mean by "no avail".
    Remember, I'm not there.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.