Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 archiebabe49

archiebabe49

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 21 December 2012 - 02:42 PM

hi newcomer here,problems with pup.datamngr.ran mbam and it says all selected malicious software been removed.but their keep showing up later scan.advice please.ty

BC AdBot (Login to Remove)

 


#2 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2012 - 09:41 PM

Hi archiebabe49

I am currently doing up a fix for you and will post it as soon as possible.

White Warrior

#3 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 22 December 2012 - 08:44 PM

Hi archiebabe49 and welcome.

If you have more than 1 browser, are you getting pup.datamngr in all of them or just in one browser?

We need to see some information about what is happening in your machine. Please perform the following scans.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control
here

Double Click MBAM
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
White Warrior

#4 archiebabe49

archiebabe49
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 23 December 2012 - 05:27 PM

hi,white warrior,sorry for delay,at the moment internet explorer,in the past chrome.rockmelt
www.malwarebytes.org

Database version: v2012.12.20.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frankie :: FRANKIE-PC [administrator]

23/12/2012 22:17:52
mbam-log-2012-12-23 (22-17-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202082
Time elapsed: 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Frankie - FRANKIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Frankie\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [23253 octets] - [19/12/2012 18:48:44]
AdwCleaner[R2].txt - [23314 octets] - [19/12/2012 18:49:33]
AdwCleaner[R3].txt - [982 octets] - [19/12/2012 18:54:48]
AdwCleaner[R4].txt - [853 octets] - [23/12/2012 22:22:58]
AdwCleaner[S1].txt - [23375 octets] - [19/12/2012 18:51:04]Attached File  attach.txt   10.44KB   8 downloadsadwCleaner[S2].txt - [1041 octets] - [19/12/2012 18:55:44]

########## EOF - C:\AdwCleaner[R4].txt - [1033 octets] ##########
Attached File  dds.txt   21.68KB   11 downloads
(end)hope i have done this right cheers frankie

Edited by archiebabe49, 23 December 2012 - 05:48 PM.


#5 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 25 December 2012 - 06:51 PM

Hi archiebabe49

hi,white warrior,sorry for delay,at the moment internet explorer,in the past chrome.rockmelt

Do you mean that it is only in Internet Explorer now and that it is no longer in chrome?

I notice in your log you have two anti virus programs installed. Avast and AntiVir

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or AntiVir.

I also see RegCure Pro in your log.
Did you install it?
I strongly suggest you remove it.
We do not recommend registry cleaners as they often cause more harm than good.

Now
Click "start" on the taskbar and then click on the "Control Panel" icon.
Please click the "Programs and Features" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "uninstall":

Bcool
BCool Gadget
Search-Results Toolbar


Additional instructions can be found here if needed.

When you are finished reboot the computer.

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Finally
Double Click MBAM
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

I need to see:
The Junkware Removal log
MBAM log

White Warrior

#6 archiebabe49

archiebabe49
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 25 December 2012 - 08:59 PM

hi white warrior merry christmas,i uninstalled antivar before i installed avast,but antivar is in hidden folders it will not let me delete it.Attached File  JRT.txt   2.45KB   3 downloads
www.malwarebytes.org

Database version: v2012.12.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frankie :: FRANKIE-PC [administrator]

26/12/2012 01:48:17
mbam-log-2012-12-26 (01-48-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201625
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 26 December 2012 - 06:09 PM

Hi archiebabe49

Please copy/paste all the logs. Do not attach them unless I ask you to.

In Programs and Features please uninstall AppsAreFun 1.66

We need to create an OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
White Warrior

#8 archiebabe49

archiebabe49
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 26 December 2012 - 07:40 PM

OTL logfile created on: 27/12/2012 00:23:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frankie\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.75 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 84.46% Memory free
15.49 Gb Paging File | 14.16 Gb Available in Paging File | 91.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 11.97 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 416.92 Gb Total Space | 416.30 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: FRANKIE-PC | User Name: Frankie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/27 00:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frankie\Desktop\OTL.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/03 22:23:24 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/05/03 22:23:22 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/02/03 15:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 08:21:16 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2009/09/30 03:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/03/25 15:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/19 21:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009/03/19 21:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009/01/15 13:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/20 07:43:53 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/31 13:40:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/12 08:47:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/03 22:23:24 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/07/29 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/29 17:21:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/30 22:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 22:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 22:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 22:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 22:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 22:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 22:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 22:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 16:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/21 09:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/03 22:24:10 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/29 17:21:52 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/29 17:21:52 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/11 10:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/12/31 10:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/23 01:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/23 01:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/23 01:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009/09/23 01:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/31 21:24:40 | 006,103,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/17 03:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/25 02:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/07 20:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/08 14:46:30 | 000,245,248 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2012/10/30 09:56:17 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/05/03 22:24:12 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=8D108053-EC0F-4412-814D-07364308F25B&psa=&ind=2011092410&ptnrS=XRxdm004YYgb&si=CMyAxPWMtqsCFeomtAod5CxqeA&st=sb&n=77ded5ba&searchfor={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\..\SearchScopes\{3D758BC6-3870-49ed-A5ED-0AC03D57BBCF}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\..\SearchScopes\{409E8DE7-7CC6-414a-AB8D-D8DD751BF2AA}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=8D108053-EC0F-4412-814D-07364308F25B&psa=&ind=2011092410&ptnrS=XRxdm004YYgb&si=CMyAxPWMtqsCFeomtAod5CxqeA&st=sb&n=77ded5ba&searchfor={searchTerms}
IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SoccerInferno.com/Plugin: C:\Program Files (x86)\SoccerInferno\bar\1.bin\NPj2Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\j2ffxtbr@SoccerInferno.com: C:\Program Files (x86)\SoccerInferno\bar\1.bin


========== Chrome ==========


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A75A4E0-D9AB-4D5E-B7E4-77C3CC84C55A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9256804-6D6F-478A-A3EA-B6C76A7C9458}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/27 00:22:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frankie\Desktop\OTL.exe
[2012/12/26 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{20E8592C-5D1D-4FB7-AA74-EF2952E671F4}
[2012/12/26 08:35:34 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{50A81B90-177D-4AED-81DF-2645437EB02A}
[2012/12/26 02:19:17 | 000,132,864 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012/12/26 02:19:02 | 000,262,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012/12/26 02:19:00 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012/12/26 02:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/12/26 02:09:48 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/12/26 02:09:48 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/12/26 02:09:46 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/12/26 02:09:46 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/12/26 02:09:45 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/12/26 02:09:45 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/12/26 02:09:44 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/12/26 02:09:04 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/12/26 02:09:04 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/12/26 01:40:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/26 01:39:49 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/25 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{C8E4A6AF-EB04-49C5-AF30-716C7B64773A}
[2012/12/25 19:39:51 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{119F0012-2C56-4ED8-A902-8F31CE19BF4F}
[2012/12/24 22:15:51 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{E6136587-C6DD-4928-AC7F-1F84E47A1CF6}
[2012/12/24 08:07:53 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{400B8BFC-A767-426B-9DBA-75D209A0C666}
[2012/12/23 19:16:47 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{C09C5497-5837-4E58-A952-B4986084EA97}
[2012/12/23 06:05:20 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{F9D4354D-0CC3-4ABE-9210-6F34C7A1864F}
[2012/12/22 11:32:03 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{BA1792A7-0083-4A42-85B6-7624A684C0C3}
[2012/12/21 22:00:36 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{CEAF49F4-91D3-4350-9B64-13DA6D3E1FFD}
[2012/12/21 07:33:07 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{22189504-0C4B-4CD5-8DA6-A1BD78781791}
[2012/12/20 23:45:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/20 23:45:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/20 23:45:19 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/20 23:45:18 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/20 09:59:37 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{034254EF-C182-40DB-BB17-0D340F6948DE}
[2012/12/19 21:59:11 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{605B41F5-E703-4D37-89DA-3ECF38D5078E}
[2012/12/19 07:01:05 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{1AD90440-4374-4CAC-91C9-16E5D64D3E1B}
[2012/12/18 13:02:12 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{15661C55-972C-499F-8F98-16A7DE3FBE33}
[2012/12/18 12:50:09 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\SUPERAntiSpyware.com
[2012/12/18 12:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/12/18 12:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/12/18 12:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/12/18 12:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/18 12:48:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/18 12:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/17 22:52:40 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{9EF254B0-B316-4FBC-BA32-C4680FBC26D9}
[2012/12/17 09:04:10 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{C38789D1-8AB2-4375-A3D3-E3694695BA25}
[2012/12/16 16:22:04 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{6E72B218-FE53-4D7B-A144-DE3C130BC94D}
[2012/12/15 21:46:08 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{F8B93BD7-FE35-4854-B9BA-47C9B97A59FA}
[2012/12/15 07:13:02 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{9FC099EF-9750-4999-87FE-32D7411EE366}
[2012/12/14 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{045CC64F-D402-4C65-8432-E03D59D2D6A5}
[2012/12/13 22:14:32 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{35DF7070-87DE-4039-9A84-4957C35A51D8}
[2012/12/13 09:28:20 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{4C237505-B822-4387-8175-C22F3FEEA3A6}
[2012/12/12 21:27:43 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{7B82CFA4-1FEC-44F7-8171-DD34CEAACFA9}
[2012/12/12 13:28:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 13:28:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 13:28:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 13:28:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 13:28:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 13:28:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 13:28:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 13:28:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 13:28:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 13:28:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 13:28:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 13:28:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 13:28:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 13:28:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 13:28:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 13:12:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 13:12:08 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 13:12:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 13:12:08 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 13:12:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 13:12:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 13:12:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 13:12:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 13:12:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 13:12:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 13:12:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 13:12:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 13:12:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 13:12:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 13:12:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 13:12:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 13:12:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 13:12:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 13:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 13:12:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 13:12:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 13:12:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 13:12:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 13:12:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 13:12:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 13:12:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 13:12:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 13:12:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 13:12:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 13:12:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 13:12:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 13:12:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 13:12:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 13:12:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 13:12:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 13:12:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 13:12:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 13:11:45 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 13:11:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 08:36:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{F32510BC-586C-4042-86E8-BF3849093240}
[2012/12/11 09:13:05 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{496F58A6-39BE-469E-8F92-0E810D48A3A2}
[2012/12/10 16:00:19 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{E788476C-962D-4538-B3C9-AA61C87EB593}
[2012/12/09 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{ECD22C9C-B9E0-4324-8C2C-0F25A29F15A5}
[2012/12/08 07:31:32 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{22845649-49CB-48C5-9779-209957795A4C}
[2012/12/07 19:31:07 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{EAA51F52-C71B-42DF-BEAF-303DF56498A6}
[2012/12/07 07:23:25 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{D68E7EA5-DD38-42FA-A138-DDA228A523AF}
[2012/12/06 19:09:04 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{99F4D1A0-5DA1-4C15-9DF7-1E287DEA94F3}
[2012/12/05 21:56:39 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{6C3D8314-0C5B-4600-8B39-198D4813DCD0}
[2012/12/05 08:55:48 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{41A49FFC-4BBD-46F1-AA8A-E71DD228DE66}
[2012/12/04 07:37:45 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{E8DF5393-8AFF-4667-A6FC-2CBC6A6DACB5}
[2012/12/03 07:55:59 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{B5A4CACE-483D-4CD5-95BE-977E665EF280}
[2012/12/02 07:45:27 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{A616FCA9-CB8A-4B63-913F-E920D5839365}
[2012/12/01 16:32:39 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{D8688372-83EA-4261-80A7-881A9C23DB2B}
[2012/11/30 22:57:14 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\mozilla
[2012/11/30 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Diagnostics
[2012/11/30 21:57:39 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{F8CFAD43-AD40-4C04-87ED-112B95EA6A01}
[2012/11/30 11:10:58 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{BF438A99-069A-42F3-A12D-A80121708672}
[2012/11/29 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{729B712B-2568-45AD-BD1E-E73D9D433142}
[2012/11/28 19:36:53 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{5157470B-70AE-4B24-BAF0-09434A23CC63}
[2012/11/28 07:26:04 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{D2BEE978-1157-4A1B-8C2F-851D7E4EC2AD}
[2012/11/27 13:14:25 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\{2D5E9504-4CDF-4BD1-91E8-4E755D33EE40}

========== Files - Modified Within 30 Days ==========

[2012/12/27 00:22:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frankie\Desktop\OTL.exe
[2012/12/26 23:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/26 22:06:44 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/26 22:06:44 | 000,630,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/26 22:06:44 | 000,111,758 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/26 22:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 22:02:11 | 1944,723,455 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/26 14:01:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 14:01:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 11:21:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/12/26 02:16:48 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/12/21 22:56:01 | 000,000,010 | ---- | M] () -- C:\0.bak
[2012/12/21 22:35:15 | 000,000,557 | ---- | M] () -- C:\0
[2012/12/21 07:32:17 | 000,277,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/18 13:07:17 | 000,001,417 | ---- | M] () -- C:\Users\Frankie\Desktop\Internet Explorer.lnk
[2012/12/18 13:07:17 | 000,000,750 | -HS- | M] () -- C:\Users\Frankie\Documents\desktop (2).ini
[2012/12/18 12:50:00 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/18 12:48:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/16 17:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 14:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 14:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 14:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 08:47:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/12 08:47:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/03 11:09:23 | 000,000,355 | ---- | M] () -- C:\Users\Frankie\Computer - Shortcut.lnk
[2012/11/30 23:02:56 | 000,001,254 | ---- | M] () -- C:\Users\Frankie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/30 22:58:35 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/30 22:56:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\extensions.sqlite

========== Files Created - No Company Name ==========

[2012/12/26 02:16:48 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/12/21 22:56:01 | 000,000,010 | ---- | C] () -- C:\0.bak
[2012/12/21 22:36:52 | 000,000,174 | -HS- | C] () -- C:\Users\Frankie\Documents\desktop (3).ini
[2012/12/21 22:36:29 | 000,000,750 | -HS- | C] () -- C:\Users\Frankie\Documents\desktop (2).ini
[2012/12/18 13:07:17 | 000,001,417 | ---- | C] () -- C:\Users\Frankie\Desktop\Internet Explorer.lnk
[2012/12/18 12:50:00 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/18 12:48:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/03 11:09:23 | 000,000,355 | ---- | C] () -- C:\Users\Frankie\Computer - Shortcut.lnk
[2012/11/30 22:57:04 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/30 22:56:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\extensions.sqlite
[2011/12/31 12:36:13 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/12/24 16:30:46 | 000,001,516 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI
[2011/12/15 20:48:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/08/24 18:33:46 | 000,030,605 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/24 18:33:46 | 000,027,030 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/24 18:33:46 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/24 18:32:17 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P242580EF.ini
[2011/07/29 17:32:35 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/07/29 17:32:35 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/07/29 17:32:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/07/29 17:32:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/07/29 17:20:12 | 000,043,730 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/07/29 17:19:41 | 000,033,204 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/07/29 17:19:41 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OTL Extras logfile created on: 27/12/2012 00:23:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frankie\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.75 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 84.46% Memory free
15.49 Gb Paging File | 14.16 Gb Available in Paging File | 91.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.83 Gb Total Space | 11.97 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive D: | 416.92 Gb Total Space | 416.30 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: FRANKIE-PC | User Name: Frankie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B030DB-8829-4516-89DF-8C9BB0FDC30A}" = rport=137 | protocol=17 | dir=out | app=system |
"{0813F0D3-F99F-4DF0-8622-7400730EDAB4}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EF9A939-FAB5-4BC1-B8AE-3F31E5A168F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{20A2D570-0EF7-4E86-921E-9D7EF94F349B}" = rport=138 | protocol=17 | dir=out | app=system |
"{28FF4036-9D8A-43A5-9BCA-89AC1B311F00}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2B439895-D22B-4414-96E6-EA208F974CE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C688665-8F27-479B-B1B2-3F57DD820284}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CC52BFC-351B-48A5-B9E0-F3EDE8F2D71C}" = lport=139 | protocol=6 | dir=in | app=system |
"{5219210F-63FD-44F1-B119-54F4F6126636}" = lport=138 | protocol=17 | dir=in | app=system |
"{5AE4A93B-1DE3-4FC3-B9EF-C20EA32A4621}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F77F109-B923-449C-948A-5E041852363E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6C30473B-2B36-430B-9D6C-A3E913D84DD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7822587F-2994-47D7-A30A-AA593D77EF8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DB1B5CE-EB58-468B-9CFC-D11EBF49F124}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0BE5E34-FB1F-4751-8A45-4D126FE8D408}" = lport=137 | protocol=17 | dir=in | app=system |
"{F30967D4-D57E-4CAB-94D2-3CCDC5675163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EE998FA-5B57-426A-968F-6A8C6041CB64}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2167FBFC-AACB-4086-9F11-77631B0F211C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2237B5CD-8CA9-422D-BA96-D64EFC8F7472}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{26C75697-FF3B-4305-861F-2FF24C258422}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{27286223-35AF-4713-A8AC-12BB1D2D3DF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D3A49B2-46CC-48B0-873F-97E3281BE039}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3425E7BA-812E-4965-8BE3-11AF88845F67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34A1AEBE-7FCE-4DF9-B7E6-99E54707AB06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4187A3D9-672A-472A-A05A-232D806E3915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60B34170-995C-4F54-B912-B61B3522009C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6ABC58FE-1A37-4498-8854-0B5D7831EADE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{72029F15-02E8-48B2-9625-08FC27B28C67}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{768B4ECC-B517-4D69-92CC-2FE09B05CF6E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{77F52CEE-7876-4945-A289-31EBB43B62FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F7751BF-1794-4ABD-B57C-B4C5939733E7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9C6FAE86-E683-4493-8EE2-3600AF18620E}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{A18E87A7-C32B-4B9D-9FC0-4C91C9222E53}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{B7E4C665-B0B3-408E-9B72-ECF17035E125}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B93540C9-6833-48A5-A9B7-BC35FA6AC663}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5C91EC7-AADD-464D-B4F9-CE3D6800EC58}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F14085C4-1C92-4741-97BF-83F4CFE53615}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E746B02-AC4C-A9C9-283B-412F1035C351}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1A41D61-6163-026C-95A3-0B1DCE01A96E}" = ATI Catalyst Install Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00D58D1A-4A5F-3716-6C49-38F40F0CD90F}" = CCC Help Hungarian
"{07F8304E-0B5A-B727-681F-989A1B1EE65C}" = CCC Help German
"{08843DEF-2F47-FDDB-FEDF-5027F8C5240D}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C0794BB-4A33-0092-B76C-AE8C234A8F2B}" = CCC Help Dutch
"{11845F16-C912-87D3-8E8F-9C6F2D34FDB6}" = CCC Help English
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{207FB3C3-B413-8C2A-0520-9CC14B64F40A}" = Catalyst Control Center Graphics Full Existing
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FBE4AB5-BAD5-FA8B-0023-B659FF85B4E6}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3945EF59-31A8-5807-85F3-3C97FD048E33}" = CCC Help Danish
"{4DBAF204-CDEA-F8A7-2786-571296EF97F2}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52DDF893-2879-C600-657B-73ACD3F33FF7}" = CCC Help Chinese Standard
"{532DFC89-8DFA-4F7A-8AB2-61D8928EE4CF}" = Catalyst Control Center Core Implementation
"{5468EF5C-2752-B5E5-D6D5-E5D21CE9E2AB}" = CCC Help Turkish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CC39B57-ECFA-149C-84FE-E93D1795053B}" = ccc-core-static
"{5EB28D86-2705-2DE2-A561-89FF0C6BF954}" = Catalyst Control Center Graphics Previews Vista
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69D71765-B1CB-E82D-76F8-3EFB24BA1358}" = CCC Help French
"{704A7732-89FB-7002-1BAE-30A03261DA71}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E90DC9F-9993-0837-04C8-FA9E1351F575}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{92580F92-45B7-4885-E628-D302751DCDB3}" = Catalyst Control Center Graphics Full New
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F4B2997-99BE-8697-5EBA-A98442C4D497}" = CCC Help Greek
"{9F6BFC7F-8F98-642F-BB13-C09BF89D2110}" = CCC Help Polish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A40E0EF3-7058-50E1-E89E-1E1618325A83}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9169442-0FDC-746F-0269-988C80B9458F}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AD1912C2-5CFE-6CCC-86F3-245A33819ECB}" = CCC Help Italian
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BF1D4E7B-135D-7AAC-05F1-016FE4E0AE3E}" = CCC Help Chinese Traditional
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C82D9326-A7BC-E8A8-976C-6C1C16CE954E}" = CCC Help Korean
"{C9F942AF-5885-10E5-5D3D-ACA6E1478FF3}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAD63618-08A7-3469-4D63-2D4AEFBE1364}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA10136E-1153-11A4-1782-1377FD22FCD8}" = Catalyst Control Center Graphics Light
"{FA27FB92-F59A-0431-7CBE-84C5D2D33807}" = CCC Help Czech
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"{FD5B162C-13BA-8316-75C6-F8308DFAC1F7}" = CCC Help Swedish
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"EPSON Scanner" = EPSON Scan
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Rapport_msi" = Rapport
"SpeedFan" = SpeedFan (remove only)
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/12/2012 22:22:03 | Computer Name = Frankie-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 26/12/2012 04:34:32 | Computer Name = Frankie-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

Error - 26/12/2012 18:02:26 | Computer Name = Frankie-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file AVPREF.DLL. Returned error code: 0x45a

[ System Events ]
Error - 26/12/2012 04:34:28 | Computer Name = Frankie-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "E0469AA318B6" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 26/12/2012 04:34:28 | Computer Name = Frankie-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "E0469AA318B6" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 26/12/2012 08:07:29 | Computer Name = Frankie-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 26/12/2012 08:16:22 | Computer Name = Frankie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/12/2012 09:19:38 | Computer Name = Frankie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/12/2012 12:02:32 | Computer Name = Frankie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/12/2012 18:02:15 | Computer Name = Frankie-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 26/12/2012 18:02:15 | Computer Name = Frankie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 26/12/2012 18:03:19 | Computer Name = Frankie-PC | Source = DCOM | ID = 10010
Description =

Error - 26/12/2012 18:20:15 | Computer Name = Frankie-PC | Source = DCOM | ID = 10010
Description =


< End of report >hope i have done this right.

Edited by archiebabe49, 26 December 2012 - 07:43 PM.


#9 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2012 - 04:53 PM

Hi archiebabe49

hope i have done this right.

Yes! You are doing good.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    
    :otl
    SRV - [2011/07/29 17:21:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/07/29 17:21:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    DRV:64bit: - [2011/07/29 17:21:52 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/07/29 17:21:52 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    IE - HKLM\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=8D108053-EC0F-4412-814D-07364308F25B&psa=&ind=2011092410&ptnrS=XRxdm004YYgb&si=CMyAxPWMtqsCFeomtAod5CxqeA&st=sb&n=77ded5ba&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2750881105-2404796936-2549981412-1001\..\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XRxdm004YYgb&ptb=8D108053-EC0F-4412-814D-07364308F25B&psa=&ind=2011092410&ptnrS=XRxdm004YYgb&si=CMyAxPWMtqsCFeomtAod5CxqeA&st=sb&n=77ded5ba&searchfor={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@SoccerInferno.com/Plugin: C:\Program Files (x86)\SoccerInferno\bar\1.bin\NPj2Stub.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\j2ffxtbr@SoccerInferno.com: C:\Program Files (x86)\SoccerInferno\bar\1.bin
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
    O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1EE998FA-5B57-426A-968F-6A8C6041CB64}"=-
    "{2167FBFC-AACB-4086-9F11-77631B0F211C}"=-
    "{26C75697-FF3B-4305-861F-2FF24C258422}"=-
    "{768B4ECC-B517-4D69-92CC-2FE09B05CF6E}"=-
    "{9C6FAE86-E683-4493-8EE2-3600AF18620E}"=-
    "{A18E87A7-C32B-4B9D-9FC0-4C91C9222E53}"=-
    "{B7E4C665-B0B3-408E-9B72-ECF17035E125}"=-
    [hkey_local_machine\software\microsoft\internet explorer\searchscopes]
    "defaultscope"="{0633ee93-d776-472f-a0ff-e1416b8b2e3a}"
    [hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes]
    "defaultscope"="{0633ee93-d776-472f-a0ff-e1416b8b2e3a}"
    [hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes]
    "defaultscope"="{0633ee93-d776-472f-a0ff-e1416b8b2e3a}"
    [hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes]
    "defaultscope"="{0633ee93-d776-472f-a0ff-e1416b8b2e3a}"
    
    :Commands
    [CreateRestorePoint]
    [emptytemp]
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If no report appears, you will find it here: C:\_OTL\Moved Files
White Warrior

#10 archiebabe49

archiebabe49
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 27 December 2012 - 06:42 PM

hi white warrior,otl========== OTL ==========
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
File move failed. C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe scheduled to be moved on reboot.
Service AntiVirSchedulerService stopped successfully!
Service AntiVirSchedulerService deleted successfully!
File move failed. C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe scheduled to be moved on reboot.
Service avipbb stopped successfully!
Service avipbb deleted successfully!
C:\Windows\SysNative\drivers\avipbb.sys moved successfully.
Error: Unable to stop service avgntflt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt deleted successfully.
C:\Windows\SysNative\drivers\avgntflt.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ not found.
Registry key HKEY_USERS\S-1-5-21-2750881105-2404796936-2549981412-1001\Software\Microsoft\Internet Explorer\SearchScopes\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb72f1bd-a2f1-47eb-8f13-2c6dcd65516f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@SoccerInferno.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\j2ffxtbr@SoccerInferno.com deleted successfully.
File C:\Program Files (x86)\SoccerInferno\bar\1.bin not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EE998FA-5B57-426A-968F-6A8C6041CB64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EE998FA-5B57-426A-968F-6A8C6041CB64}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2167FBFC-AACB-4086-9F11-77631B0F211C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2167FBFC-AACB-4086-9F11-77631B0F211C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26C75697-FF3B-4305-861F-2FF24C258422} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26C75697-FF3B-4305-861F-2FF24C258422}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{768B4ECC-B517-4D69-92CC-2FE09B05CF6E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{768B4ECC-B517-4D69-92CC-2FE09B05CF6E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C6FAE86-E683-4493-8EE2-3600AF18620E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C6FAE86-E683-4493-8EE2-3600AF18620E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A18E87A7-C32B-4B9D-9FC0-4C91C9222E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A18E87A7-C32B-4B9D-9FC0-4C91C9222E53}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7E4C665-B0B3-408E-9B72-ECF17035E125} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7E4C665-B0B3-408E-9B72-ECF17035E125}\ not found.
hkey_local_machine\software\microsoft\internet explorer\searchscopes\\"defaultscope"|"{0633ee93-d776-472f-a0ff-e1416b8b2e3a}" /E : value set successfully!
hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\"defaultscope"|"{0633ee93-d776-472f-a0ff-e1416b8b2e3a}" /E : value set successfully!
hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\"defaultscope"|"{0633ee93-d776-472f-a0ff-e1416b8b2e3a}" /E : value set successfully!
hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\"defaultscope"|"{0633ee93-d776-472f-a0ff-e1416b8b2e3a}" /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12272012_232740

Files\Folders moved on Reboot...
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe moved successfully.
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#11 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 27 December 2012 - 09:57 PM

Hi archiebabe49

That's looking good.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How's the computer running now?
Are there any more problems?

White Warrior

#12 archiebabe49

archiebabe49
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 28 December 2012 - 04:41 PM

hi white warrior,puter running a lot better thanks to you,no more issues as yet.C:\$Recycle.Bin\S-1-5-21-2750881105-2404796936-2549981412-1001\$RHCONSU.zip Win32/Adware.ADON application deleted - quarantined Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
AntiVir Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#13 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 December 2012 - 08:32 PM

Hi archiebabe49

You have done well. Your logs look clean.

Now
To Delete All but the Most Recent System Restore Points

Click Start type cleanmgr into the search box and press Enter

Disk Cleanup will open
Select the drive that you want to clean up (usually C) and click OK
NOTE: You will only see this window if you have more than one drive or partition on your computer.
A window will open and calculate how much space you can save.
When it is finished another window will open.
Click the More Options tab.
Click Clean up under the System Restore and Shadow Copies section.
Click Delete to confirm the deletion.
Click OK
A window will ask for confirmation.
Click Delete Files
The files will be deleted and Disk Cleanup will close.

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Double click on the Posted Image icon on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
Now please re-enable Avast.

Your MBAM needs to be updated.
Open MBAM
Click Update
Click Check for Updates.
When it is finished click close.

Let me know how you get on and if everything is still ok.

White Warrior

#14 archiebabe49

archiebabe49
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  

Posted 29 December 2012 - 03:00 PM

hi white warrior,did what you requested above,ran mbam no threats found,also ran superantispyware found 2 adware tracking cookies,computer running ok thanks to you.i wish you all the best for the new year and i am most grateful for your time and effort spent helping me out. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Edited by archiebabe49, 29 December 2012 - 03:00 PM.


#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:13 AM

Posted 07 January 2013 - 10:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users