Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysearchdial.com homepage hijacker/virus


  • This topic is locked This topic is locked
13 replies to this topic

#1 kdt

kdt

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 22 July 2013 - 11:59 AM

Hi,

About a month ago I got this mysearchdial virus and about 2 days later had £1500 stolen from my bank account. I googled a few guides and tried to get rid of it but didn't have any success so I wiped my computer. When i got it up and running again I changed all my passwords and installed some new virus software. A few days ago it came back and I'm obviously a bit paranoid about losing more money. Could it have come from my phone or tablet which are synced to my computer? I googled it again and found a guy on here with the same problem so I followed the steps given to him to save time. Thanks in advance.

 

Here are the logs:

 

 

~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\John\appdata\local\adawarebp"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/07/2013 at 17:13:07.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by John at 17:17:23 on 2013-07-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.12279.9611 [GMT 1:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\John\Desktop\get rid of search dial\JRT.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Windows Internet Explorer provided by Alienware
uDefault_Page_URL = hxxp://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-A51-X58&ai=636E3D4532353335373826706F3D4532333435383441
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll
uRun: [Spotify] "C:\Users\John\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{C070CCEF-4F49-409C-A051-FA1D53FCA1A3} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-7-18 14456]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2008-11-28 173096]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1404000.028\SymDS64.sys [2013-6-19 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1404000.028\SymEFA64.sys [2013-6-19 1139800]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1404000.028\ccSetx64.sys [2013-6-19 169048]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [2013-6-19 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20130719.002\IDSviA64.sys [2013-7-20 513184]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\Ironx64.sys [2013-6-19 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys [2013-6-19 433752]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/08/25 12:29:44];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-17 146928]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2008-10-13 8192]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-7-18 109352]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [2013-6-19 144368]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-6-19 144368]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-6-27 1025408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-6-20 138912]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-21 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-21 701512]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-7-18 22704]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-21 25928]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-20 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-20 1255736]
S4 ahcix64;ahcix64;C:\Windows\System32\drivers\ahcix64.sys [2008-8-4 146944]
.
=============== Created Last 30 ================
.
2013-07-22 15:59:37 -------- d-----w- C:\Users\John\AppData\Local\CrashDumps
2013-07-20 14:58:30 -------- d-----w- C:\Windows\ERUNT
2013-07-20 14:46:55 -------- d-----w- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2013-07-20 14:46:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-07-20 14:46:47 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-07-18 20:16:32 35192 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-07-18 20:16:31 26488 ----a-w- C:\Windows\System32\authuitu.dll
2013-07-18 20:16:31 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-07-18 20:15:59 -------- d-----w- C:\Users\John\AppData\Roaming\AVG
2013-07-18 20:15:22 -------- d-----w- C:\ProgramData\AVG
2013-07-18 20:15:05 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-18 20:07:00 -------- d-----w- C:\Users\John\AppData\Roaming\AVG2013
2013-07-18 20:06:26 -------- d-----w- C:\Users\John\AppData\Roaming\TuneUp Software
2013-07-18 20:05:47 -------- d--h--w- C:\$AVG
2013-07-18 20:05:47 -------- d-----w- C:\ProgramData\AVG2013
2013-07-18 20:05:14 -------- d-----w- C:\Program Files (x86)\AVG
2013-07-18 17:31:04 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-07-18 17:31:03 -------- d-----w- C:\Users\John\AppData\Roaming\LavasoftStatistics
2013-07-18 17:12:06 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-18 17:11:53 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-07-18 17:11:50 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-07-18 17:11:39 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-07-18 17:10:17 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-07-18 17:10:17 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-07-18 17:10:16 -------- d-----w- C:\Users\John\AppData\Roaming\Ad-Aware Antivirus
2013-07-18 16:30:01 -------- d-----w- C:\Program Files\HitmanPro
2013-07-18 16:27:59 -------- d--h--w- C:\ProgramData\Common Files
2013-07-18 16:27:59 -------- d-----w- C:\Users\John\AppData\Local\MFAData
2013-07-18 16:27:59 -------- d-----w- C:\Users\John\AppData\Local\Avg2013
2013-07-18 16:27:59 -------- d-----w- C:\ProgramData\MFAData
2013-07-18 16:11:20 -------- d-----w- C:\Program Files\CCleaner
2013-07-18 16:09:17 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2013-07-18 16:09:14 110080 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconF7A21AF7.exe
2013-07-18 16:09:14 110080 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\IconD7F16134.exe
2013-07-18 16:09:14 110080 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}\Icon1226A4C5.exe
2013-07-18 16:09:13 -------- d-----w- C:\sh4ldr
2013-07-18 16:09:13 -------- d-----w- C:\Program Files\Enigma Software Group
2013-07-18 16:08:35 -------- d-----w- C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-18 15:34:51 18816 ----a-w- C:\Windows\System32\roboot64.exe
2013-07-18 15:34:44 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2013-07-18 15:34:44 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2013-07-18 15:34:44 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2013-07-18 15:34:44 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll
2013-07-18 15:34:43 -------- d-----w- C:\Program Files (x86)\My Search Dial Removal Tool
2013-07-16 06:27:58 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52E96395-C2A9-464C-A3C2-BDED48D32653}\mpengine.dll
2013-07-13 08:39:04 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-07-13 08:39:03 -------- d-----w- C:\Program Files (x86)\Steam
2013-07-12 15:22:08 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-07-10 05:45:06 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 05:45:06 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 05:45:06 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 05:45:06 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 05:45:06 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 05:45:06 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 05:45:06 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 05:45:05 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-10 05:45:05 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-10 05:45:05 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-10 05:45:04 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-10 05:44:56 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-10 05:44:39 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:44:39 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 05:44:39 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 05:44:39 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 05:44:39 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:44:30 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-10 05:44:30 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-06-27 05:27:49 -------- d-----w- C:\Users\John\AppData\Local\AirVideoServer
2013-06-27 05:24:21 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-27 05:24:20 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-27 05:24:03 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 05:21:25 -------- d--h--w- C:\jexepackres
2013-06-27 05:21:20 -------- d-----w- C:\Program Files (x86)\AirVideoServer
2013-06-27 05:16:59 -------- d-----w- C:\Users\John\AppData\Local\Diagnostics
.
==================== Find3M  ====================
.
2013-06-21 02:18:53 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-20 02:42:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-06-20 02:42:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-06-19 16:04:37 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-23 05:25:28 1139800 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\SymEFA64.sys
2013-05-21 05:02:00 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\SymDS64.sys
2013-05-16 05:02:14 796760 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\srtsp64.sys
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 01:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-25 00:43:56 433752 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys
.
============= FINISH: 17:17:51.70 ===============
 

 

 

 



BC AdBot (Login to Remove)

 


#2 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 24 July 2013 - 10:23 AM

bump



#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:12 PM

Posted 24 July 2013 - 02:37 PM

Good evening. :)

I suspect that it may just be your browsing habits that are responsible for the infection rather than anything more spooky, but you never can tell. It may also be a coincidence that you suffered a financial loss at the same time that you had the original infection, but again you never can tell.

 

Download OTL by OldTimer from here and save it to your Desktop. Double click the tool to run it.

  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

 

 


So long, and thanks for all the fish.

 

 


#4 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 25 July 2013 - 10:51 AM

Hey, thanks for the reply. I'm pretty sure I know where i got it from. I tried to download A Clash Of Kings on audio book on a torrent website (never used a torrent site before) because it was about £25 on itunes. It looked suspect so i decided against and tried to close it but it was too late. £25 seems like a bargain now. Plus somebody put it all up on youtube.

 

OTL Extras logfile created on: 25/07/2013 16:36:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
11.99 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 49.89% Memory free
23.98 Gb Paging File | 16.87 Gb Available in Paging File | 70.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.33 Gb Total Space | 564.25 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 2559.55 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
 
Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4170459690-1226690627-29224547-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0588B322-1288-49ED-8CAE-DD0AEB6947D8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2E7FE02C-671A-46F6-B26D-1029AF1CE033}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{400D7D7C-9A94-49BE-B643-0129266FEA30}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{48C03191-041D-4004-A89A-DF873EC7695A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5B3ECB79-45EF-4DB5-A820-0FC02C7A1345}" = rport=445 | protocol=6 | dir=out | app=system | 
"{60941877-3644-4275-A3A8-582CD4447BCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{781620D9-62C5-4B58-BBC8-DFE79314243E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7A29A342-230D-4F95-AD6F-BF7A54AAD9BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92417FAA-B758-4296-B07D-C14DC8DF5280}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{927CC0B4-95EB-4C70-9440-4EFCF1C57A29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{982F34A5-88D4-4CAB-88AB-139806B79CA9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A088CF5D-EED5-4790-AC87-C1688865BF7C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A4313E1F-DB4D-4042-8F00-0085304B54BA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A671294D-3331-48EC-8740-416498C73AAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AB55F69D-1852-445A-9732-B665B9EE133D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AC321B4E-9E56-4F79-964E-8D5C5FB7475B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B1F40916-99A0-4BDA-A302-B98711BA7F73}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C532857E-5CD2-47D1-AFEE-3C61F936103A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3D27DCE-D16F-482E-BC97-C0DE0C0A438B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E7842E81-7715-4D63-8E64-1E9E7AE93386}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F82B44F8-CEFF-4A6E-9C39-73FF90E2ECAE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03601B64-CDA8-4100-A9F1-25762E8A3A99}" = protocol=6 | dir=out | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{09C0B626-04DE-4257-BAE3-DA8EFFF5BCF6}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{0D70B233-4A8E-4EDB-9CE9-E56A5755012D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0DF42086-BDA2-458A-9784-08A532B50E7B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1213876C-FA69-4862-B7BB-E9928E416227}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{127B1061-222E-4396-A5DD-5E02A732C577}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{15088226-61E3-434B-9D47-7E1B2459EA41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2191E566-8DB2-4F01-A3DE-B17C06CF0FA3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2AC32824-FE87-44BB-95B6-AA7211A4CA30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C93CBAA-C23E-489C-ABC7-F11665E69F02}" = protocol=17 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{2CE65971-5960-4E96-BD2C-BE13359F1B5C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{40EEEF3F-31F3-4FC8-8778-D6B103DF1DD7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{45DD0816-678B-445B-A773-7B7BEBE8768B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{50799810-53AD-4951-99D7-CAFBD667868F}" = dir=in | app=e:\itunes transfer folder\itunes.exe | 
"{52A7D3B0-7229-47E3-BEE5-23877D130BBB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{53753310-24A9-4275-A1E7-7EDB94693CE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{537D9446-6F6D-45AF-AFC1-AF049D2A2564}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{57AEE061-93F0-4F4B-9DBE-6597AD4A5080}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{583BEA73-9037-49F3-AC8C-0128831B8E21}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{5870F499-94B0-4D3B-AC78-7EA0DCFD37A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5D2703C6-1791-43E2-BEC2-741AD2A20C09}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F1520A7-E787-4900-93DE-2435F4559105}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{6A8ADDAA-2BD9-4630-A0C7-5B264187155A}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{6A8EB6D1-A6EC-40F9-A00E-B41650A3EF2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E43E12F-9DBF-425D-B73A-8E7FE48B0F09}" = protocol=6 | dir=out | app=system | 
"{6EBE2B20-27B3-46CD-ACEE-E35052B72945}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{71C3FA27-70BC-4F24-ABFB-0ED2FD645215}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{817DBC1F-47A2-4FF6-AA81-F370B38D3574}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{818B82C1-2E27-4498-9FA2-865751313952}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B5BB0E0-9B2A-4E5F-BF85-5C4D33514373}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93266BCD-2FE4-4A75-AE10-D2356F12C298}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{BFE87D11-18A5-41E0-8271-6DCAAAC145C4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C1F68E76-5339-4D98-9668-B4BF3142FBA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C8665A88-DA68-496E-817F-53517C190035}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{CEF0489C-0B2C-46C7-AFD0-80B55E385B1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF6C057C-BCE5-4228-AF5C-1F40949BA71B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D20E6FD6-84A5-4D3F-883C-E900AC874CF4}" = protocol=6 | dir=in | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{D37B79DF-6D5B-4064-AD7F-C4326C21EFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 
"{DD03A82E-CC5F-4A6A-B071-D0668C10931A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E515985E-AB8F-4C5F-95F2-4D368592AFC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEBF6A01-9213-48E4-B54D-77A907EE0DF0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{FB667B93-A8C3-4C0D-BC4A-4B7BC949562B}" = protocol=6 | dir=out | app=c:\program files (x86)\airvideoserver\airvideoserver.exe | 
"{FED46972-94E9-476A-9767-7C25BAAA7A65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{BBDEA871-5361-47A6-9BBD-10D5880009E3}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{14E45B66-2F9C-4594-A74C-EF4102214CEB}C:\users\john\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{57B82DB4-8A01-4F7B-987C-9A46CEC4303A}" = AVG 2013
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{78B5B205-2F59-4D96-9D83-DEB94CD5229B}" = AVG 2013
"{8AE3CFB6-78B2-4F55-A7BE-618FCFF43A03}" = SpyHunter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFD5CD27-1200-4A62-8360-1890578AC943}" = Command Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3d7d9e80-7306-453f-9123-dd6f04f9b39e}" = Nero 9 Essentials
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{944167EA-7F89-4705-8DCD-1D63B53141B0}" = Ad-Aware Antivirus
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Air Video Server" = Air Video Server 2.4.6-beta3
"AlienRespawn20_AD" = AlienRespawn v2.0
"AVG PC TuneUp" = AVG PC TuneUp
"Google Chrome" = Google Chrome
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{CFD5CD27-1200-4A62-8360-1890578AC943}" = Command Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"My Search Dial Removal Tool_is1" = My Search Dial Removal Tool
"NAV" = Norton AntiVirus
"NST" = Norton Identity Safe
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 2.0.7
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4170459690-1226690627-29224547-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25/07/2013 02:05:55 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023
 
Error - 25/07/2013 02:05:56 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/07/2013 02:05:56 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6021
 
Error - 25/07/2013 02:05:56 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6021
 
Error - 25/07/2013 02:05:57 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/07/2013 02:05:57 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020
 
Error - 25/07/2013 02:05:57 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error - 25/07/2013 02:05:58 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25/07/2013 02:05:58 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018
 
Error - 25/07/2013 02:05:58 | Computer Name = John-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018
 
[ System Events ]
Error - 23/07/2013 00:48:57 | Computer Name = John-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 23/07/2013 11:45:15 | Computer Name = John-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 23/07/2013 11:48:48 | Computer Name = John-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >


#5 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 25 July 2013 - 10:53 AM

OTL logfile created on: 25/07/2013 16:36:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
11.99 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 49.89% Memory free
23.98 Gb Paging File | 16.87 Gb Available in Paging File | 70.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.33 Gb Total Space | 564.25 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Drive E: | 2794.52 Gb Total Space | 2559.55 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
 
Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/25 16:34:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/07/10 16:55:48 | 004,640,768 | ---- | M] (Spotify Ltd) -- C:\Users\John\AppData\Roaming\Spotify\spotify.exe
PRC - [2013/07/10 16:55:48 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/07/10 02:56:22 | 000,559,016 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/07/10 02:56:20 | 001,672,616 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/06/13 02:27:36 | 018,834,784 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/05/31 11:55:58 | 009,789,256 | ---- | M] (Apple Inc.) -- E:\Itunes Transfer folder\iTunes.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
PRC - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/07/20 00:25:28 | 004,935,112 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
PRC - [2009/01/08 22:56:11 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2008/12/12 17:31:44 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/10/17 17:00:10 | 000,008,192 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2008/10/17 17:00:04 | 000,079,360 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2008/09/02 10:55:38 | 003,858,432 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2008/08/20 15:31:34 | 000,012,288 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/12 19:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 19:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 19:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 19:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 19:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/11 03:49:30 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll
MOD - [2013/07/11 03:44:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 03:44:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll
MOD - [2013/07/11 03:44:14 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013/07/11 03:44:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 03:43:58 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 03:43:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013/07/11 03:43:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 03:43:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 03:43:42 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 03:43:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 03:43:37 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 16:55:48 | 024,985,600 | ---- | M] () -- C:\Users\John\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013/07/10 02:56:22 | 001,121,704 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/07/09 22:45:48 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/01 17:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/19 00:33:12 | 005,291,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.31.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2013/06/19 00:33:12 | 000,315,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.31.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2013/06/19 00:33:12 | 000,058,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.23.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2013/06/19 00:33:12 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.21.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2013/06/15 00:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/15 00:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/15 00:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/20 00:25:28 | 004,935,112 | ---- | M] () -- C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
MOD - [2012/05/30 15:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/10/14 12:13:50 | 000,146,944 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/07/18 17:30:02 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/06/27 23:46:34 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/10/13 16:03:00 | 000,008,192 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV - [2013/07/10 02:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/06/13 02:27:38 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2013/05/21 05:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe -- (NAV)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 17:31:44 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/18 18:10:17 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/06/19 17:04:37 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/23 06:25:28 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/05/21 06:02:00 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/05/16 06:02:14 | 000,796,760 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/25 01:43:56 | 000,433,752 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/16 03:41:14 | 000,169,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/04/16 03:41:14 | 000,169,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccSetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/03/05 02:40:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/05 02:21:35 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/10 21:24:40 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008/07/29 20:15:28 | 000,146,944 | ---- | M] (ATI Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64.sys -- (ahcix64)
DRV:64bit: - [2008/06/23 23:21:32 | 000,173,096 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2007/04/12 05:18:26 | 000,071,680 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2006/11/02 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006/02/08 00:53:22 | 000,008,704 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\JGOGO.sys -- (JGOGO)
DRV - [2013/06/18 15:22:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20130724.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/06/18 01:00:00 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20130725.003\ex64.sys -- (NAVEX15)
DRV - [2013/06/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/06/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/06/18 01:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20130725.003\eng64.sys -- (NAVENG)
DRV - [2013/05/21 05:41:34 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/17 15:52:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/08/25 12:29:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.co.uk/Mothership?Comp=AWEU&SysCode=PC-EU-A51-X58&ai=636E3D4532353335373826706F3D4532333435383441
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.co.uk [binary data]
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4170459690-1226690627-29224547-1002\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Itunes Transfer folder\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFFPlgn\ [2013/06/19 17:05:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.4.0.10\coFFPlgn\ [2013/07/23 16:48:18 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.reddit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Itunes Transfer folder\Mozilla Plugins\npitunes.dll
CHR - Extension: YT Native Center Layout = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\becgdfhcipoaiiaigklmfjpcmdeclobd\0.1.20_0\
CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.2_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.3.3487_0\
CHR - Extension: Center that Youtube! = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcapbmkcbgmkafafecgbmbjlcmbomkki\1.0_0\
CHR - Extension: Window Expander For YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog\2.3_0\
CHR - Extension: AdBlock = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Planner 5D = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc\1.2.0.5_0\
CHR - Extension: Youtube Automatic Quality changer = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgijgnfdfpfnkfliikinfajhdmphahpj\1.31_0\
CHR - Extension: Google Maps = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Privacy Palette = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone\0.4_0\
CHR - Extension: Norton Identity Protection = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.4.0.10_0\
CHR - Extension: Centre for YouTube™ = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnogmhlkfoemnbahcdepnihbcmmiialh\1.2.2_0\
 
O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4170459690-1226690627-29224547-1001\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1001..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe ()
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1001..\Run: [Spotify] C:\Users\John\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1001..\Run: [Spotify Web Helper] C:\Users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4170459690-1226690627-29224547-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C070CCEF-4F49-409C-A051-FA1D53FCA1A3}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\AW-CO5.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\AW-CO5.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/18 17:09:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/09/01 06:52:19 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 13:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/24 00:37:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\ElevatedDiagnostics
[2013/07/23 16:48:07 | 000,000,000 | R--D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/07/23 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\adawarebp
[2013/07/22 16:59:37 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
[2013/07/22 16:52:53 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\spyware
[2013/07/21 11:33:29 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\get rid of search dial
[2013/07/20 15:58:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/20 15:46:55 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/20 15:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/07/20 15:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/07/20 15:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/18 21:16:32 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe
[2013/07/18 21:16:31 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll
[2013/07/18 21:16:31 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll
[2013/07/18 21:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/07/18 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG
[2013/07/18 21:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/07/18 21:15:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/07/18 21:07:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVG2013
[2013/07/18 21:06:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\TuneUp Software
[2013/07/18 21:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/07/18 21:05:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/07/18 21:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/07/18 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/07/18 18:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/07/18 18:31:03 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\LavasoftStatistics
[2013/07/18 18:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013/07/18 18:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/07/18 18:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/07/18 18:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/07/18 18:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/07/18 18:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/07/18 18:10:17 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/07/18 18:10:17 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/07/18 18:10:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Ad-Aware Antivirus
[2013/07/18 17:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/07/18 17:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/07/18 17:27:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/07/18 17:27:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\MFAData
[2013/07/18 17:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/07/18 17:27:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Avg2013
[2013/07/18 17:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/18 17:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/18 17:09:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/07/18 17:09:13 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/07/18 17:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/07/18 16:34:51 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/07/18 16:34:44 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/07/18 16:34:44 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/07/18 16:34:44 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/07/18 16:34:44 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/07/18 16:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Search Dial Removal Tool
[2013/07/18 16:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Search Dial Removal Tool
[2013/07/13 09:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/07/13 09:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/07/13 09:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/07/12 16:22:56 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\vlc
[2013/07/12 16:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/12 16:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/07/11 03:08:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 03:08:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 03:08:45 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/11 03:08:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/11 03:08:45 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 03:08:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 03:08:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/11 03:08:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/11 03:08:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/11 03:08:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/11 03:08:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/11 03:08:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/11 03:08:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/11 03:08:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 03:08:42 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 06:45:05 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 06:45:05 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 06:45:05 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 06:45:04 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 06:44:30 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/06/27 06:27:49 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\AirVideoServer
[2013/06/27 06:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/06/27 06:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/27 06:24:21 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/27 06:24:20 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/27 06:24:20 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/27 06:24:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/27 06:24:03 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/27 06:24:03 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/27 06:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/06/27 06:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/06/27 06:21:25 | 000,000,000 | -H-D | C] -- C:\jexepackres
[2013/06/27 06:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server
[2013/06/27 06:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirVideoServer
[2013/06/27 06:16:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Diagnostics
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/25 16:07:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/25 16:07:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 06:44:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/25 06:37:47 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 06:37:47 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 16:47:30 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 18:10:17 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/07/18 18:10:17 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/07/18 17:09:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/07/13 09:39:07 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/07/13 06:53:50 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/11 03:38:59 | 000,279,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 03:15:31 | 000,731,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 03:15:31 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 03:15:31 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/27 06:26:37 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Air Video Server.lnk
[2013/06/27 06:23:53 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/27 06:23:53 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/27 06:23:53 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/27 06:23:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/27 06:23:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/27 06:23:53 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/18 21:16:07 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/07/18 17:09:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/07/18 17:09:17 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013/07/13 09:39:07 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/06/27 06:21:22 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Air Video Server.lnk
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:12 PM

Posted 25 July 2013 - 03:55 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 


So long, and thanks for all the fish.

 

 


#7 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 26 July 2013 - 04:06 AM

Hi, nothing was found I'm afraid



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:12 PM

Posted 27 July 2013 - 03:19 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *
 

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.

* One point to note from the instructions page:

 

Disabling your Anti-Virus - CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

 

 

 


So long, and thanks for all the fish.

 

 


#9 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 30 July 2013 - 12:43 AM

hi, the mysearchdial web page still opens up when i start chrome and computer is still running a bit slow. here is the combofix log:
 
ComboFix 13-07-27.01 - John 29/07/2013  23:22:14.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.12279.6249 [GMT 1:00]
Running from: c:\users\John\Desktop\CFOX.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-29  )))))))))))))))))))))))))))))))
.
.
2013-07-29 22:26 . 2013-07-29 22:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-29 22:26 . 2013-07-29 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-29 21:52 . 2013-07-29 21:56 -------- d-----w- C:\CFOX
2013-07-26 02:02 . 2013-07-26 02:04 -------- d-----w- c:\windows\system32\MRT
2013-07-25 21:59 . 2013-07-25 21:59 -------- d-----w- c:\program files (x86)\ESET
2013-07-23 23:37 . 2013-07-23 23:37 -------- d-----w- c:\users\John\AppData\Local\ElevatedDiagnostics
2013-07-23 15:47 . 2013-07-23 15:48 -------- d-----w- c:\users\John\AppData\Local\adawarebp
2013-07-22 15:59 . 2013-07-29 15:53 -------- d-----w- c:\users\John\AppData\Local\CrashDumps
2013-07-20 14:58 . 2013-07-20 14:58 -------- d-----w- c:\windows\ERUNT
2013-07-20 14:46 . 2013-07-20 14:46 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2013-07-20 14:46 . 2013-07-20 14:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-20 14:46 . 2013-07-20 14:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-18 20:16 . 2012-08-23 10:31 35192 ----a-w- c:\windows\system32\TURegOpt.exe
2013-07-18 20:16 . 2012-08-23 10:31 26488 ----a-w- c:\windows\system32\authuitu.dll
2013-07-18 20:16 . 2012-08-23 10:31 21880 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-07-18 20:15 . 2013-07-18 20:15 -------- d-----w- c:\users\John\AppData\Roaming\AVG
2013-07-18 20:15 . 2013-07-18 20:16 -------- d-----w- c:\programdata\AVG
2013-07-18 20:15 . 2013-07-18 20:15 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-18 20:06 . 2013-07-18 20:06 -------- d-----w- c:\users\John\AppData\Roaming\TuneUp Software
2013-07-18 20:05 . 2013-07-18 20:05 -------- d-----w- C:\$AVG
2013-07-18 20:05 . 2013-07-18 20:15 -------- d-----w- c:\program files (x86)\AVG
2013-07-18 17:31 . 2013-07-18 17:40 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-07-18 17:31 . 2013-07-18 17:31 -------- d-----w- c:\users\John\AppData\Roaming\LavasoftStatistics
2013-07-18 17:12 . 2013-07-18 17:12 -------- d-----w- c:\programdata\Lavasoft
2013-07-18 17:12 . 2013-07-18 17:31 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-07-18 17:11 . 2013-07-18 17:11 -------- d-----w- c:\programdata\Downloaded Installations
2013-07-18 17:11 . 2013-07-18 17:11 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-07-18 17:11 . 2013-07-18 17:11 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-07-18 17:10 . 2013-07-18 17:10 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-07-18 17:10 . 2013-07-18 17:10 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-07-18 17:10 . 2013-07-22 16:06 -------- d-----w- c:\users\John\AppData\Roaming\Ad-Aware Antivirus
2013-07-18 16:30 . 2013-07-18 16:30 -------- d-----w- c:\program files\HitmanPro
2013-07-18 16:27 . 2013-07-29 21:45 -------- d-----w- c:\programdata\MFAData
2013-07-18 16:27 . 2013-07-22 20:58 -------- d-----w- c:\users\John\AppData\Local\Avg2013
2013-07-18 16:27 . 2013-07-18 16:27 -------- d--h--w- c:\programdata\Common Files
2013-07-18 16:27 . 2013-07-18 16:27 -------- d-----w- c:\users\John\AppData\Local\MFAData
2013-07-18 16:11 . 2013-07-18 16:11 -------- d-----w- c:\program files\CCleaner
2013-07-18 16:09 . 2013-07-18 16:09 -------- d-----w- c:\program files\Enigma Software Group
2013-07-18 16:08 . 2013-07-29 22:19 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-18 15:34 . 2012-01-20 13:14 18816 ----a-w- c:\windows\system32\roboot64.exe
2013-07-18 15:34 . 2012-12-10 10:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-07-18 15:34 . 2012-12-10 10:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-07-18 15:34 . 2009-07-23 17:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-07-18 15:34 . 2009-07-23 17:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-07-18 15:34 . 2013-07-18 15:52 -------- d-----w- c:\program files (x86)\My Search Dial Removal Tool
2013-07-16 06:27 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52E96395-C2A9-464C-A3C2-BDED48D32653}\mpengine.dll
2013-07-13 08:39 . 2013-07-14 10:35 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-07-13 08:39 . 2013-07-25 19:44 -------- d-----w- c:\program files (x86)\Steam
2013-07-12 15:22 . 2013-07-25 22:31 -------- d-----w- c:\users\John\AppData\Roaming\vlc
2013-07-12 15:22 . 2013-07-12 15:22 -------- d-----w- c:\program files (x86)\VideoLAN
2013-07-10 05:45 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 05:45 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 05:45 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 05:45 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 05:45 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 05:45 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 05:45 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 05:45 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 05:45 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 05:45 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 05:45 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 05:44 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 05:44 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 05:44 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 05:44 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 05:44 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:44 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 05:44 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 05:23 . 2013-06-27 05:24 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 05:23 . 2013-06-27 05:24 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-27 05:23 . 2013-06-27 05:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 23:57 . 2013-06-19 06:55 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-21 02:19 . 2013-06-21 02:19 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-21 02:19 . 2013-06-21 02:19 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-21 02:19 . 2013-06-21 02:19 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-21 02:19 . 2013-06-21 02:19 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-21 02:19 . 2013-06-21 02:19 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-21 02:19 . 2013-06-21 02:19 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-21 02:19 . 2013-06-21 02:19 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-21 02:19 . 2013-06-21 02:19 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-21 02:19 . 2013-06-21 02:19 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-21 02:19 . 2013-06-21 02:19 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-21 02:19 . 2013-06-21 02:19 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-21 02:19 . 2013-06-21 02:19 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-21 02:19 . 2013-06-21 02:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-21 02:19 . 2013-06-21 02:19 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-21 02:19 . 2013-06-21 02:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-21 02:19 . 2013-06-21 02:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-21 02:19 . 2013-06-21 02:19 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-21 02:19 . 2013-06-21 02:19 441856 ----a-w- c:\windows\system32\html.iec
2013-06-21 02:19 . 2013-06-21 02:19 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-21 02:19 . 2013-06-21 02:19 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-21 02:19 . 2013-06-21 02:19 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-21 02:19 . 2013-06-21 02:19 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-21 02:19 . 2013-06-21 02:19 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-21 02:19 . 2013-06-21 02:19 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-21 02:19 . 2013-06-21 02:19 235008 ----a-w- c:\windows\system32\url.dll
2013-06-21 02:19 . 2013-06-21 02:19 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-21 02:19 . 2013-06-21 02:19 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-21 02:19 . 2013-06-21 02:19 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-21 02:19 . 2013-06-21 02:19 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-21 02:19 . 2013-06-21 02:19 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-21 02:19 . 2013-06-21 02:19 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-21 02:19 . 2013-06-21 02:19 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-21 02:19 . 2013-06-21 02:19 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-21 02:19 . 2013-06-21 02:19 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-21 02:19 . 2013-06-21 02:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-21 02:19 . 2013-06-21 02:19 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-21 02:19 . 2013-06-21 02:19 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-21 02:19 . 2013-06-21 02:19 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-21 02:19 . 2013-06-21 02:19 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-21 02:19 . 2013-06-21 02:19 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-21 02:19 . 2013-06-21 02:19 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-21 02:19 . 2013-06-21 02:19 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-21 02:19 . 2013-06-21 02:19 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-21 02:19 . 2013-06-21 02:19 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-21 02:19 . 2013-06-21 02:19 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-21 02:19 . 2013-06-21 02:19 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-21 02:19 . 2013-06-21 02:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-21 02:19 . 2013-06-21 02:19 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-21 02:19 . 2013-06-21 02:19 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-21 02:18 . 2013-06-21 02:18 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-21 02:18 . 2013-06-21 02:18 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-21 02:18 . 2013-06-21 02:18 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-21 02:18 . 2013-06-21 02:18 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-21 02:18 . 2013-06-21 02:18 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-21 02:18 . 2013-06-21 02:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-21 02:18 . 2013-06-21 02:18 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-21 02:18 . 2013-06-21 02:18 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-21 02:18 . 2013-06-21 02:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-21 02:18 . 2013-06-21 02:18 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-21 02:18 . 2013-06-21 02:18 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-21 02:18 . 2013-06-21 02:18 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-21 02:18 . 2013-06-21 02:18 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-21 02:18 . 2013-06-21 02:18 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-21 02:18 . 2013-06-21 02:18 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-21 02:18 . 2013-06-21 02:18 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-21 02:18 . 2013-06-21 02:18 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-21 02:18 . 2013-06-21 02:18 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-21 02:18 . 2013-06-21 02:18 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-21 02:18 . 2013-06-21 02:18 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-21 02:18 . 2013-06-21 02:18 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-21 02:18 . 2013-06-21 02:18 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-21 02:18 . 2013-06-21 02:18 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-21 02:18 . 2013-06-21 02:18 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-21 02:18 . 2013-06-21 02:18 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-21 02:18 . 2013-06-21 02:18 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-21 02:18 . 2013-06-21 02:18 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-21 02:18 . 2013-06-21 02:18 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-21 02:18 . 2013-06-21 02:18 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-21 02:18 . 2013-06-21 02:18 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-21 02:18 . 2013-06-21 02:18 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\John\AppData\Roaming\Spotify\Spotify.exe" [2013-07-10 4640768]
"Spotify Web Helper"="c:\users\John\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-10 1104384]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2012-07-19 4935112]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-10 1672616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-01-08 75048]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="e:\itunes transfer folder\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ahcix64;ahcix64;c:\windows\system32\drivers\ahcix64.sys;c:\windows\SYSNATIVE\drivers\ahcix64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMEFA64.SYS [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20130726.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20130726.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAVx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1404000.028\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/08/25 12:29];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 05:52 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 15:54]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 15:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2008-10-17 79360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-29  23:28:15
ComboFix-quarantined-files.txt  2013-07-29 22:28
ComboFix2.txt  2013-07-29 22:17
.
Pre-Run: 594,342,240,256 bytes free
Post-Run: 594,279,391,232 bytes free
.
- - End Of File - - 05D9D2777B1E2896537306D3433766E0
A36C5E4F47E84449FF07ED3517B43A31


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:12 PM

Posted 30 July 2013 - 01:48 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Search and, once complete, let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.


So long, and thanks for all the fish.

 

 


#11 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 03 August 2013 - 01:14 PM

Hi, here's the adwcleaner log 
 
# AdwCleaner v2.306 - Logfile created 08/03/2013 at 19:01:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : John - JOHN-PC
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\get rid of search dial\adwcleaner (2).exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.3330] : urls_to_restore_on_startup = [ "hxxp://www.play.com/", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzztA0A0F0FtD0DtDyCzz0BtN0D0Tzu0CyDtByBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=1249818711&ir=" ]
 
*************************
 
AdwCleaner[R1].txt - [1018 octets] - [21/06/2013 17:22:47]
AdwCleaner[R2].txt - [1079 octets] - [21/06/2013 17:30:11]
AdwCleaner[R3].txt - [1140 octets] - [21/06/2013 17:30:59]
AdwCleaner[R4].txt - [1938 octets] - [18/07/2013 17:13:49]
AdwCleaner[R5].txt - [1933 octets] - [22/07/2013 16:58:48]
AdwCleaner[R6].txt - [1443 octets] - [23/07/2013 16:43:58]
AdwCleaner[R7].txt - [1275 octets] - [03/08/2013 19:01:26]
AdwCleaner[S1].txt - [1061 octets] - [21/06/2013 17:32:39]
AdwCleaner[S2].txt - [1872 octets] - [22/07/2013 16:59:27]
AdwCleaner[S3].txt - [1366 octets] - [23/07/2013 16:44:30]
 
########## EOF - C:\AdwCleaner[R7].txt - [1515 octets] ##########


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:12 PM

Posted 03 August 2013 - 01:52 PM

Good evening. :)

The issue will need you to change some things manually.

 

Set Homepage: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95314
Set Default Search Engine: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95426

Also under same icon check Settings for which page(s) open at start-up.

 

Let me know how you get on.


So long, and thanks for all the fish.

 

 


#13 kdt

kdt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:12 PM

Posted 07 August 2013 - 03:01 PM

Hello, thanks again for the help. This is how i got rid of it the first time round but it somehow came back. I've followed your instructions and it seems to have worked but I'll keep a close eye on it and hopefully its gone for good this time.

Cheers for helping me get this sorted.



#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:12 PM

Posted 08 August 2013 - 03:29 PM

Good evening. :)

I suspect that you are just managing to do the same thing/visit the same site/run the same application that is causing the changes, but if you find it happens again don't hesitate to come back and start a fresh thread and somebody will be along as soon as they can to take a look.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users