Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded windows movie maker and got a possible zero access virus


  • This topic is locked This topic is locked
34 replies to this topic

#1 ckoch

ckoch

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 12:37 AM

here is my dds and my attach filie is attached. I started another topic which can be found here explaining what happened to me.

http://www.bleepingcomputer.com/forums/t/508563/i-installed-windows-movie-maker-from-a-nasty-download-area-think-im-infected/

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2
Run by claires at 1:12:26 on 2013-09-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.4117 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Update Detector\UpdateDetector.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\Glary Utilities 3\memdefrag.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uProxyServer = :0
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.76\npchrome_frame.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities 3\memdefrag.exe /autostart
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [GoogleChromeAutoLaunch_BE60B48618A5F1D1EFDB75C9490D459E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [DriverBoost] C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe /applicationMode:systemTray /showWelcome:false
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3B5CD09D-8ED8-4D1D-9AB1-4D928568AEA3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF07F230-D0B6-4EAA-BDDB-8BAECD73DA5F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF07F230-D0B6-4EAA-BDDB-8BAECD73DA5F}\078696C6164656C607869616 : DHCPNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.76\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe
x64-Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.homepageadz.com/startpage.php?ckoch
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\claires\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\claires\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\claires\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\claires\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-05 18:12; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2011-10-24 21:17; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-2 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-2 204880]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-2 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-2 378944]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2011-4-13 31432]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-5 46808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2013-9-21 1648432]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-9-10 1164328]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-7-18 82160]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-1 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-1 168384]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-6-18 54160]
R3 bbcap;bb_capture_driver;C:\Windows\System32\drivers\bbcap.sys [2011-10-23 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-10-23 244224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-25 708200]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-9-10 1164328]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
S3 PAC207;SoC PC-Camera;C:\Windows\System32\drivers\PFC027.SYS [2006-12-5 572416]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-9-17 23536]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-4-18 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-9-18 31800]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\System32\drivers\SbFwIm.sys [2012-5-19 119416]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\System32\drivers\SbFwIm.sys [2012-5-19 119416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-10 1255736]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-4-18 1227800]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-10 4308320]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-09-22 04:53:14 -------- d-----w- C:\Program Files\HitmanPro
2013-09-22 04:51:36 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-22 03:18:36 -------- d-----w- C:\Windows\SysWow64\jmdp
2013-09-22 03:18:31 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
2013-09-22 03:18:31 1648432 ----a-w- C:\Windows\System32\dmwu.exe
2013-09-22 03:18:31 -------- d-----w- C:\Windows\SysWow64\ARFC
2013-09-22 03:18:17 -------- d-----w- C:\Windows\SysWow64\WNLT
2013-09-22 03:17:56 -------- d-----w- C:\Program Files (x86)\wrapper_inst
2013-09-22 03:15:50 -------- d-----w- C:\Windows\en
2013-09-22 03:12:48 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-09-22 03:12:48 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-09-22 03:12:48 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-09-22 03:12:48 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-09-22 03:12:46 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-09-22 03:12:46 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-09-22 03:12:44 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-09-22 03:12:44 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-09-22 03:10:01 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31d522b81ceb74104\DSETUP.dll
2013-09-22 03:10:01 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31d522b81ceb74104\DXSETUP.exe
2013-09-22 03:10:01 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\31d522b81ceb74104\dsetup32.dll
2013-09-22 03:09:47 94040 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\303c7b5c1ceb74103\DSETUP.dll
2013-09-22 03:09:47 525656 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\303c7b5c1ceb74103\DXSETUP.exe
2013-09-22 03:09:47 1691480 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\303c7b5c1ceb74103\dsetup32.dll
2013-09-22 03:09:43 89944 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc9012c1ceb74101\DSETUP.dll
2013-09-22 03:09:43 537432 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc9012c1ceb74101\DXSETUP.exe
2013-09-22 03:09:43 1801048 -c--a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2dc9012c1ceb74101\dsetup32.dll
2013-09-22 02:42:24 -------- d-----w- C:\Users\claires\AppData\Local\ezvid,_inc
2013-09-22 00:57:55 -------- d-----w- C:\Users\claires\AppData\Local\{D3B7AF78-BC15-463B-B712-9F22F61182B1}
2013-09-21 03:14:06 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 18:59:59 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7528BF-3DCE-438F-84FF-C302B710777D}\offreg.dll
2013-09-20 18:49:50 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA7528BF-3DCE-438F-84FF-C302B710777D}\mpengine.dll
2013-09-18 22:36:24 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2013-09-18 22:36:22 -------- d-----w- C:\Program Files\VS Revo Group
2013-09-17 14:06:57 -------- d-----w- C:\Users\claires\AppData\Local\{E971F6DB-61D8-4524-A80C-60B45532E74F}
2013-09-17 04:07:04 -------- d-----w- C:\Users\claires\AppData\Roaming\Moyea
2013-09-17 03:57:16 -------- d-----w- C:\Users\claires\AppData\Roaming\GetRightToGo
2013-09-17 02:56:04 -------- d-----w- C:\ProgramData\Freemake
2013-09-17 02:55:29 -------- d-----w- C:\Program Files (x86)\Freemake
2013-09-17 02:06:14 -------- d-----w- C:\Users\claires\AppData\Local\{5575E31E-A4ED-4144-A558-BEA31C93293B}
2013-09-16 03:53:52 -------- d-----w- C:\MATS
2013-09-12 03:40:46 -------- d-----w- C:\Program Files (x86)\Localizer Leads Tool
2013-09-11 03:29:41 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-09-10 23:16:32 -------- d-----w- C:\Users\claires\AppData\Roaming\Registry Mechanic
2013-09-10 18:00:59 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-09-10 00:49:50 -------- d-----w- C:\AdwCleaner
2013-09-09 21:08:44 -------- d-----w- C:\Users\claires\AppData\Local\VS Revo Group
2013-09-09 21:08:28 -------- d-----w- C:\ProgramData\VS Revo Group
2013-09-05 22:12:54 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-09-05 22:12:45 -------- d-----w- C:\ProgramData\RealNetworks
2013-09-04 02:45:25 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-02 05:18:09 -------- d-----w- C:\Program Files (x86)\Easy SEO Ninja
2013-08-25 08:16:15 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-08-25 08:16:15 708200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
.
==================== Find3M ====================
.
2013-09-13 01:14:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 01:14:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-09 22:26:34 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-09-09 22:26:24 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-09-09 22:08:08 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-09-04 02:44:59 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-09-04 02:44:59 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-09-02 09:09:06 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-25 08:14:29 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-04 07:11:58 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-07-04 07:11:58 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-07-03 06:31:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 06:30:59 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-03 06:30:59 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-29 08:44:26 172456 ----a-w- C:\Program Files (x86)\57res.dll
.
============= FINISH: 1:13:42.10 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 22 September 2013 - 11:31 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 06:08 PM

ok I see your message and I am proceeding.  You are right I have seen the symptoms diminish.



#4 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 06:20 PM

here is the frst.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2013
Ran by claires (administrator) on CLAIRES-PC on 22-09-2013 19:11:11
Running from C:\Users\claires\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Filepuma International) C:\Program Files (x86)\Update Detector\UpdateDetector.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(GlarySoft Ltd) C:\Program Files (x86)\Glary Utilities 3\memdefrag.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\system32\dmwu.exe
(PC Drivers Headquarters) C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Everything\Everything.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKCU\...\Run: [Glary Memory Optimizer] - C:\Program Files (x86)\Glary Utilities 3\memdefrag.exe [117536 2013-09-02] (GlarySoft Ltd)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [GoogleChromeAutoLaunch_BE60B48618A5F1D1EFDB75C9490D459E] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392 2013-09-16] (Google Inc.)
HKCU\...\Run: [DriverBoost] - C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3979632 2013-09-05] (PC Drivers Headquarters)
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066504 2013-06-13] (Carbonite, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
BootExecute: autocheck autochk *  BootDefrag.exeiolobtdfg C:\Windows\system32
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: :0
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {7C737FB6-A3C8-401F-99B4-C2BEE7E63F82} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.76\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\29.0.1547.76\npchrome_frame.dll (Google Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.homepageadz.com/startpage.php?ckoch
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\claires\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\claires\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\claires\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\claires\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\claires\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738\searchplugins\MyStart Search.xml
FF Extension: zonealarm.com - C:\Users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738\Extensions\ffxtlbr@zonealarm.com
FF Extension: SeoQuake - C:\Users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: urllister - C:\Users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738\Extensions\urllister@binnyva.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\claires\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\claires\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\claires\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (RealDownloader) - C:\Users\claires\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Skype Click to Call) - C:\Users\claires\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Hangouts) - C:\Users\claires\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.904.433.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\claires\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1648432 2013-07-17] ()
S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-10-23] (Windows ® Codename Longhorn DDK provider)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-04-18] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-22 19:10 - 2013-09-22 19:10 - 00000000 ____D C:\FRST
2013-09-22 19:09 - 2013-09-22 19:09 - 01955550 _____ (Farbar) C:\Users\claires\Downloads\FRST64.exe
2013-09-22 12:43 - 2013-09-22 12:43 - 02638348 _____ C:\Users\claires\Downloads\fiverrmoney.zip
2013-09-22 01:20 - 2013-09-22 01:22 - 00005538 _____ C:\Users\claires\Desktop\attach.zip
2013-09-22 01:13 - 2013-09-22 01:13 - 00028769 _____ C:\Users\claires\Desktop\dds.txt
2013-09-22 01:13 - 2013-09-22 01:13 - 00017733 _____ C:\Users\claires\Desktop\attach.txt
2013-09-22 01:11 - 2013-09-22 01:11 - 00688992 ____R (Swearware) C:\Users\claires\Downloads\dds.com
2013-09-22 00:53 - 2013-09-22 00:53 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-22 00:51 - 2013-09-22 01:12 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-22 00:50 - 2013-09-22 00:51 - 09096848 _____ (SurfRight B.V.) C:\Users\claires\Downloads\HitmanPro.exe
2013-09-21 23:18 - 2013-09-21 23:18 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-09-21 23:18 - 2013-09-21 23:18 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-09-21 23:18 - 2013-09-21 23:18 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-09-21 23:18 - 2013-07-17 12:20 - 01648432 _____ C:\Windows\system32\dmwu.exe
2013-09-21 23:18 - 2013-07-17 12:17 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll
2013-09-21 23:17 - 2013-09-21 23:17 - 00000000 ____D C:\Program Files (x86)\wrapper_inst
2013-09-21 23:15 - 2013-09-21 23:15 - 00000000 ____D C:\Windows\en
2013-09-21 23:12 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-09-21 23:12 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-09-21 23:12 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-09-21 23:12 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-09-21 23:12 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-09-21 23:12 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-09-21 23:12 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-09-21 23:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-09-21 23:10 - 2013-09-21 23:10 - 00000382 _____ C:\Windows\DirectX.log
2013-09-21 23:07 - 2013-09-21 23:08 - 00400736 _____ (Softonic                                        ) C:\Users\claires\Downloads\SoftonicDownloader_for_windows-live-movie-maker.exe
2013-09-21 22:42 - 2013-09-21 22:42 - 00000000 ____D C:\Users\claires\AppData\Local\ezvid,_inc
2013-09-21 20:57 - 2013-09-21 20:58 - 00000000 ____D C:\Users\claires\AppData\Local\{D3B7AF78-BC15-463B-B712-9F22F61182B1}
2013-09-21 15:25 - 2013-09-21 15:25 - 11547650 _____ C:\Users\claires\Downloads\compassdrivi_240p_8672x22dsE.mp4
2013-09-20 23:15 - 2013-09-20 23:15 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-20 23:14 - 2013-09-20 23:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 19:04 - 2013-09-20 19:04 - 01697461 _____ C:\Users\claires\Downloads\PandaSurvivalGuide_puo.zip
2013-09-20 18:34 - 2013-09-20 18:34 - 00715946 _____ C:\Users\claires\Downloads\HowToBeatTheFTC_puo.zip
2013-09-20 18:33 - 2013-09-20 18:33 - 00905440 _____ C:\Users\claires\Downloads\NicheMarketingResearch_puo.zip
2013-09-20 18:33 - 2013-09-20 18:33 - 00655862 _____ C:\Users\claires\Downloads\GuideMakeMoneyEbay_puo.zip
2013-09-19 06:56 - 2013-09-19 06:56 - 00003370 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-19 06:56 - 2013-09-19 06:56 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-19 01:21 - 2013-09-19 01:21 - 00038417 _____ C:\Users\claires\Downloads\naked-wordpress-master.zip
2013-09-18 18:36 - 2013-09-18 18:36 - 00001097 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-09-18 18:36 - 2013-09-18 18:36 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-18 18:36 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2013-09-18 18:35 - 2013-09-18 18:36 - 10031224 _____ (VS Revo Group                                               ) C:\Users\claires\Downloads\RevoUninProSetup.exe
2013-09-18 15:36 - 2013-09-19 06:52 - 00000112 _____ C:\Windows\setupact.log
2013-09-18 15:36 - 2013-09-18 15:36 - 00000814 _____ C:\Windows\PFRO.log
2013-09-18 05:09 - 2013-09-18 05:09 - 17160072 _____ (Adobe Systems Incorporated) C:\Users\claires\Downloads\Adobe_Flash_Player_(IE)_v11.8.800.174.exe
2013-09-18 05:03 - 2013-09-18 05:03 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 04:45 - 2013-09-18 04:45 - 00002984 _____ C:\Windows\System32\Tasks\{D6B712C9-A3A2-4BEA-8B2F-2B2A701E51E4}
2013-09-18 04:35 - 2013-09-18 04:35 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-18 04:31 - 2013-09-18 04:32 - 04454952 _____ (Piriform Ltd) C:\Users\claires\Downloads\ccsetup405.exe
2013-09-18 04:26 - 2013-09-18 04:26 - 00585912 _____ C:\Users\claires\Downloads\smfree_dm.exe
2013-09-18 00:49 - 2013-09-18 00:49 - 05557600 _____ (PC VITALWARE, LLC) C:\Users\claires\Downloads\PC MRI Installer.exe
2013-09-18 00:07 - 2013-09-18 00:07 - 00000000 _____ C:\Users\claires\Desktop\New Text Document (11).txt
2013-09-17 20:51 - 2013-09-14 12:09 - 02872212 _____ C:\Users\claires\Downloads\freetraffic.exe
2013-09-17 10:06 - 2013-09-17 10:07 - 00000000 ____D C:\Users\claires\AppData\Local\{E971F6DB-61D8-4524-A80C-60B45532E74F}
2013-09-17 00:07 - 2013-09-17 00:07 - 00000000 ____D C:\Users\claires\Documents\Moyea
2013-09-17 00:07 - 2013-09-17 00:07 - 00000000 ____D C:\Users\claires\AppData\Roaming\Moyea
2013-09-16 23:57 - 2013-09-17 00:22 - 00000000 ____D C:\Users\claires\AppData\Roaming\GetRightToGo
2013-09-16 23:57 - 2013-09-16 23:57 - 00003180 _____ C:\Windows\System32\Tasks\{5711CCD4-48E9-410B-B16C-A358BAE58D6A}
2013-09-16 23:56 - 2013-09-16 23:56 - 00368288 _____ (RegNow.com) C:\Users\claires\Downloads\Download_flv2video_pro_setup.exe
2013-09-16 22:57 - 2013-09-16 22:58 - 00000000 ____D C:\Users\claires\Documents\Freemake
2013-09-16 22:57 - 2013-09-16 22:57 - 00000000 ____D C:\Users\claires\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-09-16 22:56 - 2013-09-16 22:58 - 00000000 ____D C:\ProgramData\Freemake
2013-09-16 22:55 - 2013-09-16 22:56 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-09-16 22:53 - 2013-09-16 22:53 - 01271968 _____ (Ellora Assets Corporation                                   ) C:\Users\claires\Downloads\FreemakeVideoConverterSetup.exe
2013-09-16 22:27 - 2012-12-21 17:35 - 00007584 _____ C:\Users\claires\Desktop\turbouserguides.html
2013-09-16 22:06 - 2013-09-16 22:06 - 00000000 ____D C:\Users\claires\AppData\Local\{5575E31E-A4ED-4144-A558-BEA31C93293B}
2013-09-16 21:56 - 2013-09-16 21:57 - 02301927 _____ C:\Users\claires\Documents\Mechanic (Sample)_(360p).flv
2013-09-16 21:55 - 2013-09-16 21:56 - 02305330 _____ C:\Users\claires\Documents\Roofer (Sample)_(360p).flv
2013-09-16 21:54 - 2013-09-16 21:54 - 02370287 _____ C:\Users\claires\Documents\Plumber (Sample)_(360p).flv
2013-09-16 01:03 - 2013-09-16 01:04 - 01329143 _____ C:\Users\claires\Downloads\CreateContentFast.zip
2013-09-16 00:01 - 2013-09-16 00:01 - 00347424 _____ (Microsoft Corporation) C:\Users\claires\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302734030555686.2.3.Run.exe
2013-09-15 23:53 - 2013-09-15 23:53 - 00000000 ____D C:\MATS
2013-09-13 22:36 - 2013-09-13 22:37 - 00000000 ____D C:\Users\claires\Desktop\traffic
2013-09-11 23:40 - 2013-09-11 23:40 - 00000000 ____D C:\Program Files (x86)\Localizer Leads Tool
2013-09-11 03:26 - 2013-07-31 09:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:26 - 2013-07-31 09:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:26 - 2013-07-31 09:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:26 - 2013-07-31 09:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 03:26 - 2013-07-31 09:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 03:26 - 2013-07-31 09:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:26 - 2013-07-31 09:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 03:26 - 2013-07-31 09:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:26 - 2013-07-31 09:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:26 - 2013-07-31 09:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 03:26 - 2013-07-31 09:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:26 - 2013-07-31 09:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:26 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:26 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 03:26 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:26 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 03:26 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 03:26 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 03:26 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:26 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:26 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 03:26 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 03:25 - 2013-07-31 10:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:25 - 2013-07-31 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:25 - 2013-07-31 09:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:25 - 2013-07-31 09:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 03:25 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:25 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:25 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:25 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:25 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:25 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 02:11 - 2013-09-21 21:49 - 00000385 _____ C:\Users\claires\Desktop\invoicesoftware.txt
2013-09-10 23:29 - 2013-09-09 18:08 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2013-09-10 19:16 - 2013-09-10 19:16 - 00000000 ____D C:\Users\claires\AppData\Roaming\Registry Mechanic
2013-09-10 14:01 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 14:01 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 14:01 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 14:01 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 14:01 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 14:01 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 14:01 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 14:01 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 14:01 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 14:01 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 14:01 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 14:01 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 14:01 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 14:01 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 14:01 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 14:00 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 14:00 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 14:00 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 14:00 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 14:00 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 14:00 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 14:00 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 14:00 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 14:00 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 14:00 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 14:00 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 14:00 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 14:00 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 00:15 - 2013-09-10 00:15 - 14783624 _____ C:\Users\claires\Downloads\Laughingbird_Survey_Thank-You_People.zip
2013-09-09 20:49 - 2013-09-09 20:57 - 00000000 ____D C:\AdwCleaner
2013-09-09 20:33 - 2013-09-09 20:33 - 00798384 _____ (RealNetworks, Inc.) C:\Users\claires\Downloads\RealPlayer.exe
2013-09-09 18:00 - 2013-09-09 18:00 - 00000000 _____ C:\Users\claires\Downloads\Unlocker1.9.2 (1).exe.vzxxdk6.partial
2013-09-09 17:59 - 2013-09-09 17:59 - 00000000 _____ C:\Users\claires\Downloads\Unlocker1.9.2.exe.c25v2ug.partial
2013-09-09 17:08 - 2013-09-09 17:08 - 00000000 ____D C:\Users\claires\AppData\Local\VS Revo Group
2013-09-09 17:08 - 2013-09-09 17:08 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-09-08 22:31 - 2013-09-09 20:38 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-08 22:31 - 2013-09-09 20:38 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-08 21:30 - 2013-09-08 21:30 - 00000000 ____D C:\Users\claires\Documents\OneNote Notebooks
2013-09-08 15:19 - 2013-09-08 15:19 - 05594036 _____ C:\Users\claires\Downloads\Don't-Get-Screwed-Main.zip
2013-09-07 22:23 - 2013-09-07 22:23 - 14855796 _____ C:\Users\claires\Downloads\winesonvine_360p_wxxdg22dWk.mp4
2013-09-06 03:42 - 2013-09-06 03:59 - 00000000 ____D C:\Users\claires\Downloads\effortlessoutsourcing
2013-09-05 18:41 - 2013-09-05 18:41 - 00003124 _____ C:\Windows\System32\Tasks\{E80E5DB9-EA41-421F-89E0-6E8A2DD079E4}
2013-09-05 18:12 - 2013-09-09 18:35 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-05 18:12 - 2013-09-05 18:12 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-05 18:06 - 2013-09-05 18:09 - 38544480 _____ (RealNetworks, Inc.) C:\Users\claires\Downloads\RealPlayer_v16.0.3.51.exe
2013-09-05 18:02 - 2013-09-05 18:02 - 00000000 ____D C:\Users\claires\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-09-05 18:00 - 2013-09-05 18:00 - 07412233 _____ C:\Users\claires\Downloads\npp.6.4.5.Installer.exe
2013-09-05 17:52 - 2013-09-05 17:52 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-09-05 17:50 - 2013-09-05 17:50 - 05357456 _____ (Canneverbe Limited                                          ) C:\Users\claires\Downloads\CDBurnerXP_v4.5.2.4255.exe
2013-09-05 17:27 - 2013-09-05 17:27 - 16243768 _____ C:\Users\claires\Downloads\Glary_Utilities_v3.9.1.exe
2013-09-05 17:19 - 2013-09-05 17:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-05 17:19 - 2013-09-05 17:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-05 17:18 - 2013-09-05 17:18 - 18101344 _____ (Adobe Systems Inc.) C:\Users\claires\Downloads\Adobe_Air_v3.8.0.1280.exe
2013-09-05 17:13 - 2013-09-05 17:13 - 00003122 _____ C:\Windows\System32\Tasks\{58DC2A54-70AC-442C-A9D9-E249FB8B8597}
2013-09-05 17:08 - 2013-09-05 17:08 - 00003298 _____ C:\Windows\System32\Tasks\{57416FB4-49B3-4476-8562-F41C67E53D14}
2013-09-04 18:15 - 2013-09-04 18:15 - 00259940 _____ C:\Users\claires\Downloads\Telesales_Assassin (1).zip
2013-09-03 22:45 - 2013-09-03 22:45 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-03 22:45 - 2013-09-03 22:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-03 22:45 - 2013-09-03 22:45 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-03 22:45 - 2013-09-03 22:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-03 22:40 - 2013-09-03 22:40 - 33150376 _____ (Oracle Corporation) C:\Users\claires\Downloads\jre-7u25-windows-x64.exe
2013-09-03 19:55 - 2013-09-03 19:55 - 00000000 _____ C:\Users\claires\Desktop\New Text Document (7).txt
2013-09-02 01:18 - 2013-09-02 01:23 - 00001081 _____ C:\Users\Public\Desktop\Easy SEO Ninja.lnk
2013-09-02 01:18 - 2013-09-02 01:23 - 00000000 ____D C:\Program Files (x86)\Easy SEO Ninja
2013-09-02 01:16 - 2013-05-28 02:00 - 01255816 _____ (                                                            ) C:\Users\claires\Downloads\EasySEONinja.exe
2013-08-31 18:18 - 2013-08-31 18:18 - 05120774 _____ C:\Users\claires\Downloads\Mobile+Template.zip
2013-08-30 16:17 - 2013-08-30 16:26 - 00000000 ____D C:\Users\claires\Documents\icurator
2013-08-30 16:15 - 2013-08-30 16:15 - 00002043 _____ C:\Users\Public\Desktop\icurator3.lnk
2013-08-30 15:47 - 2013-08-29 17:29 - 04078635 _____ (66th.net) C:\Users\claires\Downloads\icuratorsetup.exe
2013-08-27 20:18 - 2013-08-27 20:28 - 00048352 _____ C:\Users\claires\Desktop\ebayagg.txt
2013-08-26 23:29 - 2013-08-27 00:08 - 00000000 ____D C:\Users\claires\Desktop\forvideodesign
2013-08-26 02:18 - 2013-08-26 02:19 - 02261616 _____ C:\Users\claires\Downloads\easy-digital-downloads.1.7.2.zip
2013-08-25 04:16 - 2013-08-25 04:14 - 00708200 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-08-25 04:16 - 2013-08-25 04:14 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-08-23 03:40 - 2013-09-12 02:48 - 00001261 _____ C:\Users\Public\Desktop\Arbitrage Underdog Pro.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-09-22 19:11 - 2011-03-09 20:29 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-22 19:10 - 2013-09-22 19:10 - 00000000 ____D C:\FRST
2013-09-22 19:10 - 2013-08-11 17:39 - 00000000 ____D C:\Users\claires\AppData\Roaming\SlimBrowser
2013-09-22 19:09 - 2013-09-22 19:09 - 01955550 _____ (Farbar) C:\Users\claires\Downloads\FRST64.exe
2013-09-22 18:51 - 2012-01-27 20:12 - 00000328 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-09-22 18:35 - 2011-09-19 19:17 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620308384-1668672689-697393319-1000UA.job
2013-09-22 18:26 - 2013-07-17 07:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 17:11 - 2011-03-09 20:29 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-22 16:34 - 2012-08-18 03:13 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A3C2A66D-C471-49C0-A03F-572625C1AEF9}
2013-09-22 14:37 - 2011-03-09 03:19 - 01449268 _____ C:\Windows\WindowsUpdate.log
2013-09-22 12:43 - 2013-09-22 12:43 - 02638348 _____ C:\Users\claires\Downloads\fiverrmoney.zip
2013-09-22 06:52 - 2013-08-11 04:43 - 00000354 _____ C:\Windows\Tasks\UpdateDetector.job
2013-09-22 04:28 - 2012-11-04 02:42 - 00000000 ____D C:\Users\claires\AppData\Roaming\vlc
2013-09-22 03:18 - 2011-10-07 15:12 - 00011776 _____ C:\Users\claires\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-22 01:22 - 2013-09-22 01:20 - 00005538 _____ C:\Users\claires\Desktop\attach.zip
2013-09-22 01:13 - 2013-09-22 01:13 - 00028769 _____ C:\Users\claires\Desktop\dds.txt
2013-09-22 01:13 - 2013-09-22 01:13 - 00017733 _____ C:\Users\claires\Desktop\attach.txt
2013-09-22 01:12 - 2013-09-22 00:51 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-22 01:11 - 2013-09-22 01:11 - 00688992 ____R (Swearware) C:\Users\claires\Downloads\dds.com
2013-09-22 00:53 - 2013-09-22 00:53 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-22 00:51 - 2013-09-22 00:50 - 09096848 _____ (SurfRight B.V.) C:\Users\claires\Downloads\HitmanPro.exe
2013-09-21 23:18 - 2013-09-21 23:18 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-09-21 23:18 - 2013-09-21 23:18 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-09-21 23:18 - 2013-09-21 23:18 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2013-09-21 23:18 - 2013-08-16 18:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-21 23:17 - 2013-09-21 23:17 - 00000000 ____D C:\Program Files (x86)\wrapper_inst
2013-09-21 23:15 - 2013-09-21 23:15 - 00000000 ____D C:\Windows\en
2013-09-21 23:15 - 2011-03-09 03:55 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-21 23:14 - 2011-03-09 03:53 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-09-21 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-21 23:10 - 2013-09-21 23:10 - 00000382 _____ C:\Windows\DirectX.log
2013-09-21 23:09 - 2011-03-10 05:15 - 00000000 ____D C:\Users\claires\AppData\Local\Windows Live
2013-09-21 23:08 - 2013-09-21 23:07 - 00400736 _____ (Softonic                                        ) C:\Users\claires\Downloads\SoftonicDownloader_for_windows-live-movie-maker.exe
2013-09-21 23:08 - 2011-03-09 01:58 - 00121792 _____ C:\Users\claires\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-21 22:42 - 2013-09-21 22:42 - 00000000 ____D C:\Users\claires\AppData\Local\ezvid,_inc
2013-09-21 21:58 - 2011-07-29 20:39 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-21 21:58 - 2011-07-29 20:38 - 00000000 ____D C:\Users\claires\AppData\Roaming\NCH Software
2013-09-21 21:58 - 2011-07-29 20:38 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-09-21 21:49 - 2013-09-11 02:11 - 00000385 _____ C:\Users\claires\Desktop\invoicesoftware.txt
2013-09-21 21:35 - 2011-09-19 19:17 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620308384-1668672689-697393319-1000Core.job
2013-09-21 20:58 - 2013-09-21 20:57 - 00000000 ____D C:\Users\claires\AppData\Local\{D3B7AF78-BC15-463B-B712-9F22F61182B1}
2013-09-21 15:25 - 2013-09-21 15:25 - 11547650 _____ C:\Users\claires\Downloads\compassdrivi_240p_8672x22dsE.mp4
2013-09-20 23:15 - 2013-09-20 23:15 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-20 23:15 - 2013-09-20 23:14 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 23:14 - 2012-12-14 21:28 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 23:14 - 2012-12-14 21:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 22:49 - 2013-07-06 02:47 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForclaires
2013-09-20 22:49 - 2013-07-06 02:47 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForclaires.job
2013-09-20 19:04 - 2013-09-20 19:04 - 01697461 _____ C:\Users\claires\Downloads\PandaSurvivalGuide_puo.zip
2013-09-20 18:34 - 2013-09-20 18:34 - 00715946 _____ C:\Users\claires\Downloads\HowToBeatTheFTC_puo.zip
2013-09-20 18:33 - 2013-09-20 18:33 - 00905440 _____ C:\Users\claires\Downloads\NicheMarketingResearch_puo.zip
2013-09-20 18:33 - 2013-09-20 18:33 - 00655862 _____ C:\Users\claires\Downloads\GuideMakeMoneyEbay_puo.zip
2013-09-19 15:03 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 15:03 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 07:00 - 2013-08-10 19:45 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-19 07:00 - 2013-07-02 22:25 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-19 06:56 - 2013-09-19 06:56 - 00003370 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-19 06:56 - 2013-09-19 06:56 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-19 06:56 - 2013-08-10 19:45 - 00000336 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-19 06:52 - 2013-09-18 15:36 - 00000112 _____ C:\Windows\setupact.log
2013-09-19 06:52 - 2011-10-29 01:25 - 00000031 _____ C:\Windows\system32\bbcap.err
2013-09-19 06:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 01:21 - 2013-09-19 01:21 - 00038417 _____ C:\Users\claires\Downloads\naked-wordpress-master.zip
2013-09-18 21:35 - 2011-03-14 00:33 - 00000000 ____D C:\Users\claires\AppData\Roaming\Mozilla
2013-09-18 18:36 - 2013-09-18 18:36 - 00001097 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-09-18 18:36 - 2013-09-18 18:36 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-18 18:36 - 2013-09-18 18:35 - 10031224 _____ (VS Revo Group                                               ) C:\Users\claires\Downloads\RevoUninProSetup.exe
2013-09-18 15:36 - 2013-09-18 15:36 - 00000814 _____ C:\Windows\PFRO.log
2013-09-18 07:21 - 2013-08-14 02:29 - 00000000 ____D C:\Users\claires\Desktop\shortcuts
2013-09-18 07:21 - 2012-08-06 18:47 - 00000000 ____D C:\Users\claires\Desktop\pdf
2013-09-18 07:18 - 2011-06-08 06:57 - 00000000 ____D C:\Users\claires\Desktop\text
2013-09-18 05:55 - 2012-10-31 17:55 - 00000000 ____D C:\Users\claires\Desktop\secty
2013-09-18 05:11 - 2012-10-31 16:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-18 05:09 - 2013-09-18 05:09 - 17160072 _____ (Adobe Systems Incorporated) C:\Users\claires\Downloads\Adobe_Flash_Player_(IE)_v11.8.800.174.exe
2013-09-18 05:03 - 2013-09-18 05:03 - 00000000 _____ C:\Windows\setuperr.log
2013-09-18 04:45 - 2013-09-18 04:45 - 00002984 _____ C:\Windows\System32\Tasks\{D6B712C9-A3A2-4BEA-8B2F-2B2A701E51E4}
2013-09-18 04:39 - 2011-06-17 10:22 - 00000000 ____D C:\Users\claires\AppData\Roaming\FileZilla
2013-09-18 04:35 - 2013-09-18 04:35 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-18 04:35 - 2012-09-08 20:27 - 00000000 ____D C:\Program Files\CCleaner
2013-09-18 04:32 - 2013-09-18 04:31 - 04454952 _____ (Piriform Ltd) C:\Users\claires\Downloads\ccsetup405.exe
2013-09-18 04:26 - 2013-09-18 04:26 - 00585912 _____ C:\Users\claires\Downloads\smfree_dm.exe
2013-09-18 01:46 - 2013-05-04 23:58 - 00003540 _____ C:\Users\claires\Desktop\New Text Document (16).txt
2013-09-18 00:49 - 2013-09-18 00:49 - 05557600 _____ (PC VITALWARE, LLC) C:\Users\claires\Downloads\PC MRI Installer.exe
2013-09-18 00:47 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-18 00:38 - 2011-11-27 17:23 - 00000000 ____D C:\Windows\pss
2013-09-18 00:38 - 2011-03-09 02:00 - 00000000 ___RD C:\Users\claires\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 00:07 - 2013-09-18 00:07 - 00000000 _____ C:\Users\claires\Desktop\New Text Document (11).txt
2013-09-18 00:05 - 2012-11-03 17:52 - 00000000 ____D C:\Program Files (x86)\Real
2013-09-18 00:05 - 2012-11-03 17:51 - 00000000 ____D C:\Users\claires\AppData\Roaming\Real
2013-09-18 00:05 - 2012-11-03 17:46 - 00000000 ____D C:\ProgramData\Real
2013-09-17 19:32 - 2011-12-06 20:00 - 00061938 _____ C:\Windows\SysWOW64\AppLog.log
2013-09-17 19:07 - 2013-06-13 19:09 - 00154700 _____ C:\Windows\SysWOW64\Engines.log
2013-09-17 10:07 - 2013-09-17 10:06 - 00000000 ____D C:\Users\claires\AppData\Local\{E971F6DB-61D8-4524-A80C-60B45532E74F}
2013-09-17 00:22 - 2013-09-16 23:57 - 00000000 ____D C:\Users\claires\AppData\Roaming\GetRightToGo
2013-09-17 00:07 - 2013-09-17 00:07 - 00000000 ____D C:\Users\claires\Documents\Moyea
2013-09-17 00:07 - 2013-09-17 00:07 - 00000000 ____D C:\Users\claires\AppData\Roaming\Moyea
2013-09-16 23:57 - 2013-09-16 23:57 - 00003180 _____ C:\Windows\System32\Tasks\{5711CCD4-48E9-410B-B16C-A358BAE58D6A}
2013-09-16 23:56 - 2013-09-16 23:56 - 00368288 _____ (RegNow.com) C:\Users\claires\Downloads\Download_flv2video_pro_setup.exe
2013-09-16 22:58 - 2013-09-16 22:57 - 00000000 ____D C:\Users\claires\Documents\Freemake
2013-09-16 22:58 - 2013-09-16 22:56 - 00000000 ____D C:\ProgramData\Freemake
2013-09-16 22:57 - 2013-09-16 22:57 - 00000000 ____D C:\Users\claires\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-09-16 22:56 - 2013-09-16 22:55 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-09-16 22:53 - 2013-09-16 22:53 - 01271968 _____ (Ellora Assets Corporation                                   ) C:\Users\claires\Downloads\FreemakeVideoConverterSetup.exe
2013-09-16 22:06 - 2013-09-16 22:06 - 00000000 ____D C:\Users\claires\AppData\Local\{5575E31E-A4ED-4144-A558-BEA31C93293B}
2013-09-16 21:57 - 2013-09-16 21:56 - 02301927 _____ C:\Users\claires\Documents\Mechanic (Sample)_(360p).flv
2013-09-16 21:56 - 2013-09-16 21:55 - 02305330 _____ C:\Users\claires\Documents\Roofer (Sample)_(360p).flv
2013-09-16 21:54 - 2013-09-16 21:54 - 02370287 _____ C:\Users\claires\Documents\Plumber (Sample)_(360p).flv
2013-09-16 01:04 - 2013-09-16 01:03 - 01329143 _____ C:\Users\claires\Downloads\CreateContentFast.zip
2013-09-16 00:01 - 2013-09-16 00:01 - 00347424 _____ (Microsoft Corporation) C:\Users\claires\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302734030555686.2.3.Run.exe
2013-09-15 23:53 - 2013-09-15 23:53 - 00000000 ____D C:\MATS
2013-09-15 23:53 - 2012-05-19 03:59 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-15 00:22 - 2011-04-06 02:24 - 00000000 ____D C:\Users\claires\AppData\Roaming\Skype
2013-09-14 12:09 - 2013-09-17 20:51 - 02872212 _____ C:\Users\claires\Downloads\freetraffic.exe
2013-09-13 22:37 - 2013-09-13 22:36 - 00000000 ____D C:\Users\claires\Desktop\traffic
2013-09-13 03:07 - 2011-03-09 02:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 21:14 - 2013-07-17 07:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-12 21:14 - 2013-07-17 07:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-12 21:14 - 2013-07-07 03:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 02:48 - 2013-08-23 03:40 - 00001261 _____ C:\Users\Public\Desktop\Arbitrage Underdog Pro.lnk
2013-09-12 02:48 - 2013-08-13 21:12 - 00000000 ____D C:\Program Files (x86)\Arbitrage Underdog
2013-09-11 23:40 - 2013-09-11 23:40 - 00000000 ____D C:\Program Files (x86)\Localizer Leads Tool
2013-09-11 23:39 - 2012-06-19 03:32 - 00000000 ____D C:\Users\claires\AppData\Roaming\LocalizerLeadsTool
2013-09-11 08:04 - 2011-03-09 02:00 - 00000000 ___RD C:\Users\claires\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 04:04 - 2009-07-14 00:45 - 00468528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 03:44 - 2013-07-23 03:02 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 03:32 - 2011-03-10 05:45 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:53 - 2011-04-13 21:02 - 00000000 ____D C:\ProgramData\iolo
2013-09-10 19:16 - 2013-09-10 19:16 - 00000000 ____D C:\Users\claires\AppData\Roaming\Registry Mechanic
2013-09-10 00:15 - 2013-09-10 00:15 - 14783624 _____ C:\Users\claires\Downloads\Laughingbird_Survey_Thank-You_People.zip
2013-09-09 20:57 - 2013-09-09 20:49 - 00000000 ____D C:\AdwCleaner
2013-09-09 20:38 - 2013-09-08 22:31 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-09 20:38 - 2013-09-08 22:31 - 00003218 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-09 20:33 - 2013-09-09 20:33 - 00798384 _____ (RealNetworks, Inc.) C:\Users\claires\Downloads\RealPlayer.exe
2013-09-09 18:35 - 2013-09-05 18:12 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-09-09 18:35 - 2013-05-10 00:24 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-09-09 18:35 - 2013-03-24 09:28 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-09 18:35 - 2013-03-24 09:28 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-09 18:35 - 2013-03-24 09:28 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard
2013-09-09 18:35 - 2013-03-24 09:27 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-09 18:35 - 2013-03-24 09:27 - 00000000 ___RD C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-09 18:35 - 2013-03-24 09:27 - 00000000 ____D C:\Users\admin
2013-09-09 18:35 - 2011-03-09 01:53 - 00000000 ____D C:\Users\claires
2013-09-09 18:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-09-09 18:26 - 2011-04-13 21:07 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2013-09-09 18:26 - 2011-04-13 21:07 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2013-09-09 18:08 - 2013-09-10 23:29 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2013-09-09 18:08 - 2012-07-28 22:19 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2013-09-09 18:00 - 2013-09-09 18:00 - 00000000 _____ C:\Users\claires\Downloads\Unlocker1.9.2 (1).exe.vzxxdk6.partial
2013-09-09 17:59 - 2013-09-09 17:59 - 00000000 _____ C:\Users\claires\Downloads\Unlocker1.9.2.exe.c25v2ug.partial
2013-09-09 17:08 - 2013-09-09 17:08 - 00000000 ____D C:\Users\claires\AppData\Local\VS Revo Group
2013-09-09 17:08 - 2013-09-09 17:08 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-09-09 11:05 - 2013-01-10 04:14 - 00003390 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3620308384-1668672689-697393319-1000
2013-09-08 21:30 - 2013-09-08 21:30 - 00000000 ____D C:\Users\claires\Documents\OneNote Notebooks
2013-09-08 15:19 - 2013-09-08 15:19 - 05594036 _____ C:\Users\claires\Downloads\Don't-Get-Screwed-Main.zip
2013-09-07 22:23 - 2013-09-07 22:23 - 14855796 _____ C:\Users\claires\Downloads\winesonvine_360p_wxxdg22dWk.mp4
2013-09-06 03:59 - 2013-09-06 03:42 - 00000000 ____D C:\Users\claires\Downloads\effortlessoutsourcing
2013-09-05 18:41 - 2013-09-05 18:41 - 00003124 _____ C:\Windows\System32\Tasks\{E80E5DB9-EA41-421F-89E0-6E8A2DD079E4}
2013-09-05 18:13 - 2013-04-10 21:19 - 00000000 ____D C:\Users\claires\AppData\Roaming\RealNetworks
2013-09-05 18:12 - 2013-09-05 18:12 - 00000000 ____D C:\ProgramData\RealNetworks
2013-09-05 18:09 - 2013-09-05 18:06 - 38544480 _____ (RealNetworks, Inc.) C:\Users\claires\Downloads\RealPlayer_v16.0.3.51.exe
2013-09-05 18:02 - 2013-09-05 18:02 - 00000000 ____D C:\Users\claires\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-09-05 18:02 - 2011-11-03 03:09 - 00000000 ____D C:\Users\claires\AppData\Roaming\Notepad++
2013-09-05 18:02 - 2011-11-03 03:09 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-09-05 18:00 - 2013-09-05 18:00 - 07412233 _____ C:\Users\claires\Downloads\npp.6.4.5.Installer.exe
2013-09-05 17:52 - 2013-09-05 17:52 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-09-05 17:50 - 2013-09-05 17:50 - 05357456 _____ (Canneverbe Limited                                          ) C:\Users\claires\Downloads\CDBurnerXP_v4.5.2.4255.exe
2013-09-05 17:28 - 2013-08-10 19:45 - 00002640 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-05 17:28 - 2013-08-10 19:45 - 00000075 _____ C:\DiskDefrag.log
2013-09-05 17:27 - 2013-09-05 17:27 - 16243768 _____ C:\Users\claires\Downloads\Glary_Utilities_v3.9.1.exe
2013-09-05 17:23 - 2013-02-01 23:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-05 17:19 - 2013-09-05 17:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-05 17:19 - 2013-09-05 17:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-05 17:19 - 2011-03-09 23:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-05 17:18 - 2013-09-05 17:18 - 18101344 _____ (Adobe Systems Inc.) C:\Users\claires\Downloads\Adobe_Air_v3.8.0.1280.exe
2013-09-05 17:13 - 2013-09-05 17:13 - 00003122 _____ C:\Windows\System32\Tasks\{58DC2A54-70AC-442C-A9D9-E249FB8B8597}
2013-09-05 17:08 - 2013-09-05 17:08 - 00003298 _____ C:\Windows\System32\Tasks\{57416FB4-49B3-4476-8562-F41C67E53D14}
2013-09-05 17:04 - 2012-10-23 07:18 - 00000000 ____D C:\ProgramData\UAB
2013-09-05 16:49 - 2012-09-07 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-05 16:49 - 2012-04-23 08:07 - 00000876 _____ C:\Windows\system32\ioloBootDefrag.cfg
2013-09-05 15:29 - 2011-04-13 21:02 - 00000000 ____D C:\Users\claires\AppData\Roaming\iolo
2013-09-05 15:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-04 18:15 - 2013-09-04 18:15 - 00259940 _____ C:\Users\claires\Downloads\Telesales_Assassin (1).zip
2013-09-03 22:45 - 2013-09-03 22:45 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-03 22:45 - 2013-09-03 22:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-03 22:45 - 2013-09-03 22:45 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-03 22:45 - 2013-09-03 22:45 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-03 22:44 - 2012-10-29 17:20 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-03 22:44 - 2012-10-29 17:20 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-03 22:40 - 2013-09-03 22:40 - 33150376 _____ (Oracle Corporation) C:\Users\claires\Downloads\jre-7u25-windows-x64.exe
2013-09-03 19:55 - 2013-09-03 19:55 - 00000000 _____ C:\Users\claires\Desktop\New Text Document (7).txt
2013-09-02 05:09 - 2013-08-10 19:46 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 01:43 - 2011-03-09 02:00 - 00000000 ____D C:\Users\claires\AppData\Local\VirtualStore
2013-09-02 01:23 - 2013-09-02 01:18 - 00001081 _____ C:\Users\Public\Desktop\Easy SEO Ninja.lnk
2013-09-02 01:23 - 2013-09-02 01:18 - 00000000 ____D C:\Program Files (x86)\Easy SEO Ninja
2013-08-31 18:18 - 2013-08-31 18:18 - 05120774 _____ C:\Users\claires\Downloads\Mobile+Template.zip
2013-08-31 17:14 - 2011-03-09 02:06 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-08-30 16:26 - 2013-08-30 16:17 - 00000000 ____D C:\Users\claires\Documents\icurator
2013-08-30 16:15 - 2013-08-30 16:15 - 00002043 _____ C:\Users\Public\Desktop\icurator3.lnk
2013-08-30 03:48 - 2013-07-02 22:25 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 03:48 - 2013-07-02 22:25 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 03:47 - 2013-07-02 22:24 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 03:47 - 2013-02-01 23:23 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-29 17:29 - 2013-08-30 15:47 - 04078635 _____ (66th.net) C:\Users\claires\Downloads\icuratorsetup.exe
2013-08-27 20:28 - 2013-08-27 20:18 - 00048352 _____ C:\Users\claires\Desktop\ebayagg.txt
2013-08-27 00:08 - 2013-08-26 23:29 - 00000000 ____D C:\Users\claires\Desktop\forvideodesign
2013-08-26 02:19 - 2013-08-26 02:18 - 02261616 _____ C:\Users\claires\Downloads\easy-digital-downloads.1.7.2.zip
2013-08-25 07:38 - 2011-03-09 03:24 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-08-25 04:16 - 2011-03-09 03:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-25 04:14 - 2013-08-25 04:16 - 00708200 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-08-25 04:14 - 2013-08-25 04:16 - 00074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-08-25 04:14 - 2009-07-22 14:24 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
 
Some content of TEMP:
====================
C:\Users\claires\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\claires\AppData\Local\Temp\mgsqlite3.dll
C:\Users\claires\AppData\Local\Temp\PC-Registry-EXE-0808.exe
C:\Users\claires\AppData\Local\Temp\Shortcut_IMsetup.exe
C:\Users\claires\AppData\Local\Temp\SweetIMInstallValidator.exe
C:\Users\claires\AppData\Local\Temp\uninst.exe
C:\Users\claires\AppData\Local\Temp\WSSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-13 17:33
 
==================== End Of Log ============================


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 22 September 2013 - 09:43 PM

If anything seems better it is coincidence. That scan was purely diagnostic; nothing has been fixed yet.  Please do this now:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\Windows\SysWOW64\jmdp\stij.exe
C:\Windows\system32\dmwu.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1648432 2013-07-17] ()
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 09:45 PM

ok i have seen this and i am doing it



#7 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 09:56 PM

results for the farber fix

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2013
Ran by claires at 2013-09-22 22:54:43 Run:1
Running from C:\Users\claires\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Windows\system32\dmwu.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1648432 2013-07-17] ()
*****************
 
C:\Windows\SysWOW64\jmdp\stij.exe => Moved successfully.
C:\Windows\system32\dmwu.exe => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
IBUpdaterService => Service deleted successfully.
 
 
The system needs a manual reboot. 
 
==== End of Fixlog ====


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 22 September 2013 - 10:09 PM

Please reboot and then do this:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 10:18 PM

ok i see this am working on it



#10 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 22 September 2013 - 10:23 PM

had my firewall tell me that THCH is trying to communicate with explorer to open a process I did block it because of what I am doing I saw online that malicious tools can use it as bypass.



#11 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 23 September 2013 - 12:13 AM

combofix report log
 
ComboFix 13-09-22.01 - claires 09/23/2013   0:04.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8157.3551 [GMT -4:00]
Running from: c:\users\claires\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\claires\228002049E5345C7B6F35BB0F1C1A147.TMP
c:\users\claires\228002049E5345C7B6F35BB0F1C1A147.TMP\WiseCustCall64.dll
c:\users\claires\228002049E5345C7B6F35BB0F1C1A147.TMP\WiseCustomCall.dll
c:\users\claires\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\claires\AppData\Roaming\ImgBurn.exe
c:\users\claires\Downloads\15MInuteweightloss.exe
c:\users\claires\g2mdlhlpx.exe
c:\windows\SysWow64\ChilkatMail_v7_9.dll
c:\windows\wininit.ini
H:\Autorun.inf
H:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-23 to 2013-09-23  )))))))))))))))))))))))))))))))
.
.
2013-09-23 04:59 . 2013-09-23 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 04:59 . 2013-09-23 04:59 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-09-23 03:19 . 2013-09-23 03:19 -------- d-----w- c:\windows\SysWow64\jmdp
2013-09-23 03:19 . 2013-09-23 03:19 -------- d-----w- c:\windows\system32\ljkb
2013-09-23 03:19 . 2013-09-15 12:33 1762608 ----a-w- c:\windows\system32\dmwu.exe
2013-09-22 23:10 . 2013-09-23 02:54 -------- d-----w- C:\FRST
2013-09-22 04:53 . 2013-09-22 04:53 -------- d-----w- c:\program files\HitmanPro
2013-09-22 04:51 . 2013-09-22 05:12 -------- d-----w- c:\programdata\HitmanPro
2013-09-22 03:18 . 2013-09-22 03:18 -------- d-----w- c:\windows\SysWow64\ARFC
2013-09-22 03:18 . 2013-07-17 16:17 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-09-22 03:18 . 2013-09-22 03:18 -------- d-----w- c:\windows\SysWow64\WNLT
2013-09-22 03:17 . 2013-09-22 03:17 -------- d-----w- c:\program files (x86)\wrapper_inst
2013-09-22 03:15 . 2013-09-22 03:15 -------- d-----w- c:\windows\en
2013-09-22 03:12 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-09-22 03:12 . 2010-06-02 08:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-09-22 03:12 . 2010-06-02 08:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-09-22 03:12 . 2010-06-02 08:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-09-22 03:12 . 2010-05-26 15:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-09-22 03:12 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-09-22 03:12 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-09-22 03:12 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-09-22 03:10 . 2013-09-22 03:10 89944 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31d522b81ceb74104\DSETUP.dll
2013-09-22 03:10 . 2013-09-22 03:10 537432 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31d522b81ceb74104\DXSETUP.exe
2013-09-22 03:10 . 2013-09-22 03:10 1801048 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\31d522b81ceb74104\dsetup32.dll
2013-09-22 03:09 . 2013-09-22 03:09 94040 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\303c7b5c1ceb74103\DSETUP.dll
2013-09-22 03:09 . 2013-09-22 03:09 525656 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\303c7b5c1ceb74103\DXSETUP.exe
2013-09-22 03:09 . 2013-09-22 03:09 1691480 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\303c7b5c1ceb74103\dsetup32.dll
2013-09-22 03:09 . 2013-09-22 03:09 89944 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2dc9012c1ceb74101\DSETUP.dll
2013-09-22 03:09 . 2013-09-22 03:09 537432 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2dc9012c1ceb74101\DXSETUP.exe
2013-09-22 03:09 . 2013-09-22 03:09 1801048 -c--a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2dc9012c1ceb74101\dsetup32.dll
2013-09-22 02:42 . 2013-09-22 02:42 -------- d-----w- c:\users\claires\AppData\Local\ezvid,_inc
2013-09-21 03:14 . 2013-09-21 03:15 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 18:59 . 2013-09-20 18:59 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA7528BF-3DCE-438F-84FF-C302B710777D}\offreg.dll
2013-09-20 18:49 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA7528BF-3DCE-438F-84FF-C302B710777D}\mpengine.dll
2013-09-18 22:36 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-09-18 22:36 . 2013-09-18 22:36 -------- d-----w- c:\program files\VS Revo Group
2013-09-17 04:07 . 2013-09-17 04:07 -------- d-----w- c:\users\claires\AppData\Roaming\Moyea
2013-09-17 03:57 . 2013-09-17 04:22 -------- d-----w- c:\users\claires\AppData\Roaming\GetRightToGo
2013-09-17 02:56 . 2013-09-17 02:58 -------- d-----w- c:\programdata\Freemake
2013-09-17 02:55 . 2013-09-17 02:56 -------- d-----w- c:\program files (x86)\Freemake
2013-09-16 03:53 . 2013-09-16 03:53 -------- d-----w- C:\MATS
2013-09-12 03:40 . 2013-09-12 03:40 -------- d-----w- c:\program files (x86)\Localizer Leads Tool
2013-09-11 03:29 . 2013-09-09 22:08 2155152 ----a-w- c:\windows\system32\Incinerator64.dll
2013-09-10 23:16 . 2013-09-10 23:16 -------- d-----w- c:\users\claires\AppData\Roaming\Registry Mechanic
2013-09-10 18:00 . 2013-08-02 02:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-09-10 00:49 . 2013-09-10 00:57 -------- d-----w- C:\AdwCleaner
2013-09-09 21:08 . 2013-09-09 21:08 -------- d-----w- c:\users\claires\AppData\Local\VS Revo Group
2013-09-09 21:08 . 2013-09-09 21:08 -------- d-----w- c:\programdata\VS Revo Group
2013-09-05 22:12 . 2013-09-09 22:35 -------- d-----w- c:\program files (x86)\RealNetworks
2013-09-05 22:12 . 2013-09-05 22:12 -------- d-----w- c:\programdata\RealNetworks
2013-09-05 21:52 . 2013-09-05 21:52 -------- d-----w- c:\program files (x86)\CDBurnerXP
2013-09-05 21:19 . 2013-09-05 21:19 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-09-04 02:45 . 2013-09-04 02:45 312232 ----a-w- c:\windows\system32\javaws.exe
2013-09-04 02:45 . 2013-09-04 02:45 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-04 02:45 . 2013-09-04 02:45 189352 ----a-w- c:\windows\system32\javaw.exe
2013-09-04 02:45 . 2013-09-04 02:45 188840 ----a-w- c:\windows\system32\java.exe
2013-09-02 05:18 . 2013-09-02 05:23 -------- d-----w- c:\program files (x86)\Easy SEO Ninja
2013-08-25 08:16 . 2013-08-25 08:14 708200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-08-25 08:16 . 2013-08-25 08:14 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 03:14 . 2012-07-17 18:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-13 01:14 . 2013-07-17 11:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 01:14 . 2013-07-07 07:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 07:32 . 2011-03-10 09:45 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-09 22:26 . 2011-04-14 01:07 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-09-09 22:26 . 2011-04-14 01:07 26184 ----a-w- c:\windows\system32\smrgdf.exe
2013-09-09 22:08 . 2012-07-29 02:19 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2013-09-04 02:44 . 2012-10-29 21:20 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-04 02:44 . 2012-10-29 21:20 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-02 09:09 . 2013-08-10 23:46 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-08-30 07:48 . 2013-07-03 02:25 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-07-03 02:25 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-07-03 02:25 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-07-03 02:25 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-07-03 02:25 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-07-03 02:25 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-07-03 02:25 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-07-03 02:25 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-07-03 02:24 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-02-02 03:23 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-25 08:14 . 2009-07-22 18:24 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-08-07 08:22 . 2011-03-09 07:43 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-10 18:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 09:56 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 09:56 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 09:57 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 09:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 09:57 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 09:56 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 09:57 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 09:57 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 09:57 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 09:56 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 09:57 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 09:57 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 09:57 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 09:57 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 09:55 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-04 07:11 . 2011-10-18 09:34 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-04 07:11 . 2011-10-18 09:34 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-03 06:31 . 2013-07-03 06:31 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-03 06:30 . 2013-02-14 11:47 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-03 06:30 . 2011-03-10 00:48 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-29 08:44 . 2012-09-29 23:16 172456 ----a-w- c:\program files (x86)\57res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 13:37 1020936 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 13:37 1020936 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 13:37 1020936 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2013-01-07 2909640]
"Glary Memory Optimizer"="c:\program files (x86)\Glary Utilities 3\memdefrag.exe" [2013-09-02 117536]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"GoogleChromeAutoLaunch_BE60B48618A5F1D1EFDB75C9490D459E"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-17 829392]
"DriverBoost"="c:\program files (x86)\DriverBoost\DriverBoost\DriverBoost.exe" [2013-09-05 3979632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-20 73832]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-06-13 1066504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe\0iolobtdfg c:\windows\system32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Everything"="c:\program files (x86)\Everything\Everything.exe" -startup
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 05:11 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 01:14]
.
2013-09-19 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-09-02 09:06]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 00:28]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-10 00:28]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620308384-1668672689-697393319-1000Core.job
- c:\users\claires\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 22:50]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3620308384-1668672689-697393319-1000UA.job
- c:\users\claires\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-19 22:50]
.
2013-09-23 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-01-28 00:09]
.
2013-09-21 c:\windows\Tasks\HPCeeScheduleForclaires.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2013-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2013-09-22 c:\windows\Tasks\UpdateDetector.job
- c:\program files (x86)\Update Detector\UpdateDetector.exe [2013-07-03 08:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-06-13 13:26 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-06-13 13:26 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-06-13 13:26 1294344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\claires\AppData\Roaming\Mozilla\Firefox\Profiles\4lvy4knf.default-1352199982738\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.homepageadz.com/startpage.php?ckoch
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-09-05 18:12; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2011-10-24 21:17; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-23  01:08:48
ComboFix-quarantined-files.txt  2013-09-23 05:08
ComboFix2.txt  2012-10-28 02:09
.
Pre-Run: 174,227,361,792 bytes free
Post-Run: 173,983,277,056 bytes free
.
- - End Of File - - 7F724BEA75C95150857DF893CB24808C
D7A92268AAA9F03F00D194F40AAA1874


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 AM

Posted 23 September 2013 - 11:04 AM

Please do this next:

icon11.gif  Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard,  then paste it into Notepad, make sure there is no space before and above ClearJavaCache::

ClearJavaCache::
File::
c:\windows\system32\dmwu.exe
Folder::
c:\windows\SysWow64\jmdp
c:\windows\system32\ljkb
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 23 September 2013 - 05:04 PM

I've been program compufix has been stuck at stage 5 for about 2 hours should I continue to wait?



#14 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 23 September 2013 - 07:11 PM

i discovered that I lost my connection at stage 5.  I x'd combo fix out.  I was going to restart the whole process but I thought I better ask you what I should do



#15 ckoch

ckoch
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:01:51 AM

Posted 23 September 2013 - 07:14 PM

Also before I ran compu fix the first time I did not reboot I'm sorry I didnt see that was supposed to do that.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users