Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow boot-up with Startup repair screen


  • This topic is locked This topic is locked
16 replies to this topic

#1 sms1295

sms1295

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 30 September 2013 - 09:09 PM

Slow boot-up with Startup repair screen
 
My PC has started taking 10 to 15 minutes to boot to the user log in screen.  I’ve run multiple Virus, Malware, and utilities programs including:
 
Avast Free Antivirus
Malwareytes Anti-Malware
Malwarebytes Anti-Rootkit
SuperAntiSpyware
SlimCleaner
Ccleaner
Glary utilities
 
None of these turned up virus, malware, or  issues; and didn’t help my boot time.  Also, 1 out of 4 startup takes me to a screen the “startup repair” screen which gives me an option to repair the startup or to start windows normally.  I select repair startup, it runs for awhile and then I get the question to cancel or do a system restore.  I select system restore which works.  Even with the restore the next boot is slow and get slower until I’m get the “startup” repair” screen.
 
I checked the event log and found several events in error.  I’ve attached the event id and message.
 
I’m running Window 7 64 bit
 
Any help would be appreciated,

Source: SideBySide
Event iD: 80
Task: None
Category: "Activation context generation failed for ""c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe"".Error in manifest or policy file """" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest."
=================
Source: Microsoft-Windows-WindowsUpdateClient
Event id: 20
Task: Window Update Agent
Category: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.159.834.0).
=================
Source: Microsoft-Windows-PrintService
Event id: 315
Task: Sharing a printer
Category: The print spooler failed to share printer HP Deskjet F4400 series with shared resource name HP Deskjet F4400 series. Error 2114. The printer cannot be used by others on the network.
=================
Source: Application Hang
Event id: 1002
Task: (101)
Category: "The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 6d4
Start Time: 01cebbb6983c26e0
Termination Time: 2324
Application Path: C:\Windows\Explorer.EXE
Report Id: 7dc521a1-27b2-11e3-9f0c-0019b945b5f6
=================
Source: Service Control Manager
Event id 7009
Task: None
Category: A timeout was reached (30000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.
=================
Source: Service Control Manager
Event id: 7038
Task: none
Category: "The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
Logon failure: the specified account password has expired.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC)."

Attached Files


Edited by Oh My, 12 October 2013 - 08:16 AM.
Posted log


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 05 October 2013 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/509473 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 October 2013 - 05:09 PM

I'm running Windows 7 64bit and I have the Windows DVD.  I upgraded from XP a couple of years ago. I've also attached the two DSS logs.
 
Let me know if I need to add additional information.
 
Thank you for your help,
 
sms1295


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686
Run by Steamer at 17:00:08 on 2013-10-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8189.6211 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\CTsvcCDA.EXE
C:\Program Files\eFix\eFix Pro\ReiGuard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\stsystra.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Steamer\AppData\Local\Temp\nsh7EF0.tmp\DivXInstaller.exe
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Windows\SysWOW64\schtasks.exe
C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
C:\Windows\splwow64.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Steamer\AppData\Local\Temp\divBAE5.tmp\div8954.tmp
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=70B30019B945B5F6&affID=125026&tsp=5028
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: searchgol Helper Object: {8F547BDD-FCD4-48F8-A06F-573D6F404A3C} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: searchgol Toolbar: {00078E95-3A4A-4137-8DE7-2824908D1C17} - C:\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Creative Detector] "C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe" /R
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Del1134439] cmd.exe /Q /D /c del "C:\Users\Steamer\AppData\Local\Temp\0.del"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: NameServer = 10.134.115.143
TCP: Interfaces\{B7269038-4207-4380-A65A-9DCE0D601EDA} : DHCPNameServer = 10.134.115.143
AppInit_DLLs= c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=70B30019B945B5F6&affID=125026&tsp=5028
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\Steamer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: !HIDDEN! 2010-11-21 20:23; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.searchgol.tlbrSrchUrl -
FF - user.js: extensions.searchgol.id - 70b30cc80000000000000019b945b5f6
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15985
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1916:55:36
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - en
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-6 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-6 204880]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-8-8 33800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-5 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-28 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-2 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-9-25 46808]
R2 BitGuard;BitGuard;C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-10-7 2845664]
R2 eFixRealTimeProtection;eFix Real Time Protection;C:\Program Files\eFix\eFix Pro\ReiGuard.exe [2013-9-15 4394856]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-10-4 174968]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-4-14 14952]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-6 214896]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-11-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-20 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2011-4-4 21504]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2011-2-13 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-19 1255736]
.
=============== Created Last 30 ================
.
2013-10-07 21:56:13 -------- d-----w- C:\Users\Steamer\AppData\Roaming\0D0S1L2Z1P1B
2013-10-07 21:56:09 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2013-10-07 21:56:09 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2013-10-07 21:56:08 173568 ----a-w- C:\Windows\System32\xvid.ax
2013-10-07 21:56:08 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-10-07 21:56:07 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-10-07 21:56:07 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2013-10-07 21:54:56 -------- d-----w- C:\ProgramData\Babylon
2013-10-07 21:54:02 -------- d-----w- C:\Users\Steamer\AppData\Roaming\DigitalSite
2013-10-04 11:40:33 174968 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-09-28 17:38:59 9694160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-09-27 17:41:31 -------- d-----w- C:\Program Files\Soluto
2013-09-27 17:40:15 -------- d-----w- C:\ProgramData\Soluto
2013-09-25 15:47:55 -------- d-----w- C:\AdwCleaner
2013-09-25 14:24:16 -------- d-----w- C:\ProgramData\CDB
2013-09-25 14:23:24 -------- d-----w- C:\Program Files\eFix
2013-09-25 14:23:20 -------- d-----w- C:\rei
2013-09-25 14:08:17 9515512 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C0C58C7C-7664-4218-AE10-FF03DEB8A4CF}\mpengine.dll
2013-09-16 11:57:23 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-16 11:56:57 3155456 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2013-10-07 21:55:31 715038 ----a-w- C:\Windows\unins000.exe
2013-09-25 14:46:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-25 14:46:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-18 20:08:56 94208 ----a-w- C:\Windows\SysWow64\dpl100.dll
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-26 09:13:02 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-08-11 02:58:18 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-07 09:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 17:02:16.86 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/19/2010 5:47:29 PM
System Uptime: 10/7/2013 4:35:09 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0CK520
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz | Microprocessor | 2400/1066mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 730.545 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 110.483 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 13.15 GiB free.
F: is CDROM (UDF)
G: is CDROM ()
I: is FIXED (FAT32) - 931 GiB total, 853.322 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP335: 9/15/2013 3:03:05 PM - Windows Update
RP336: 9/15/2013 3:04:43 PM - Windows Update
RP337: 9/16/2013 6:54:36 AM - Windows Update
RP338: 9/16/2013 7:06:23 AM - Windows Update
RP339: 9/18/2013 6:20:49 PM - Restore Operation
RP340: 9/23/2013 12:05:39 PM - Windows Update
RP341: 9/26/2013 6:50:23 AM - Windows Update
RP343: 9/28/2013 12:37:42 PM - Windows Update
RP344: 10/7/2013 4:46:34 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Premiere Elements 9 Content
Adobe Premiere Elements 9 Content 1
Adobe Premiere Elements 9 Content 2
Adobe Premiere Elements 9 Content 3
Adobe Premiere Elements 9 HD Content 1
Adobe Premiere Elements 9 HD Content 2
Adobe Premiere Elements 9 HD Content 3
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Any Video Converter 5 5.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
BitGuard
Bonjour
BufferChm
Call of Duty® 2
Call of Duty® 4 - Modern Warfare™
Codec Package Packages
Compatibility Pack for the 2007 Office system
Copy
CopyTrans Suite Remove Only
Coupon Printer for Windows
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
DC-Bass Source 1.3.0
Dell Resource CD
Destinations
DeviceDiscovery
DirectVobSub 2.40.4209
DivX Setup
DJ_AIO_05_F4400_Software_Min
doPDF 6.1 printer
doubleTwist
EA SPORTS online 2007
eFix Pro
Elements 9 Organizer
Elements STI Installer
ESET Online Scanner v3
F4400
ffdshow v1.1.4399 [2012-03-22]
File Scavenger 3.2
FLVPlayer4Free Free FLV Player 5.2.0.0
Glary Utilities 2.40.0.1326
Google Chrome
Google Toolbar for Internet Explorer
GPBaseService2
Haali Media Splitter
Hewlett-Packard ACLM.NET v1.1.0.0
HP Customer Participation Program 14.0
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
HP Imaging Device Functions 14.0
HP Photo Creations
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
InstallIQ Updater
Internet Download Manager
IrfanView (remove only)
iTunes
Java™ 6 Update 26 (64-bit)
John Daly's ProStroke Golf
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LookInMyPC
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Links 2003
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIRC
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.4.0
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
OpenSource Flash Video Splitter 1.0.0.5
Origin
Panda ActiveScan 2.0
QuickTime
Safari
Scan
ScanSoft PDF Create! 4
Search-Gol Chrome Toolbar
searchgol toolbar
Secure Password Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Shop for HP Supplies
Sid Meier's Civilization 4 Gold
SigmaTel Audio
SlimCleaner
SlimDrivers
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
SoundFont Bank Manager
SPFSourceEdit 3.0
Split Join Convert Video 1.0
Status
Steam
SUPERAntiSpyware
System Requirements Lab
Tiger Woods PGA TOUR 07
Tiger Woods PGA TOUR 08
Tiger Woods PGA TOUR® 12: The Masters
Toolbox
TrayApp
Unity Web Player
Update for Codec Package
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VideoLAN VLC media player 0.8.6f
Visual Studio 2008 x64 Redistributables
WebReg
Windows XP Mode
WinRAR 4.00 (64-bit)
WinZip 16.0
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
10/7/2013 4:52:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.159.1395.0).
10/7/2013 4:52:33 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
10/7/2013 4:42:58 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/7/2013 4:42:58 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
10/7/2013 4:37:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 12 October 2013 - 08:17 AM.
Posted logs


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,813 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 PM

Posted 12 October 2013 - 08:15 AM

Greetings sms1295 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#5 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 13 October 2013 - 06:14 PM

Hi Gary,

 

Thank you for looking at my issue.  My friends call me Stan.   I'm looking forward to your help.

 

Have a great day,

 

Stan



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,813 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 PM

Posted 13 October 2013 - 06:24 PM

Hi Stan,

Nice to meet you. Let's see if we can make your computer feel a little better.

Please do these things for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#7 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 14 October 2013 - 08:18 PM

Gary,
 
I've attached the logs you requested.

ComboFix 13-10-13.02 - Steamer 10/14/2013 20:00:53.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8189.6066 [GMT -5:00]
Running from: c:\users\Steamer\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\XPS-720\AppData\Local\Google\Chrome\User Data\Default\preferences
I:\autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-15 to 2013-10-15 )))))))))))))))))))))))))))))))
.
.
2013-10-15 01:08 . 2013-10-15 01:08 -------- d-----w- c:\users\XPS-720\AppData\Local\temp
2013-10-15 01:08 . 2013-10-15 01:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-15 01:08 . 2013-10-15 01:08 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2013-10-15 01:08 . 2013-10-15 01:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-10-14 01:31 . 2013-10-14 01:31 -------- d-----w- c:\windows\ERUNT
2013-10-11 22:10 . 2013-10-11 22:10 -------- d-----w- c:\users\Steamer\AppData\Roaming\Lamantine
2013-10-11 22:10 . 2013-10-11 22:10 -------- d-----w- c:\program files (x86)\Sticky Password
2013-10-11 22:05 . 2013-10-11 22:08 -------- d-----w- c:\users\Steamer\Password Bank Vault
2013-10-11 22:05 . 2013-10-11 22:05 -------- d-----w- c:\users\Steamer\Password Bank Vault Backup
2013-10-11 22:05 . 2013-10-11 22:05 -------- d-----w- c:\program files (x86)\Password Bank Vault
2013-10-11 22:01 . 2013-10-11 22:01 -------- d-----w- c:\program files (x86)\Free Password Manager
2013-10-11 22:00 . 2013-10-11 22:00 -------- d-----w- c:\users\Steamer\AppData\Roaming\KeePass
2013-10-11 21:56 . 2013-10-11 21:56 -------- d-----w- c:\program files (x86)\KeePass Password Safe 2
2013-10-11 13:39 . 2013-10-11 13:39 -------- d-----w- c:\users\Steamer\AppData\Roaming\AceBIT
2013-10-11 13:38 . 2009-08-13 23:07 672024 ----a-w- c:\windows\SysWow64\wodKeys.dll
2013-10-11 13:38 . 2009-08-13 23:07 729424 ----a-w- c:\windows\SysWow64\wodSFTP.dll
2013-10-11 13:38 . 2013-10-11 13:38 -------- d-----w- c:\program files (x86)\AceBIT
2013-10-11 13:27 . 2013-10-09 01:46 117024 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-11 13:27 . 2013-09-29 06:50 16640 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-10-11 13:27 . 2013-10-15 00:48 -------- d-----w- c:\program files (x86)\Glary Utilities 3
2013-10-11 12:03 . 2013-10-11 12:04 -------- d-----w- c:\users\Steamer\AppData\Roaming\Efficient Password Manager
2013-10-11 12:03 . 2013-10-11 12:03 -------- d-----w- c:\program files (x86)\Efficient Password Manager
2013-10-11 11:48 . 2013-10-11 11:48 -------- d-----w- c:\users\Steamer\AppData\Local\Secunia PSI
2013-10-11 11:48 . 2013-10-11 11:48 -------- d-----w- c:\program files (x86)\Secunia
2013-10-10 11:36 . 2013-10-10 11:36 -------- d-----w- c:\program files\iPod
2013-10-10 11:36 . 2013-10-10 11:37 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-10 11:36 . 2013-10-10 11:37 -------- d-----w- c:\program files\iTunes
2013-10-10 11:36 . 2013-10-10 11:37 -------- d-----w- c:\program files (x86)\iTunes
2013-10-09 09:34 . 2013-10-02 09:17 174968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-10-07 21:56 . 2013-10-07 21:56 -------- d-----w- c:\users\Steamer\AppData\Roaming\0D0S1L2Z1P1B
2013-10-07 21:56 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2013-10-07 21:56 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2013-10-07 21:56 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2013-10-07 21:56 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2013-10-07 21:56 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-10-07 21:56 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-10-07 21:55 . 2013-10-07 21:56 -------- d-----w- c:\program files (x86)\Xvid
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\program files (x86)\DirectVobSub
2013-10-07 21:55 . 2012-01-10 01:45 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\program files (x86)\Lame For Audacity
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\program files (x86)\Haali
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\program files (x86)\DSP-worx
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\users\Steamer\AppData\Roaming\LavFilters
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\users\Steamer\AppData\Roaming\CDXReader
2013-10-07 21:55 . 2013-10-07 21:55 715038 ----a-w- c:\windows\unins000.exe
2013-10-07 21:55 . 2011-12-08 00:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2013-10-07 21:55 . 2011-12-08 00:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-10-07 21:55 . 2013-10-07 21:55 -------- d-----w- c:\program files (x86)\OpenSource Flash Video Splitter
2013-09-27 17:41 . 2013-09-27 20:34 -------- d-----w- c:\program files\Soluto
2013-09-27 17:40 . 2013-09-28 20:09 -------- d-----w- c:\programdata\Soluto
2013-09-25 15:47 . 2013-10-14 01:44 -------- d-----w- C:\AdwCleaner
2013-09-25 14:24 . 2013-09-28 20:09 -------- d-----w- c:\programdata\CDB
2013-09-25 14:23 . 2013-09-25 14:23 -------- d-----w- c:\program files\eFix
2013-09-25 14:23 . 2013-09-25 14:26 -------- d-----w- C:\rei
2013-09-19 02:32 . 2013-09-19 02:32 -------- d-----w- c:\users\XPS-720\AppData\Roaming\Motorola
2013-09-18 20:08 . 2013-09-18 20:08 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2013-09-16 11:56 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-16 11:56 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 18:53 . 2010-11-20 00:36 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-10 12:45 . 2012-04-07 14:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 12:45 . 2011-06-18 11:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2013-04-06 18:10 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-04-06 18:10 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-03-24 18:42 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2011-06-29 01:00 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-12-03 02:29 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-12-03 02:29 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2010-12-03 02:29 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2010-12-03 02:28 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2010-12-03 02:28 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-19 12:49 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 01:48 . 2013-10-10 11:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-26 09:13 . 2013-08-26 09:13 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-08-11 02:58 . 2011-02-14 02:45 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-08-07 09:22 . 2010-11-20 00:32 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 09:25 . 2013-08-14 18:24 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 18:24 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 18:24 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 18:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files (x86)\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-10-09 3821136]
"StickyPassword"="c:\program files (x86)\Sticky Password\stpass.exe" [2013-06-19 8136504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"ScanSoft PDF Create! 4-reminder"="c:\program files (x86)\ScanSoft\PDF Create! 4\Ereg\ereg.exe" -r "c:\programdata\ScanSoft\PDF Create\4\Ereg\ereg.ini"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 eFixRealTimeProtection;eFix Real Time Protection;c:\program files\eFix\eFix Pro\ReiGuard.exe;c:\program files\eFix\eFix Pro\ReiGuard.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-07 21:52 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 12:45]
.
2013-10-15 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-10-09 01:42]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 18:44]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 18:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mSearchAssistant = hxxp://www.google.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Sticky Password - c:\program files (x86)\Sticky Password\spIEBho.dll/616
TCP: DhcpNameServer = 10.134.115.143
FF - ProfilePath - c:\users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - ExtSQL: 2013-10-07 16:55; ffxtlbr@searchgol.com; c:\users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\extensions\ffxtlbr@searchgol.com
FF - ExtSQL: 2013-10-11 17:10; {54affe52-8223-453b-be1e-2fe2e250045c}; c:\users\Steamer\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF - ExtSQL: !HIDDEN! 2010-11-21 20:23; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{6AA40521-14E7-4B1D-B1B4-98528C1388C9} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3863758328-1912814184-2497178566-1003_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5c,02,fc,e4,5e,28,d5,d9,48,64,80,77,92,97,7d,d5,1b,51,f4,cf,ae,
c4,47,5e,11,d4,81,50,8f,27,20,bd,55,3c,12,fe,ec,ad,7b,53,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3863758328-1912814184-2497178566-1003_Classes\Wow6432Node\CLSID\{61459a75-508c-4aa2-bb82-75744a19c713}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000158
"Therad"=dword:00000014
.
[HKEY_USERS\S-1-5-21-3863758328-1912814184-2497178566-1003_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):27,d4,41,60,ed,2d,ae,da,5e,2d,8c,4f,ba,e6,c7,db,24,f4,cd,3a,0f,
74,3e,c5,49,0b,e6,58,77,2f,11,25,67,5b,48,a9,c4,93,ac,34,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3863758328-1912814184-2497178566-1003_Classes\Wow6432Node\CLSID\{d124bd41-edb7-499a-96c8-9899e3091d5f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002a
"Therad"=dword:00000015
"MData"=hex(0):5f,66,a0,f1,c7,ce,a4,62,d8,a9,f2,76,16,17,f0,0d,05,2a,b0,56,39,
be,f3,2c,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-14 20:11:09
ComboFix-quarantined-files.txt 2013-10-15 01:11
.
Pre-Run: 781,841,346,560 bytes free
Post-Run: 781,679,493,120 bytes free
.
- - End Of File - - 44BB28122FA236540EA973FE02CFA518
A36C5E4F47E84449FF07ED3517B43A31

# AdwCleaner v3.005 - Report created 26/09/2013 at 09:35:26
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Steamer - NEW_PC
# Running from : C:\Users\Steamer\Downloads\Programs\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\XPS-720\AppData\Roaming\Mozilla\Firefox\Profiles\x0bdcivu.default\prefs.js ]


[ File : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\prefs.js ]


[ File : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\phbyahzd.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\XPS-720\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7390 octets] - [25/09/2013 10:47:58]
AdwCleaner[R1].txt - [1517 octets] - [25/09/2013 10:57:07]
AdwCleaner[R2].txt - [1536 octets] - [26/09/2013 09:34:36]
AdwCleaner[S0].txt - [7210 octets] - [25/09/2013 10:50:50]
AdwCleaner[S1].txt - [1582 octets] - [25/09/2013 10:59:32]
AdwCleaner[S2].txt - [1457 octets] - [26/09/2013 09:35:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1517 octets] ##########
# AdwCleaner v3.007 - Report created 13/10/2013 at 20:24:59
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Steamer - NEW_PC
# Running from : C:\Users\Steamer\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\Program Files (x86)\searchgol
Folder Deleted : C:\Users\Steamer\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Steamer\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Steamer\AppData\Roaming\searchgol
Folder Deleted : C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\Extensions\ffxtlbr@searchgol.com
File Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\bProtector_extensions.rdf
File Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\bprotector_prefs.js
File Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\invalidprefs.js
File Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\searchplugins\searchgol.xml
File Deleted : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\user.js
File Deleted : C:\Windows\Tasks\digitalsite.job
File Deleted : C:\Windows\System32\Tasks\digitalsite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\5c68cdab46fbf49
Key Deleted : HKLM\SOFTWARE\5c68cdab46fbf49
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Package Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\XPS-720\AppData\Roaming\Mozilla\Firefox\Profiles\x0bdcivu.default\prefs.js ]


[ File : C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=70B30019B945B5F6&affID=125026&tsp=5028");
Line Deleted : user_pref("extensions.searchgol.admin", false);
Line Deleted : user_pref("extensions.searchgol.aflt", "babsst");
Line Deleted : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Line Deleted : user_pref("extensions.searchgol.autoRvrt", "false");
Line Deleted : user_pref("extensions.searchgol.dfltLng", "en");
Line Deleted : user_pref("extensions.searchgol.excTlbr", false);
Line Deleted : user_pref("extensions.searchgol.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.searchgol.id", "70b30cc80000000000000019b945b5f6");
Line Deleted : user_pref("extensions.searchgol.instlDay", "15985");
Line Deleted : user_pref("extensions.searchgol.instlRef", "sst");
Line Deleted : user_pref("extensions.searchgol.newTab", false);
Line Deleted : user_pref("extensions.searchgol.prdct", "searchgol");
Line Deleted : user_pref("extensions.searchgol.prtnrId", "searchgol");
Line Deleted : user_pref("extensions.searchgol.rvrt", "false");
Line Deleted : user_pref("extensions.searchgol.smplGrp", "none");
Line Deleted : user_pref("extensions.searchgol.tlbrId", "base");
Line Deleted : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Line Deleted : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1916:55:36");
Line Deleted : user_pref("extensions.searchgol.vrsni", "1.8.16.19");

[ File : C:\Users\Hannah\AppData\Roaming\Mozilla\Firefox\Profiles\phbyahzd.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\XPS-720\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

[ File : C:\Users\Hannah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7390 octets] - [25/09/2013 10:47:58]
AdwCleaner[R1].txt - [1517 octets] - [25/09/2013 10:57:07]
AdwCleaner[R2].txt - [8385 octets] - [26/09/2013 09:34:36]
AdwCleaner[S0].txt - [7210 octets] - [25/09/2013 10:50:50]
AdwCleaner[S1].txt - [1582 octets] - [25/09/2013 10:59:32]
AdwCleaner[S2].txt - [8164 octets] - [26/09/2013 09:35:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8224 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Professional x64
Ran by Steamer on Sun 10/13/2013 at 20:31:57.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3863758328-1912814184-2497178566-1003\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Steamer\AppData\Roaming\mozilla\firefox\profiles\jt329qy5.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\Steamer\AppData\Roaming\mozilla\firefox\profiles\jt329qy5.default\prefs.js

user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
Emptied folder: C:\Users\Steamer\AppData\Roaming\mozilla\firefox\profiles\jt329qy5.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/13/2013 at 20:40:38.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Files


Edited by Oh My, 14 October 2013 - 08:47 PM.
Logs posted


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,813 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 PM

Posted 14 October 2013 - 09:22 PM

Thanks Stan,

Please copy and paste the information rather than attach the files. It makes it easier for me to review.

Please run this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Farbar logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#9 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 16 October 2013 - 08:39 AM

Gary,

 

Sorry for the attachments.  Below are the additional log you requested:

 

FRST - Log

=============

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Steamer (administrator) on NEW_PC on 16-10-2013 08:21:30
Running from C:\Users\Steamer\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTsvcCDA.EXE
(Reimage®) C:\Program Files\eFix\eFix Pro\ReiGuard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SigmaTel, Inc.) C:\Windows\stsystra.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKCU\...\Run: [Creative Detector] - C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe [102400 2004-12-02] (Creative Technology Ltd)
HKCU\...\Run: [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3821136 2013-10-09] (Tonec Inc.)
HKCU\...\Run: [StickyPassword] - "C:\Program Files (x86)\Sticky Password\stpass.exe" /autorunned
HKLM-x32\...\Run: [SigmatelSysTrayApp] - stsystra.exe
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1895424 2012-05-01] (Dominik Reichl)
HKU\XPS-720\...\Run: [Creative Detector] - C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe [102400 2004-12-02] (Creative Technology Ltd)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x309837B6D195CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {A5F60563-AED5-4150-845C-9FA043DC0503} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKCU - {A5F60563-AED5-4150-845C-9FA043DC0503} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PodcastBHO Class - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -  No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} -  No File
DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.134.115.143
 
FireFox:
========
FF ProfilePath: C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan - C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Steamer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Steamer\AppData\Roaming\Mozilla\Firefox\Profiles\jt329qy5.default\searchplugins\iBryte_playbryte.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR DefaultSuggestURL: (SearchGol) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (IDM Integration Module) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.2_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\Steamer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
R2 eFixRealTimeProtection; C:\Program Files\eFix\eFix Pro\ReiGuard.exe [4395880 2013-10-10] (Reimage®)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-11-20] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [103736 2010-11-20] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16640 2013-09-29] (<Glarysoft Ltd>)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 STHDA; C:\Windows\System32\drivers\sthda64.sys [1112064 2006-07-27] (SigmaTel, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-08-10] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-16 08:21 - 2013-10-16 08:21 - 00000000 ____D C:\FRST
2013-10-16 08:20 - 2013-10-16 08:20 - 01954124 _____ (Farbar) C:\Users\Steamer\Desktop\FRST64.exe
2013-10-14 20:11 - 2013-10-14 20:11 - 00026246 _____ C:\ComboFix.txt
2013-10-13 20:45 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-13 20:45 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-13 20:45 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-13 20:45 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-13 20:45 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-13 20:45 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-13 20:45 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-13 20:45 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-13 20:44 - 2013-10-14 20:11 - 00000000 ____D C:\Qoobox
2013-10-13 20:44 - 2013-10-14 20:09 - 00000000 ____D C:\Windows\erdnt
2013-10-13 20:40 - 2013-10-13 20:40 - 00002052 _____ C:\Users\Steamer\Desktop\JRT.txt
2013-10-13 20:31 - 2013-10-13 20:31 - 00000000 ____D C:\Windows\ERUNT
2013-10-13 20:19 - 2013-10-13 20:19 - 05132614 ____R (Swearware) C:\Users\Steamer\Desktop\ComboFix.exe
2013-10-13 20:19 - 2013-10-13 20:19 - 01048960 _____ C:\Users\Steamer\Desktop\adwcleaner.exe
2013-10-13 20:19 - 2013-10-13 20:19 - 01032220 _____ (Thisisu) C:\Users\Steamer\Desktop\JRT.exe
2013-10-13 15:38 - 2013-10-13 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-11 17:10 - 2013-10-11 17:11 - 00000000 ___SD C:\Users\Steamer\Documents\Sticky Passwords
2013-10-11 17:05 - 2013-10-11 17:08 - 00000000 ____D C:\Users\Steamer\Password Bank Vault
2013-10-11 17:05 - 2013-10-11 17:05 - 00001103 _____ C:\Users\Public\Desktop\Password Bank Vault.lnk
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\Users\Steamer\Password Bank Vault Backup
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\Program Files (x86)\Password Bank Vault
2013-10-11 17:01 - 2013-10-11 17:04 - 00000000 ____D C:\Users\Steamer\Documents\Free Password Manager
2013-10-11 17:01 - 2013-10-11 17:01 - 00001980 _____ C:\Users\Public\Desktop\Free Password Manager.lnk
2013-10-11 17:01 - 2013-10-11 17:01 - 00000000 ____D C:\Program Files (x86)\Free Password Manager
2013-10-11 17:00 - 2013-10-11 17:00 - 00002158 _____ C:\Users\Steamer\Documents\NewDatabase.kdbx
2013-10-11 17:00 - 2013-10-11 17:00 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\KeePass
2013-10-11 16:56 - 2013-10-11 16:56 - 00001069 _____ C:\Users\Steamer\Desktop\KeePass 2.lnk
2013-10-11 16:56 - 2013-10-11 16:56 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-10-11 16:24 - 2013-10-16 08:04 - 00000504 _____ C:\Windows\setupact.log
2013-10-11 16:24 - 2013-10-11 16:24 - 00000000 _____ C:\Windows\setuperr.log
2013-10-11 16:23 - 2013-10-14 20:36 - 00002674 _____ C:\Windows\PFRO.log
2013-10-11 08:39 - 2013-10-11 17:12 - 00000000 ____D C:\Users\Steamer\Documents\Password Depot
2013-10-11 08:39 - 2013-10-11 08:39 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\AceBIT
2013-10-11 08:38 - 2013-10-11 08:38 - 00001167 _____ C:\Users\Steamer\Desktop\Password Depot 7.lnk
2013-10-11 08:38 - 2013-10-11 08:38 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AceBIT
2013-10-11 08:38 - 2013-10-11 08:38 - 00000000 ____D C:\Program Files (x86)\AceBIT
2013-10-11 08:38 - 2009-08-13 18:07 - 00729424 _____ (WeOnlyDo Software) C:\Windows\SysWOW64\wodSFTP.dll
2013-10-11 08:38 - 2009-08-13 18:07 - 00672024 _____ (WeOnlyDo! COM) C:\Windows\SysWOW64\wodKeys.dll
2013-10-11 08:34 - 2013-10-11 08:37 - 31089928 _____ (AceBIT GmbH                                                 ) C:\Users\Steamer\Downloads\pdepot7.exe
2013-10-11 08:27 - 2013-10-16 08:07 - 00000336 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-10-11 08:27 - 2013-10-16 08:07 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-10-11 08:27 - 2013-10-11 08:27 - 00002632 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-10-11 08:27 - 2013-10-11 08:27 - 00001044 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-10-11 08:27 - 2013-10-08 20:46 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-10-11 08:27 - 2013-09-29 01:50 - 00016640 _____ (<Glarysoft Ltd>) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-10-11 08:25 - 2013-10-11 08:26 - 16678520 _____ C:\Users\Steamer\Downloads\gu3setup.exe
2013-10-11 07:05 - 2013-10-11 17:15 - 00000000 ____D C:\Users\Steamer\Documents\Efficient Organizer AutoBackup
2013-10-11 07:04 - 2013-10-11 17:15 - 01851392 _____ C:\Users\Steamer\Documents\MyPwd.epmx
2013-10-11 07:03 - 2013-10-11 07:04 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Efficient Password Manager
2013-10-11 07:03 - 2013-10-11 07:03 - 00001077 _____ C:\Users\Steamer\Desktop\Efficient Password Manager.lnk
2013-10-11 07:03 - 2013-10-11 07:03 - 00000000 ____D C:\Program Files (x86)\Efficient Password Manager
2013-10-11 06:48 - 2013-10-11 06:48 - 00000000 ____D C:\Users\Steamer\AppData\Local\Secunia PSI
2013-10-11 06:48 - 2013-10-11 06:48 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-10-11 06:47 - 2013-10-11 06:48 - 03272136 _____ (Secunia) C:\Users\Steamer\Downloads\PSISetup.exe
2013-10-11 06:36 - 2013-10-11 06:36 - 03257181 _____ (Real-Soft.co.uk                                             ) C:\Users\Steamer\Downloads\PBV39setup.exe
2013-10-11 06:35 - 2013-10-11 06:36 - 14495520 _____ (Lamantine Software                                          ) C:\Users\Steamer\Downloads\stpass_trial_6011449.exe
2013-10-11 06:35 - 2013-10-11 06:35 - 09598048 _____ (                                                            ) C:\Users\Steamer\Downloads\EfficientPasswordManager-Setup.exe
2013-10-11 06:34 - 2013-10-11 06:34 - 01053480 _____ C:\Users\Steamer\Downloads\FPM-Setup.exe
2013-10-11 06:30 - 2013-10-11 06:31 - 14221336 _____ (Siber Systems) C:\Users\Steamer\Downloads\AiRoboForm-cnetc.exe
2013-10-11 06:30 - 2013-10-11 06:30 - 02196305 _____ (Dominik Reichl                                              ) C:\Users\Steamer\Downloads\KeePass-2.19-Setup.exe
2013-10-11 06:29 - 2013-10-11 06:29 - 00000000 ____D C:\Users\Steamer\Documents\New folder
2013-10-10 14:02 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 14:02 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 14:02 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 14:02 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 14:02 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 14:02 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 14:02 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 14:02 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 14:02 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 14:02 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 14:02 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 14:02 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 06:57 - 2013-10-10 06:57 - 00000095 _____ C:\Users\Steamer\AppData\Roaming\WB.CFG
2013-10-10 06:57 - 2013-10-10 06:57 - 00000006 _____ C:\Users\Steamer\AppData\Roaming\WBPU-TTL.DAT
2013-10-10 06:37 - 2013-10-10 06:37 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-10 06:36 - 2013-10-10 06:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-10 06:36 - 2013-10-10 06:37 - 00000000 ____D C:\Program Files\iTunes
2013-10-10 06:36 - 2013-10-10 06:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-10 06:36 - 2013-10-10 06:36 - 00000000 ____D C:\Program Files\iPod
2013-10-10 06:24 - 2013-09-13 20:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 06:24 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 06:24 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 06:24 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 06:24 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 06:24 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 06:24 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 06:24 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 06:24 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 06:24 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 06:24 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 06:24 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 06:24 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 06:24 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 06:24 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 06:24 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 06:24 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 06:24 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 06:24 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 06:24 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 06:24 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 06:24 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 06:24 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:24 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:24 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 06:24 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 06:24 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 06:24 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 06:24 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 06:24 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 06:24 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 06:24 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 06:24 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 06:24 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 06:24 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 06:24 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 06:24 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 06:24 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 06:24 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 06:24 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 06:24 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 06:24 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 06:24 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 06:24 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 06:24 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 06:24 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 04:34 - 2013-10-02 04:17 - 00174968 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-10-07 17:02 - 2013-10-07 17:02 - 00022771 _____ C:\Users\Steamer\Desktop\dds.txt
2013-10-07 17:02 - 2013-10-07 17:02 - 00008836 _____ C:\Users\Steamer\Desktop\attach.txt
2013-10-07 16:56 - 2013-10-07 16:56 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\0D0S1L2Z1P1B
2013-10-07 16:56 - 2011-05-30 08:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2013-10-07 16:56 - 2011-05-30 08:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2013-10-07 16:56 - 2011-05-23 04:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2013-10-07 16:56 - 2011-05-23 02:49 - 00173568 _____ C:\Windows\system32\xvid.ax
2013-10-07 16:56 - 2011-05-23 02:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2013-10-07 16:56 - 2011-05-23 02:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2013-10-07 16:55 - 2013-10-07 16:56 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-10-07 16:55 - 2013-10-07 16:55 - 00715038 _____ C:\Windows\unins000.exe
2013-10-07 16:55 - 2013-10-07 16:55 - 00001990 _____ C:\Windows\unins000.dat
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\LavFilters
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\CDXReader
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\Haali
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-10-07 16:55 - 2012-01-09 20:45 - 00178688 _____ C:\Windows\SysWOW64\unrar.dll
2013-10-07 16:55 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-10-07 16:55 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-09-28 12:41 - 2013-10-13 14:13 - 00026378 _____ C:\Windows\system32\ScanResults.xml
2013-09-28 12:31 - 2013-10-13 14:11 - 00001056 _____ C:\Windows\system32\SettingsFile
2013-09-27 13:48 - 2013-09-27 13:49 - 00056120 _____ C:\Users\Steamer\Documents\Inventory-report_20130927.xlsx
2013-09-27 13:46 - 2013-09-27 13:46 - 00466273 _____ C:\Users\Steamer\Documents\EventLog-Report_Sep.27.xlsx
2013-09-27 12:41 - 2013-09-27 15:34 - 00000000 ____D C:\Program Files\Soluto
2013-09-27 12:41 - 2013-09-27 15:29 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-09-27 12:40 - 2013-09-28 15:09 - 00000000 ____D C:\ProgramData\Soluto
2013-09-25 13:28 - 2013-09-27 09:31 - 00000023 _____ C:\Users\Steamer\Desktop\44.txt
2013-09-25 11:13 - 2013-09-25 11:13 - 00004357 _____ C:\Users\Steamer\Desktop\RKreport[0]_S_09252013_111350.txt
2013-09-25 11:12 - 2013-09-25 11:12 - 00004707 _____ C:\Users\Steamer\Desktop\RKreport[0]_D_09252013_111212.txt
2013-09-25 11:11 - 2013-09-25 11:11 - 00004649 _____ C:\Users\Steamer\Desktop\RKreport[0]_S_09252013_111133.txt
2013-09-25 11:07 - 2013-09-25 11:15 - 00000000 ____D C:\Users\Steamer\Desktop\RK_Quarantine
2013-09-25 10:55 - 2013-09-25 10:55 - 00007210 _____ C:\Users\Steamer\Documents\AdwCleaner[S0].txt
2013-09-25 10:47 - 2013-10-14 20:16 - 00000000 ____D C:\AdwCleaner
2013-09-25 09:26 - 2013-09-25 09:26 - 00003414 _____ C:\Windows\System32\Tasks\eFix Reminder
2013-09-25 09:24 - 2013-09-28 15:09 - 00000000 ____D C:\ProgramData\CDB
2013-09-25 09:23 - 2013-09-25 09:26 - 00000000 ____D C:\rei
2013-09-25 09:23 - 2013-09-25 09:23 - 00001780 _____ C:\Users\Public\Desktop\eFix Pro.lnk
2013-09-25 09:23 - 2013-09-25 09:23 - 00000000 ____D C:\Program Files\eFix
2013-09-25 09:21 - 2013-09-25 09:26 - 00000162 _____ C:\Windows\efix.ini
2013-09-18 21:32 - 2013-09-18 21:32 - 00000000 ____D C:\Users\XPS-720\AppData\Roaming\Motorola
2013-09-18 15:08 - 2013-09-18 15:08 - 00094208 _____ (DivX, Inc.) C:\Windows\SysWOW64\dpl100.dll
2013-09-16 06:57 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-16 06:57 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-16 06:57 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-16 06:57 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-16 06:57 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-16 06:57 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-16 06:57 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 06:57 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-16 06:56 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-16 06:56 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-16 06:56 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-16 06:56 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
 
==================== One Month Modified Files and Folders =======
 
2013-10-16 08:21 - 2013-10-16 08:21 - 00000000 ____D C:\FRST
2013-10-16 08:20 - 2013-10-16 08:20 - 01954124 _____ (Farbar) C:\Users\Steamer\Desktop\FRST64.exe
2013-10-16 08:15 - 2009-07-13 23:45 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 08:15 - 2009-07-13 23:45 - 00013472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-16 08:14 - 2010-11-19 22:35 - 01480513 _____ C:\Windows\WindowsUpdate.log
2013-10-16 08:07 - 2013-10-11 08:27 - 00000336 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-10-16 08:07 - 2013-10-11 08:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-10-16 08:06 - 2012-03-24 13:44 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-16 08:04 - 2013-10-11 16:24 - 00000504 _____ C:\Windows\setupact.log
2013-10-16 08:04 - 2012-05-06 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-16 08:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 10:00 - 2010-11-22 08:20 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\DMCache
2013-10-15 09:57 - 2012-03-24 13:44 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 09:45 - 2012-04-07 09:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 09:33 - 2010-11-19 20:06 - 00000000 ____D C:\Users\Steamer\AppData\Local\Mozilla
2013-10-14 20:36 - 2013-10-11 16:23 - 00002674 _____ C:\Windows\PFRO.log
2013-10-14 20:16 - 2013-09-25 10:47 - 00000000 ____D C:\AdwCleaner
2013-10-14 20:11 - 2013-10-14 20:11 - 00026246 _____ C:\ComboFix.txt
2013-10-14 20:11 - 2013-10-13 20:44 - 00000000 ____D C:\Qoobox
2013-10-14 20:11 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2013-10-14 20:09 - 2013-10-13 20:44 - 00000000 ____D C:\Windows\erdnt
2013-10-14 20:08 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2013-10-14 19:47 - 2012-07-11 10:50 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-10-13 20:40 - 2013-10-13 20:40 - 00002052 _____ C:\Users\Steamer\Desktop\JRT.txt
2013-10-13 20:31 - 2013-10-13 20:31 - 00000000 ____D C:\Windows\ERUNT
2013-10-13 20:26 - 2010-11-22 08:20 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-10-13 20:19 - 2013-10-13 20:19 - 05132614 ____R (Swearware) C:\Users\Steamer\Desktop\ComboFix.exe
2013-10-13 20:19 - 2013-10-13 20:19 - 01048960 _____ C:\Users\Steamer\Desktop\adwcleaner.exe
2013-10-13 20:19 - 2013-10-13 20:19 - 01032220 _____ (Thisisu) C:\Users\Steamer\Desktop\JRT.exe
2013-10-13 20:17 - 2010-11-22 08:20 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\IDM
2013-10-13 15:58 - 2010-11-21 18:34 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\mIRC
2013-10-13 15:38 - 2013-10-13 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-13 14:13 - 2013-09-28 12:41 - 00026378 _____ C:\Windows\system32\ScanResults.xml
2013-10-13 14:11 - 2013-09-28 12:31 - 00001056 _____ C:\Windows\system32\SettingsFile
2013-10-11 17:15 - 2013-10-11 07:05 - 00000000 ____D C:\Users\Steamer\Documents\Efficient Organizer AutoBackup
2013-10-11 17:15 - 2013-10-11 07:04 - 01851392 _____ C:\Users\Steamer\Documents\MyPwd.epmx
2013-10-11 17:12 - 2013-10-11 08:39 - 00000000 ____D C:\Users\Steamer\Documents\Password Depot
2013-10-11 17:11 - 2013-10-11 17:10 - 00000000 ___SD C:\Users\Steamer\Documents\Sticky Passwords
2013-10-11 17:08 - 2013-10-11 17:05 - 00000000 ____D C:\Users\Steamer\Password Bank Vault
2013-10-11 17:05 - 2013-10-11 17:05 - 00001103 _____ C:\Users\Public\Desktop\Password Bank Vault.lnk
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\Users\Steamer\Password Bank Vault Backup
2013-10-11 17:05 - 2013-10-11 17:05 - 00000000 ____D C:\Program Files (x86)\Password Bank Vault
2013-10-11 17:05 - 2010-11-19 18:58 - 00000000 ____D C:\Users\Steamer
2013-10-11 17:04 - 2013-10-11 17:01 - 00000000 ____D C:\Users\Steamer\Documents\Free Password Manager
2013-10-11 17:01 - 2013-10-11 17:01 - 00001980 _____ C:\Users\Public\Desktop\Free Password Manager.lnk
2013-10-11 17:01 - 2013-10-11 17:01 - 00000000 ____D C:\Program Files (x86)\Free Password Manager
2013-10-11 17:00 - 2013-10-11 17:00 - 00002158 _____ C:\Users\Steamer\Documents\NewDatabase.kdbx
2013-10-11 17:00 - 2013-10-11 17:00 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\KeePass
2013-10-11 16:56 - 2013-10-11 16:56 - 00001069 _____ C:\Users\Steamer\Desktop\KeePass 2.lnk
2013-10-11 16:56 - 2013-10-11 16:56 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-10-11 16:24 - 2013-10-11 16:24 - 00000000 _____ C:\Windows\setuperr.log
2013-10-11 11:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 08:39 - 2013-10-11 08:39 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\AceBIT
2013-10-11 08:38 - 2013-10-11 08:38 - 00001167 _____ C:\Users\Steamer\Desktop\Password Depot 7.lnk
2013-10-11 08:38 - 2013-10-11 08:38 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AceBIT
2013-10-11 08:38 - 2013-10-11 08:38 - 00000000 ____D C:\Program Files (x86)\AceBIT
2013-10-11 08:37 - 2013-10-11 08:34 - 31089928 _____ (AceBIT GmbH                                                 ) C:\Users\Steamer\Downloads\pdepot7.exe
2013-10-11 08:31 - 2011-02-06 16:48 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Accessories
2013-10-11 08:31 - 2010-11-19 22:31 - 00000000 ____D C:\Windows\Panther
2013-10-11 08:27 - 2013-10-11 08:27 - 00002632 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-10-11 08:27 - 2013-10-11 08:27 - 00001044 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-10-11 08:27 - 2010-12-03 07:10 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\GlarySoft
2013-10-11 08:26 - 2013-10-11 08:25 - 16678520 _____ C:\Users\Steamer\Downloads\gu3setup.exe
2013-10-11 07:04 - 2013-10-11 07:03 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Efficient Password Manager
2013-10-11 07:03 - 2013-10-11 07:03 - 00001077 _____ C:\Users\Steamer\Desktop\Efficient Password Manager.lnk
2013-10-11 07:03 - 2013-10-11 07:03 - 00000000 ____D C:\Program Files (x86)\Efficient Password Manager
2013-10-11 06:48 - 2013-10-11 06:48 - 00000000 ____D C:\Users\Steamer\AppData\Local\Secunia PSI
2013-10-11 06:48 - 2013-10-11 06:48 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-10-11 06:48 - 2013-10-11 06:47 - 03272136 _____ (Secunia) C:\Users\Steamer\Downloads\PSISetup.exe
2013-10-11 06:36 - 2013-10-11 06:36 - 03257181 _____ (Real-Soft.co.uk                                             ) C:\Users\Steamer\Downloads\PBV39setup.exe
2013-10-11 06:36 - 2013-10-11 06:35 - 14495520 _____ (Lamantine Software                                          ) C:\Users\Steamer\Downloads\stpass_trial_6011449.exe
2013-10-11 06:35 - 2013-10-11 06:35 - 09598048 _____ (                                                            ) C:\Users\Steamer\Downloads\EfficientPasswordManager-Setup.exe
2013-10-11 06:34 - 2013-10-11 06:34 - 01053480 _____ C:\Users\Steamer\Downloads\FPM-Setup.exe
2013-10-11 06:31 - 2013-10-11 06:30 - 14221336 _____ (Siber Systems) C:\Users\Steamer\Downloads\AiRoboForm-cnetc.exe
2013-10-11 06:30 - 2013-10-11 06:30 - 02196305 _____ (Dominik Reichl                                              ) C:\Users\Steamer\Downloads\KeePass-2.19-Setup.exe
2013-10-11 06:29 - 2013-10-11 06:29 - 00000000 ____D C:\Users\Steamer\Documents\New folder
2013-10-11 06:01 - 2009-07-14 00:13 - 00739918 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 05:53 - 2009-07-13 23:45 - 00383352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 05:47 - 2013-03-14 13:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 14:04 - 2009-07-13 21:34 - 00000597 _____ C:\Windows\win.ini
2013-10-10 14:01 - 2013-03-14 13:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 13:56 - 2013-08-14 16:34 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 13:53 - 2010-11-19 19:36 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 07:46 - 2012-04-07 09:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 07:45 - 2012-04-07 09:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 07:45 - 2011-06-18 06:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 06:57 - 2013-10-10 06:57 - 00000095 _____ C:\Users\Steamer\AppData\Roaming\WB.CFG
2013-10-10 06:57 - 2013-10-10 06:57 - 00000006 _____ C:\Users\Steamer\AppData\Roaming\WBPU-TTL.DAT
2013-10-10 06:52 - 2012-03-24 13:44 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 06:52 - 2012-03-24 13:44 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 06:37 - 2013-10-10 06:37 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-10 06:37 - 2013-10-10 06:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-10 06:37 - 2013-10-10 06:36 - 00000000 ____D C:\Program Files\iTunes
2013-10-10 06:37 - 2013-10-10 06:36 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-10 06:36 - 2013-10-10 06:36 - 00000000 ____D C:\Program Files\iPod
2013-10-10 06:15 - 2012-10-29 08:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-10 06:12 - 2010-12-02 21:28 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-10-08 20:46 - 2013-10-11 08:27 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-10-07 17:02 - 2013-10-07 17:02 - 00022771 _____ C:\Users\Steamer\Desktop\dds.txt
2013-10-07 17:02 - 2013-10-07 17:02 - 00008836 _____ C:\Users\Steamer\Desktop\attach.txt
2013-10-07 17:01 - 2010-11-22 13:28 - 00000000 ____D C:\Program Files (x86)\DivX
2013-10-07 17:01 - 2010-11-22 13:27 - 00000000 ____D C:\ProgramData\DivX
2013-10-07 16:57 - 2012-03-24 13:47 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-07 16:56 - 2013-10-07 16:56 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\0D0S1L2Z1P1B
2013-10-07 16:56 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-10-07 16:55 - 2013-10-07 16:55 - 00715038 _____ C:\Windows\unins000.exe
2013-10-07 16:55 - 2013-10-07 16:55 - 00001990 _____ C:\Windows\unins000.dat
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\LavFilters
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\CDXReader
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\Haali
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-10-07 16:55 - 2013-10-07 16:55 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-10-07 16:55 - 2011-05-11 14:41 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-10-02 04:17 - 2013-10-09 04:34 - 00174968 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-09-29 01:50 - 2013-10-11 08:27 - 00016640 _____ (<Glarysoft Ltd>) C:\Windows\system32\Drivers\BootDefragDriver.sys
2013-09-28 15:09 - 2013-09-27 12:40 - 00000000 ____D C:\ProgramData\Soluto
2013-09-28 15:09 - 2013-09-25 09:24 - 00000000 ____D C:\ProgramData\CDB
2013-09-28 15:09 - 2013-07-23 08:46 - 00000000 ____D C:\Users\Guest
2013-09-28 15:09 - 2012-08-18 09:25 - 00000000 ____D C:\Users\Hannah
2013-09-28 15:09 - 2011-08-08 09:42 - 00000000 ____D C:\Program Files (x86)\Panda Security
2013-09-28 15:09 - 2010-11-19 18:47 - 00000000 ____D C:\Users\XPS-720
2013-09-28 15:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-28 12:16 - 2010-12-02 21:29 - 00001933 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-27 15:34 - 2013-09-27 12:41 - 00000000 ____D C:\Program Files\Soluto
2013-09-27 15:29 - 2013-09-27 12:41 - 00000193 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2013-09-27 13:49 - 2013-09-27 13:48 - 00056120 _____ C:\Users\Steamer\Documents\Inventory-report_20130927.xlsx
2013-09-27 13:46 - 2013-09-27 13:46 - 00466273 _____ C:\Users\Steamer\Documents\EventLog-Report_Sep.27.xlsx
2013-09-27 09:31 - 2013-09-25 13:28 - 00000023 _____ C:\Users\Steamer\Desktop\44.txt
2013-09-25 11:15 - 2013-09-25 11:07 - 00000000 ____D C:\Users\Steamer\Desktop\RK_Quarantine
2013-09-25 11:13 - 2013-09-25 11:13 - 00004357 _____ C:\Users\Steamer\Desktop\RKreport[0]_S_09252013_111350.txt
2013-09-25 11:12 - 2013-09-25 11:12 - 00004707 _____ C:\Users\Steamer\Desktop\RKreport[0]_D_09252013_111212.txt
2013-09-25 11:11 - 2013-09-25 11:11 - 00004649 _____ C:\Users\Steamer\Desktop\RKreport[0]_S_09252013_111133.txt
2013-09-25 11:03 - 2010-11-22 08:20 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-09-25 11:03 - 2009-07-14 02:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-25 11:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-25 10:55 - 2013-09-25 10:55 - 00007210 _____ C:\Users\Steamer\Documents\AdwCleaner[S0].txt
2013-09-25 09:26 - 2013-09-25 09:26 - 00003414 _____ C:\Windows\System32\Tasks\eFix Reminder
2013-09-25 09:26 - 2013-09-25 09:23 - 00000000 ____D C:\rei
2013-09-25 09:26 - 2013-09-25 09:21 - 00000162 _____ C:\Windows\efix.ini
2013-09-25 09:23 - 2013-09-25 09:23 - 00001780 _____ C:\Users\Public\Desktop\eFix Pro.lnk
2013-09-25 09:23 - 2013-09-25 09:23 - 00000000 ____D C:\Program Files\eFix
2013-09-25 08:46 - 2009-07-13 21:34 - 77594624 _____ C:\Windows\system32\config\software.gbck
2013-09-25 08:46 - 2009-07-13 21:34 - 16252928 _____ C:\Windows\system32\config\system.gbck
2013-09-25 08:46 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.gbck
2013-09-25 08:46 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.gbck
2013-09-25 08:46 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\default.gbck
2013-09-25 08:45 - 2009-07-13 21:34 - 42729472 _____ C:\Windows\system32\config\components.gbck
2013-09-25 08:25 - 2011-12-29 09:56 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2013-09-22 18:28 - 2013-10-10 14:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 18:28 - 2013-10-10 14:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 18:27 - 2013-10-10 14:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 17:55 - 2013-10-10 14:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 17:55 - 2013-10-10 14:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 17:55 - 2013-10-10 14:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 17:54 - 2013-10-10 14:02 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 17:54 - 2013-10-10 14:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-20 22:38 - 2013-10-10 14:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-20 22:30 - 2013-10-10 14:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 21:48 - 2013-10-10 14:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-20 21:39 - 2013-10-10 14:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-18 21:32 - 2013-09-18 21:32 - 00000000 ____D C:\Users\XPS-720\AppData\Roaming\Motorola
2013-09-18 21:32 - 2011-05-14 22:36 - 00000000 ___RD C:\Users\XPS-720\Virtual Machines
2013-09-18 21:32 - 2010-11-19 18:47 - 00000000 ___RD C:\Users\XPS-720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 21:32 - 2010-11-19 18:47 - 00000000 ___RD C:\Users\XPS-720\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 21:20 - 2011-04-01 22:15 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-18 21:20 - 2011-03-26 23:17 - 00000000 ___RD C:\Users\Steamer\Virtual Machines
2013-09-18 21:20 - 2010-11-21 10:31 - 00000000 ____D C:\ProgramData\HP
2013-09-18 21:20 - 2010-11-19 18:58 - 00000000 ___RD C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-18 21:20 - 2010-11-19 18:58 - 00000000 ___RD C:\Users\Steamer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-18 21:20 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-18 15:08 - 2013-09-18 15:08 - 00094208 _____ (DivX, Inc.) C:\Windows\SysWOW64\dpl100.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-11 11:26
 
==================== End Of Log ============================
 
Addition - Log
===============
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Steamer at 2013-10-16 08:22:17
Running from C:\Users\Steamer\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Community Help (x32 Version: 3.2.1)
Adobe Community Help (x32 Version: 3.2.1.650)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0.1)
Adobe Premiere Elements 9 Content (x32 Version: 9.0)
Adobe Premiere Elements 9 Content 1 (x32 Version: 9.0)
Adobe Premiere Elements 9 Content 2 (x32 Version: 9.0)
Adobe Premiere Elements 9 Content 3 (x32 Version: 9.0)
Adobe Premiere Elements 9 HD Content 1 (x32 Version: 9.0)
Adobe Premiere Elements 9 HD Content 2 (x32 Version: 9.0)
Adobe Premiere Elements 9 HD Content 3 (x32 Version: 9.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.615)
Any Video Converter 5 5.0.3 (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.13 (Unicode) (x32)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Bonjour (Version: 3.0.0.10)
BufferChm (x32 Version: 140.0.212.000)
Call of Duty® 2 (x32 Version: 1.2)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.6)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Copy (x32 Version: 140.0.212.000)
CopyTrans Suite Remove Only (HKCU Version: 2.15)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
Creative ALchemy (x32 Version: 1.41)
Creative Audio Control Panel (x32 Version: 2.00)
Creative Console Launcher (x32)
Creative MediaSource (x32 Version: 3.00)
Creative MediaSource 5 (x32 Version: 5.26)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Sound Blaster Properties x64 Edition (x32)
Creative WaveStudio 7 (x32 Version: 7.12)
DC-Bass Source 1.3.0 (x32)
Dell Resource CD (x32 Version: 1.00.0000)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 140.0.212.000)
DirectVobSub 2.40.4209 (x32 Version: 2.40.4209)
DivX Setup (x32 Version: 2.6.1.8)
DJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.690.000)
doPDF 6.1  printer
doubleTwist (x32 Version: 3.1.3.10972)
EA SPORTS online 2007 (x32)
Efficient Password Manager 3.55 (x32)
eFix Pro (Version: 1.7.0.5)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
ESET Online Scanner v3 (x32)
F4400 (x32 Version: 140.0.696.000)
ffdshow v1.1.4399 [2012-03-22] (x32 Version: 1.1.4399.0)
File Scavenger 3.2 (x32 Version: 3.2)
FLVPlayer4Free Free FLV Player 5.2.0.0 (x32)
Free Password Manager (x32 Version: 1.1.16)
Glary Utilities 3.9.3 (x32 Version: 3.9.3.142)
Google Chrome (x32 Version: 30.0.1599.69)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
GPBaseService2 (x32 Version: 140.0.211.000)
Haali Media Splitter (x32)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (x32 Version: 1.0.0.2024)
HP Product Detection (x32 Version: 11.14.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
HPPhotoGadget (x32 Version: 140.0.524.000)
HPProductAssistant (x32 Version: 140.0.212.000)
HPSSupply (x32 Version: 140.0.211.000)
InstallIQ Updater (x32 Version: 1.4.3.0)
Internet Download Manager (x32)
IrfanView (remove only) (x32)
iTunes (Version: 11.1.1.11)
Java™ 6 Update 26 (64-bit) (Version: 6.0.260)
John Daly's ProStroke Golf (x32 Version: 4.2.7)
KeePass Password Safe 2.19 (x32)
Lagarith Lossless Codec (1.3.27) (x32)
LAME v3.99.3 (for Windows) (x32)
LookInMyPC (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Links 2003 (x32)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
mIRC (x32 Version: 7.32)
MotoHelper 2.1.32 Driver 5.4.0 (x32 Version: 2.1.32)
MotoHelper MergeModules (x32 Version: 1.0.0)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA 3D Vision Controller Driver (x32 Version: 270.61)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL (x32)
OpenSource Flash Video Splitter 1.0.0.5 (x32 Version: 1.0.0.5)
Origin (x32 Version: 8.5.0.4554)
Panda ActiveScan 2.0 (x32 Version: 01.04.01.0014)
Password Bank Vault version 3.9 (x32 Version: 3.9)
Password Depot 7 (x32 Version: 7.0.8)
QuickTime (x32 Version: 7.74.80.86)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 140.0.80.000)
ScanSoft PDF Create! 4 (Version: 4.00.0060)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Secure Password Manager (x32)
Shop for HP Supplies (Version: 14.0)
Sid Meier's Civilization 4 Gold (x32 Version: 1.72)
SigmaTel Audio (x32 Version: 5.10.4820.0)
SlimCleaner (x32 Version: 4.0.30878)
SlimDrivers (x32 Version: 2.2.30877)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 140.0.213.000)
SoundFont Bank Manager (x32 Version: 3.21)
SPFSourceEdit 3.0 (x32)
Split Join Convert Video 1.0 (x32)
Status (x32 Version: 140.0.212.000)
Steam (x32 Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1012)
System Requirements Lab (x32)
Tiger Woods PGA TOUR 07 (x32)
Tiger Woods PGA TOUR 08 (x32)
Tiger Woods PGA TOUR® 12: The Masters (x32 Version: 1.0.0.0)
Toolbox (x32 Version: 140.0.428.000)
TrayApp (x32 Version: 140.0.212.000)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VideoLAN VLC media player 0.8.6f (x32 Version: 0.8.6f)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
WebReg (x32 Version: 140.0.212.017)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
WinZip 16.0 (Version: 16.0.9661)
Xvid Video Codec (x32 Version: 1.3.2)
 
==================== Restore Points  =========================
 
18-09-2013 23:20:49 Restore Operation
23-09-2013 17:05:39 Windows Update
26-09-2013 11:50:23 Windows Update
28-09-2013 17:37:42 Windows Update
07-10-2013 21:46:34 Windows Update
10-10-2013 18:48:22 Windows Update
15-10-2013 00:52:01 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2013-10-14 20:08 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0B8534C7-8FF1-4DC8-B687-B90F3729AFA2} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {0FD7EF02-0370-4F5F-BC79-3CED2F604B34} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {109E9E50-ED04-41A6-BD8B-602F381D5020} - \DigitalSite No Task File
Task: {25A67213-1DD2-451C-A08F-B6777D904393} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {33F75327-DA0F-48CE-BF72-B918A7A75ACC} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {3A067354-1FF5-432F-8E5A-0821088F11D5} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {3A224718-64D4-4F2C-A816-BDCE61B79A82} - System32\Tasks\eFix Reminder => C:\Program Files\eFix\eFix Pro\eFixReminder.exe [2013-10-10] (Reimage ltd.)
Task: {53B58EDF-7826-47CB-9673-7076EC0EE612} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: {5A21F56F-1E24-4A15-9CD5-818B2FC47366} - System32\Tasks\0 => Iexplore.exe 
Task: {6FE84C69-B7ED-44DF-9FE3-56739F2558A3} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe
Task: {78F1A7A5-259F-4D49-A59F-02B24AB28A50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {866719F2-2100-40BF-A94B-6826CDD573D5} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-10-08] (Glarysoft Ltd)
Task: {8861831A-5047-4D94-9883-FAF132663DA8} - System32\Tasks\AdobeAAMUpdater-1.0-XPS-720-PC-Steamer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {D7160EEC-2961-406C-8835-B852147DF401} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {DFB4458F-DD44-473A-AE7D-A5F2F2D4553C} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {F05618BD-7B62-4696-BA5D-0328F9F83E8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-20 18:05 - 2011-03-02 12:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-10-16 08:06 - 2013-10-16 03:17 - 02105856 _____ () C:\Program Files\Alwil Software\Avast5\defs\13101600\algo.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-08 20:45 - 2013-10-08 20:45 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 3\zlib1.dll
2010-05-05 20:56 - 2010-05-05 20:56 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2010-11-21 20:41 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-10-07 16:57 - 2013-10-03 01:02 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-07 16:57 - 2013-10-03 01:02 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-07 16:57 - 2013-10-03 01:03 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-07 16:57 - 2013-10-03 01:03 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-07 16:57 - 2013-10-03 01:02 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:BED252A4
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (10/16/2013 08:07:24 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/16/2013 08:07:24 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/15/2013 09:34:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (10/15/2013 09:30:55 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/15/2013 09:30:55 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/14/2013 08:38:43 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (10/14/2013 08:38:43 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/14/2013 08:08:43 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/14/2013 08:08:04 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/14/2013 08:04:37 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-14 20:08:04.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-10-14 20:08:03.920
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-08 18:11:38.765
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-08 18:11:38.625
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-08 09:12:20.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Steamer\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-08-08 09:12:20.228
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Steamer\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 8189.35 MB
Available physical RAM: 6079.03 MB
Total Pagefile: 16376.88 MB
Available Pagefile: 14105.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.5 GB) (Free:727.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Thrid Drive) (Fixed) (Total:232.82 GB) (Free:110.15 GB) NTFS
Drive e: (Second Drive) (Fixed) (Total:298.09 GB) (Free:15.93 GB) NTFS
Drive f: (TW07) (CDROM) (Total:1.79 GB) (Free:0 GB) UDF
Drive i: (My Book) (Fixed) (Total:931.28 GB) (Free:853.35 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 97BE97BE)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 38263825)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 363B1FD7)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)
 
==================== End Of Log ==========================
 
Thank you for your help,
 
Stan

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,813 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 PM

Posted 16 October 2013 - 11:21 AM

Greetings Stan,

I would like you to take these steps please.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
InstallIQ Updater (x32 Version: 1.4.3.0)
Internet Download Manager (x32)
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Removing Chrome Extension/Plugin and Resetting Default Search Engine

--------------------
  • Lauch Chrome web browser
  • Type chrome:settings and press Enter
  • Delete the following:

plugin: Conduit Chrome Plugin
Extension: Internet Download Manager

  • Under the Search category click Manage search engines...
  • Place the cursor over SearchGol and click the X on the right side to delete the entry (you may be prohibited from deleting)
  • Place the cursor over a listed trustworthy search engine and click Make Default
  • Click OK
  • Restart Chrome and see if your selected default search engine is loaded
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Toolbar: HKCU -  No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Extension: IDM CC - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
2013-10-07 16:56 - 2013-10-07 16:56 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\0D0S1L2Z1P1B
Task: {109E9E50-ED04-41A6-BD8B-602F381D5020} - \DigitalSite No Task File
Task: {5A21F56F-1E24-4A15-9CD5-818B2FC47366} - System32\Tasks\0 => Iexplore.exe 
AlternateDataStreams: C:\ProgramData\TEMP:BED252A4
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall properly?
  • Were the changes made in Chrome?
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#11 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 18 October 2013 - 07:58 PM

Hi Gary:

 

Did the programs uninstall properly?
==================================
I uninstalled the programs except Internet Manager.  This program I've 
used for over two years.  The others listed uninstalled fine.
 
Were the changes made in Chrome?
=================================
I was unable to in the plugin section.  I change the other section as requeted.
 
How is your computer running?
=================================
The very slow boot time are gone.  I'm still seeing sometimes when the boot show the desktop and I'll see some DOS windows appears briefly.  I can't see if there is any script in the window.
 
Fixlog
==================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Steamer at 2013-10-18 19:34:57 Run:1
Running from C:\Users\Steamer\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Toolbar: HKCU -  No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Extension: IDM CC - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5
2013-10-07 16:56 - 2013-10-07 16:56 - 00000000 ____D C:\Users\Steamer\AppData\Roaming\0D0S1L2Z1P1B
Task: {109E9E50-ED04-41A6-BD8B-602F381D5020} - \DigitalSite No Task File
Task: {5A21F56F-1E24-4A15-9CD5-818B2FC47366} - System32\Tasks\0 => Iexplore.exe 
AlternateDataStreams: C:\ProgramData\TEMP:BED252A4
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6AA40521-14E7-4B1D-B1B4-98528C1388C9} => Value deleted successfully.
HKCR\CLSID\{6AA40521-14E7-4B1D-B1B4-98528C1388C9} => Key not found.
HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key deleted successfully.
HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5 => Moved successfully.
HKCU\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com => Value deleted successfully.
C:\Users\Steamer\AppData\Roaming\IDM\idmmzcc5 not found.
C:\Users\Steamer\AppData\Roaming\0D0S1L2Z1P1B => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{109E9E50-ED04-41A6-BD8B-602F381D5020} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A21F56F-1E24-4A15-9CD5-818B2FC47366} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A21F56F-1E24-4A15-9CD5-818B2FC47366} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
C:\ProgramData\TEMP => ":BED252A4" ADS removed successfully.
 
==== End of Fixlog ====
 
 
Thanks for taking the time to help,
 
Stan


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,813 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 PM

Posted 18 October 2013 - 09:38 PM

Hi Stan,

Please run these programs.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • MBAM results
  • ESET results
  • How is your computer running now? Any issues?
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • Malwarebytes log
  • ESET log
  • How is your computer running. Any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#13 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 19 October 2013 - 07:04 PM

Gary;

 

Here are the logs:

 

Checkup

==========================

Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 SlimCleaner     
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0) 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
mbam-log-2013-10-19 (07-06-47)
=================================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.19.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Steamer :: NEW_PC [administrator]
 
10/19/2013 7:06:47 AM
mbam-log-2013-10-19 (07-06-47).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 304008
Time elapsed: 3 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\Steamer\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
 
Files Detected: 6
C:\Users\Steamer\Downloads\ZipExtractorSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\Users\Steamer\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Steamer\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Steamer\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Steamer\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Users\Steamer\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
 
(end)
 
ESET log
======================

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0a90067d1343b248a16acf7a4b73022d
# engine=15548
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-19 10:21:49
# local_time=2013-10-19 05:21:49 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 133764759 0 0
# scanned=519278
# found=5
# cleaned=5
# scan_time=14880
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\0D0S1L2Z1P1B\Codec Package Packages\uninstaller.exe"
sh=206470653D9E008B3970788CF57ABBD5D98DFD21 ft=1 fh=c1a61d861cdec119 vn="a variant of Win32/InstallCore.CW application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steamer\Downloads\Programs\CodecPackage.exe"
sh=6F7DF78039827BBB1757C82FF4F3EFA96B9B280D ft=1 fh=c71c001139782125 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="I:\FOUND.000\FILE8009.CHK"
sh=53901C58A7C5D42EB0B774E52DAB47383D884D20 ft=1 fh=c71c00113fa8349b vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="I:\FOUND.000\FILE8016.CHK"
sh=C98F7B0E3A3EAA34D4E11AF1A380D212ED7A59AD ft=1 fh=c71c00117309d63c vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="I:\FOUND.000\FILE9808.CHK

 

 

My computer seems to back to were it was.  The boot time is good and the Dos windows are appearing anymore.

 

Thank you for your help,

 

Stan



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,813 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:14 PM

Posted 19 October 2013 - 07:10 PM

Greetings Stan,
 

The boot time is good and the Dos windows are appearing anymore.

Did you mean they are not appearing?

We need to update Adobe Reader. Please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.

Adobe Reader Update
  • Please download Adobe Reader
  • After installing the latest Adobe Reader, uninstall all previous versions through Add/Remove Programs.
  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Adobe install properly?
  • Last check, any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"The virgin will be with child and will give birth to a son, and they will call him Immanuel" - which means "God with us."

#15 sms1295

sms1295
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 19 October 2013 - 07:33 PM

Gary,

 

Sorry for the typo.  I'm not seeing the Dos windows anymore.  No issue with the Adobe install.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users