BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Installed a world of garbage - please help me remove it
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Installed a world of garbage - please help me remove it  
Forum Quick Jump
 
New Topic Post reply to : Installed a world of garbage - please help me remove it Printable version of : Installed a world of garbage - please help me remove it
[ << Previous Thread | Next Thread >> ]

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/12/2013 11:49 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
I usually know better than this, but I have installed a world of garbage - dragged in by the false promises of a "too good to be true" piece of software. Stone me if you will, i deserve it :(

Anyway, I have a world of garbage on my system including Delta Toolbar and much much more.

I have run a virus scan, came up clean. Run MBAM, it removed one thing on a full scan (i forgot to save this log though). Ran DDS and HJT. Logs are attached.

I am suffering from choppy slow performance, slow boot time, and general sluggishness. Please help me clean the system. Please. :(

File Attachment :
logs.zip   14KB (application/x-zip-compressed)
This file has been downloaded 64 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 7/13/2013 2:15 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Hi GazNicki                 smile
 
 
 
 
  • Double click on AdwCleaner.exe to run the tool. 
    ***Note: Windows Vista and Windows 7 users: 
    Right click in the adwCleaner.exe and select – Run as admin 
  • Click Delete. 
  • Everything that was found will be deleted. 
  • Save any open files and approve the reboot. A text file will open after the restart. 
Post it in next reply.
 
 
 
Next -
Junkware Removal Tool by thisisu
 
 
 
Disable your Antivirus program if required
For vista and windows 7 right click on the tool and select run as administrator.

After the scan is completed, post the generated log here.
 
 
Download "Farbar Recovery Scan Tool" and save it to your desktop.
download link is located here:
 
For x64 bit systems download  Farbar Recovery Scan Tool x64 and save it to your desktop.
 download link is located here:
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button. 


  • It will make a log (FRST.txt) on the Desktop.
  • Please copy and paste it to your reply.
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Post Edited (Touch) : 7/12/2013 11:18:22 PM GMT

Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/17/2013 3:39 PM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Sorry for the delay in getting back to you Touch. Many thanks for your help so far.

Here is the text file that was generated. 7Zip isn't working ATM so I have placed this into a CODE tag:

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 13:18:25
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Gaz - TECHNICAL
# Boot Mode : Normal
# Running from : C:\Users\Gaz\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserDefendert

***** [Files / Folders] *****

File Deleted : C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Gaz\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Gaz\AppData\Local\Wondershare
Folder Deleted : C:\Users\Gaz\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Gaz\AppData\Roaming\Wondershare
Folder Deleted : C:\Users\Gaz\Documents\Wondershare
Folder Deleted : C:\Users\Management Team\AppData\Local\Wondershare
Folder Deleted : C:\Users\Management Team\AppData\Roaming\Wondershare

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = browse~1\261339~1.144\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\5b6ded9b43cec41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5b6ded9b43cec41
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Gaz\AppData\Roaming\Mozilla\Firefox\Profiles\bfllieko.default-1373622507671\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12169 octets] - [17/07/2013 13:17:42]
AdwCleaner[S1].txt - [12331 octets] - [17/07/2013 13:18:25]

########## EOF - C:\AdwCleaner[S1].txt - [12392 octets] ##########
Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/17/2013 4:07 PM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
JRT.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.2 (07.16.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gaz on 17/07/2013 at 13:41:28.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Gaz\AppData\Roaming\mozilla\firefox\profiles\bfllieko.default-1373622507671\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/07/2013 at 13:46:10.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/17/2013 4:11 PM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Gaz (administrator) on 17-07-2013 14:08:36
Running from C:\Users\Gaz\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Soluto) c:\program files\soluto\soluto.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\Gaz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKCU\...\Run: [EPSON SX218 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_SB403.tmp" /EF "HKCU" [x]
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
AppInit_DLLs-x32:   [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (No File)
Startup: C:\Users\Gaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gaz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5742&r=27360912l405l04c4z165v57421415
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.50.3

FireFox:
========
FF ProfilePath: C:\Users\Gaz\AppData\Roaming\Mozilla\Firefox\Profiles\bfllieko.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Gaz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

Chrome: 
=======
CHR RestoreOnStartup:     "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Extension: (Angry Birds) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Google Drive) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Firebug Lite for Google Chrome\u2122) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0
CHR Extension: (Proxy Switchy!) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0
CHR Extension: (Google Search) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Wunderlist - To-do & Task List) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc\2.1.1_0
CHR Extension: (AdBlock) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (Google Maps) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Facebook Lite for Chrome) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\npmllfhdnjcijofddghkhhknagamimip\2.1.5.27030_0
CHR Extension: (Candy Crush Saga) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\omhoajpfbjbepbneobohpolhkbimlnjj\1.0_0
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.6_0
CHR Extension: (Weather Underground) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0
CHR Extension: (Gmail) - C:\Users\Gaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [183280 2013-01-10] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1239552 2013-01-10] (Soluto)
R3 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
R3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S3 WACService; "C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2012-11-26] (Google Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-11-23] ()
U3 awmbf7d4; C:\Windows\System32\Drivers\awmbf7d4.sys [0 ] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 14:08 - 2013-07-17 14:08 - 01778209 _____ (Farbar) C:\Users\Gaz\Downloads\FRST64.exe
2013-07-17 14:08 - 2013-07-17 14:08 - 00000000 ____D C:\FRST
2013-07-17 13:46 - 2013-07-17 13:46 - 00000970 _____ C:\Users\Gaz\Desktop\JRT.txt
2013-07-17 13:41 - 2013-07-17 13:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-17 13:40 - 2013-07-17 13:40 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\Gaz\Downloads\JRT(1).exe
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Program Files\7-Zip
2013-07-17 13:33 - 2013-07-17 13:33 - 01376768 _____ C:\Users\Gaz\Downloads\7z920-x64.msi
2013-07-17 13:18 - 2013-07-17 13:18 - 00012374 _____ C:\AdwCleaner[S1].txt
2013-07-17 13:17 - 2013-07-17 13:17 - 00662345 _____ C:\Users\Gaz\Downloads\adwcleaner.exe
2013-07-17 13:17 - 2013-07-17 13:17 - 00012169 _____ C:\AdwCleaner[R1].txt
2013-07-17 09:48 - 2013-07-17 09:48 - 00000000 ____D C:\Program Files\iTunes
2013-07-17 09:48 - 2013-07-17 09:48 - 00000000 ____D C:\Program Files\iPod
2013-07-17 09:48 - 2013-07-17 09:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-17 09:46 - 2013-07-17 09:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 09:41 - 2013-07-17 09:41 - 00001849 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-16 12:38 - 2013-07-16 12:38 - 00008173 _____ C:\ProgramData\scantool.tr
2013-07-16 12:27 - 2013-07-16 12:27 - 01055256 _____ C:\Users\Gaz\scanxlprog.cfg
2013-07-15 09:24 - 2013-07-15 09:25 - 01067456 _____ (Solid State Networks) C:\Users\Gaz\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-13 09:29 - 2013-07-13 09:29 - 00000000 ____D C:\Users\Guest\AppData\LocalGoogle
2013-07-13 09:24 - 2013-07-13 09:24 - 00000000 ____D C:\Users\Management Team\AppData\LocalGoogle
2013-07-13 09:20 - 2013-07-13 09:21 - 04985584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 09:19 - 2013-07-13 09:19 - 00001224 _____ C:\Windows\PFRO.log
2013-07-12 14:18 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 14:18 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 14:18 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 14:18 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 14:18 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 14:18 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 14:18 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 14:18 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 14:18 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 14:18 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 14:18 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 14:18 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 14:18 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 14:18 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 14:18 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 14:18 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 14:18 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 14:18 - 2013-06-12 00:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 14:18 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 14:18 - 2013-06-11 23:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 14:18 - 2013-06-07 04:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 14:18 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 12:25 - 2013-07-12 12:30 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-12 12:25 - 2013-07-12 12:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-12 12:24 - 2013-07-12 12:24 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-12 12:24 - 2013-07-12 12:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-12 12:24 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-12 12:22 - 2013-07-12 12:22 - 00112322 _____ C:\Users\Gaz\Desktop\OTL.Txt
2013-07-12 12:13 - 2013-07-12 12:14 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\Gaz\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-12 12:07 - 2013-07-12 12:07 - 00072574 _____ C:\Users\Gaz\Downloads\Extras.Txt
2013-07-12 12:06 - 2013-07-12 12:06 - 00112322 _____ C:\Users\Gaz\Downloads\OTL.Txt
2013-07-12 12:04 - 2013-07-12 12:05 - 05087831 _____ (Swearware) C:\Users\Gaz\Downloads\ComboFix.exe
2013-07-12 10:48 - 2013-07-12 10:48 - 00000000 ____D C:\Users\Gaz\Desktop\Old Firefox Data
2013-07-12 10:41 - 2013-07-12 10:41 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\Gaz\Downloads\JRT.exe
2013-07-12 10:32 - 2013-07-12 10:32 - 00602112 _____ (OldTimer Tools) C:\Users\Gaz\Downloads\OTL.exe
2013-07-12 10:29 - 2013-07-12 10:29 - 00000011 ____R C:\Windows\amunres.lsl
2013-07-12 09:49 - 2013-07-12 09:49 - 00013938 _____ C:\Users\Gaz\Desktop\logs.zip
2013-07-12 09:43 - 2013-07-12 09:43 - 00012892 _____ C:\Users\Gaz\Downloads\hijackthis.log
2013-07-12 09:43 - 2013-07-12 09:43 - 00012892 _____ C:\Users\Gaz\Desktop\hijackthis.log
2013-07-12 09:43 - 2013-07-12 09:43 - 00003118 _____ C:\Windows\System32\Tasks\{F2EC8332-980D-4ED7-BEE0-3E196FFE6976}
2013-07-12 09:41 - 2013-07-12 09:41 - 00023408 _____ C:\Users\Gaz\Desktop\dds.txt
2013-07-12 09:41 - 2013-07-12 09:41 - 00010323 _____ C:\Users\Gaz\Desktop\attach.txt
2013-07-12 09:11 - 2013-07-12 09:11 - 00000000 ____D C:\Users\Gaz\Downloads\Facebook_Credits_Generator_V1.4.6
2013-07-12 09:10 - 2013-07-12 09:11 - 00478180 _____ C:\Users\Gaz\Downloads\Facebook_Credits_Generator_V1.4.6.rar
2013-07-12 08:07 - 2013-07-12 08:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gaz\Downloads\HijackThis.exe
2013-07-12 08:07 - 2013-07-12 08:07 - 00111320 _____ C:\Users\Gaz\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-12 08:06 - 2013-07-12 08:06 - 00688992 ____R (Swearware) C:\Users\Gaz\Desktop\dds.scr
2013-07-12 08:00 - 2013-07-17 13:20 - 00000280 _____ C:\Windows\setupact.log
2013-07-12 08:00 - 2013-07-12 08:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-12 07:51 - 2013-07-12 07:51 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-12 07:51 - 2013-07-12 07:51 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\Malwarebytes
2013-07-12 07:51 - 2013-07-12 07:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 07:51 - 2013-07-12 07:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-12 07:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-12 07:50 - 2013-07-12 07:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gaz\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-12 07:39 - 2013-07-12 07:39 - 00000000 _____ C:\autoexec.bat
2013-07-12 07:38 - 2013-07-12 07:38 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-12 07:37 - 2013-07-12 11:06 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-12 07:36 - 2013-07-12 07:36 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Gaz\Downloads\SpyHunter-Installer.exe
2013-07-11 09:02 - 2013-07-11 09:56 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-11 09:01 - 2013-07-11 09:01 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Gaz\Desktop\FLVMPlayer.exe
2013-07-11 09:01 - 2013-07-11 09:01 - 00003430 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 09:00 - 2013-07-11 09:00 - 00283272 _____ C:\Users\Gaz\Downloads\Setup(1).exe
2013-07-11 08:57 - 2013-07-11 08:57 - 00167536 _____ () C:\Users\Gaz\Downloads\OnlineWeatherSetup-1HThAqP.exe
2013-07-11 08:54 - 2013-07-11 08:54 - 00138026 _____ C:\Users\Gaz\Downloads\Top Eleven Be A Football Manager Hack And Cheat Tool(1).zip
2013-07-11 07:30 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 07:30 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 07:30 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 07:30 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 07:29 - 2013-07-11 07:29 - 03253738 _____ C:\Users\Gaz\Downloads\Nokia_Lumia_900_RM-808_RM-823_L1L2_Service_Manual_v2.0.rar
2013-07-11 07:24 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 07:23 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 07:23 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 13:27 - 2013-07-09 07:11 - 00000000 ____D C:\Users\Gaz\AppData\Local\LogMeIn Rescue Applet
2013-07-05 13:27 - 2013-07-05 13:27 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Gaz\Downloads\Support-LogMeInRescue.exe
2013-07-05 13:02 - 2013-07-08 11:33 - 00072984 _____ C:\Users\Gaz\Documents\Performance Review Meeting (Autosaved).xlsx
2013-07-03 11:29 - 2013-07-03 11:29 - 01037120 _____ (Solid State Networks) C:\Users\Gaz\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-03 09:59 - 2013-07-03 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-01 14:54 - 2013-07-01 14:54 - 00636984 _____ C:\Users\Gaz\Downloads\Top Eleven Free Tokens Generator v2.4.1.rar
2013-07-01 14:54 - 2013-07-01 14:54 - 00000000 ____D C:\Users\Gaz\Downloads\Top Eleven Free Tokens Generator v2.4.1
2013-07-01 14:47 - 2013-07-01 14:47 - 01879632 _____ (InstallX, LLC) C:\Users\Gaz\Downloads\vioplayer2_d5498902.exe
2013-07-01 14:29 - 2013-07-01 14:29 - 00000000 ____D C:\Users\Gaz\Downloads\Top Eleven Be A Football Manager Hack And Cheat Tool
2013-07-01 14:20 - 2013-07-01 14:20 - 00495112 _____ C:\Users\Gaz\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe
2013-07-01 09:27 - 2013-07-01 09:27 - 00000000 ____D C:\Users\Gaz\Downloads\john179j5w
2013-07-01 09:22 - 2013-07-01 09:23 - 03936725 _____ C:\Users\Gaz\Downloads\john179j5w.zip
2013-07-01 09:20 - 2013-07-01 09:23 - 13338017 _____ (RAR Password Unlocker, Inc.                                 ) C:\Users\Gaz\Downloads\rar_password_unlocker_trial.exe
2013-07-01 09:15 - 2013-07-01 09:15 - 00341970 _____ (dnSoft Research Group) C:\Users\Gaz\Downloads\rpc412_setup.exe
2013-07-01 09:11 - 2013-07-01 09:13 - 06072255 _____ C:\Users\Gaz\Downloads\Top Eleven Hack 2013 MDS.rar
2013-07-01 08:40 - 2013-07-01 08:40 - 03263292 _____ C:\Users\Gaz\Downloads\Top Eleven Hack 2013.rar
2013-07-01 07:36 - 2013-07-01 07:36 - 01110476 _____ C:\Users\Gaz\Downloads\7z920.exe
2013-07-01 07:35 - 2013-07-01 07:35 - 00202582 _____ C:\Users\Gaz\Downloads\Hack Token TopElven V.3 By IT-Dark.net New 2012.rar
2013-07-01 07:33 - 2013-07-01 07:33 - 00138026 _____ C:\Users\Gaz\Downloads\Top Eleven Be A Football Manager Hack And Cheat Tool.zip
2013-06-26 11:30 - 2013-07-16 08:21 - 00072165 _____ C:\Users\Gaz\Documents\Performance Review Meeting.xlsx
2013-06-26 11:30 - 2013-07-08 13:30 - 00072767 _____ C:\Users\Gaz\Documents\Performance Review Meeting 1.xlsx
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-21 12:50 - 2013-07-17 13:22 - 00000000 ___SD C:\Users\Gaz\Google Drive
2013-06-21 12:50 - 2013-06-21 12:50 - 00001704 _____ C:\Users\Gaz\Desktop\Google Drive.lnk
2013-06-21 12:48 - 2013-06-21 12:48 - 00000000 ____D C:\Users\Gaz\AppData\LocalGoogle
2013-06-21 12:46 - 2013-06-21 12:46 - 00781760 _____ (Google Inc.) C:\Users\Gaz\Downloads\googledrivesync.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 09:41 - 2013-06-21 09:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-17 15:13 - 2013-06-17 15:13 - 12090368 _____ C:\Users\Gaz\Downloads\Unofficial GiffGaff Helper.exe

==================== One Month Modified Files and Folders =======

2013-07-17 14:08 - 2013-07-17 14:08 - 01778209 _____ (Farbar) C:\Users\Gaz\Downloads\FRST64.exe
2013-07-17 14:08 - 2013-07-17 14:08 - 00000000 ____D C:\FRST
2013-07-17 13:46 - 2013-07-17 13:46 - 00000970 _____ C:\Users\Gaz\Desktop\JRT.txt
2013-07-17 13:41 - 2013-07-17 13:41 - 00000000 ____D C:\Windows\ERUNT
2013-07-17 13:40 - 2013-07-17 13:40 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\Gaz\Downloads\JRT(1).exe
2013-07-17 13:37 - 2013-07-17 13:37 - 00000000 ____D C:\Program Files\7-Zip
2013-07-17 13:33 - 2013-07-17 13:33 - 01376768 _____ C:\Users\Gaz\Downloads\7z920-x64.msi
2013-07-17 13:29 - 2012-09-27 11:04 - 00000000 ___RD C:\Users\Gaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-17 13:28 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 13:28 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 13:23 - 2012-11-20 14:59 - 00000000 ___RD C:\Users\Gaz\Dropbox
2013-07-17 13:23 - 2012-11-20 14:53 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\Dropbox
2013-07-17 13:22 - 2013-06-21 12:50 - 00000000 ___SD C:\Users\Gaz\Google Drive
2013-07-17 13:20 - 2013-07-12 08:00 - 00000280 _____ C:\Windows\setupact.log
2013-07-17 13:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 13:19 - 2012-09-27 10:13 - 01628719 _____ C:\Windows\WindowsUpdate.log
2013-07-17 13:18 - 2013-07-17 13:18 - 00012374 _____ C:\AdwCleaner[S1].txt
2013-07-17 13:17 - 2013-07-17 13:17 - 00662345 _____ C:\Users\Gaz\Downloads\adwcleaner.exe
2013-07-17 13:17 - 2013-07-17 13:17 - 00012169 _____ C:\AdwCleaner[R1].txt
2013-07-17 12:58 - 2012-10-04 09:18 - 00000000 ____D C:\Users\Gaz\Documents\Outlook Files
2013-07-17 09:48 - 2013-07-17 09:48 - 00000000 ____D C:\Program Files\iTunes
2013-07-17 09:48 - 2013-07-17 09:48 - 00000000 ____D C:\Program Files\iPod
2013-07-17 09:48 - 2013-07-17 09:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-17 09:48 - 2013-07-17 09:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 09:41 - 2013-07-17 09:41 - 00001849 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-07-17 09:41 - 2012-12-03 10:58 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-07-16 13:51 - 2012-11-22 09:01 - 00035840 _____ C:\ProgramData\ppe_fleetdb.vdb
2013-07-16 13:51 - 2012-11-22 09:01 - 00003086 _____ C:\Users\Gaz\scanxlpro.cfg
2013-07-16 12:38 - 2013-07-16 12:38 - 00008173 _____ C:\ProgramData\scantool.tr
2013-07-16 12:27 - 2013-07-16 12:27 - 01055256 _____ C:\Users\Gaz\scanxlprog.cfg
2013-07-16 12:27 - 2012-09-27 11:01 - 00000000 ____D C:\Users\Gaz
2013-07-16 09:11 - 2012-12-12 12:42 - 00000000 ____D C:\Users\Gaz\Documents\Steve
2013-07-16 08:21 - 2013-06-26 11:30 - 00072165 _____ C:\Users\Gaz\Documents\Performance Review Meeting.xlsx
2013-07-15 09:25 - 2013-07-15 09:24 - 01067456 _____ (Solid State Networks) C:\Users\Gaz\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-07-13 09:29 - 2013-07-13 09:29 - 00000000 ____D C:\Users\Guest\AppData\LocalGoogle
2013-07-13 09:29 - 2013-01-21 10:33 - 00111320 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-13 09:24 - 2013-07-13 09:24 - 00000000 ____D C:\Users\Management Team\AppData\LocalGoogle
2013-07-13 09:24 - 2013-02-27 09:16 - 00111320 _____ C:\Users\Management Team\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-13 09:21 - 2013-07-13 09:20 - 04985584 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 09:21 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-07-13 09:19 - 2013-07-13 09:19 - 00001224 _____ C:\Windows\PFRO.log
2013-07-13 09:19 - 2013-03-19 07:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 09:19 - 2013-03-19 07:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 09:19 - 2009-07-14 08:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 09:19 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 09:19 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 14:26 - 2009-07-14 06:13 - 00732510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 14:20 - 2012-10-01 09:29 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 12:30 - 2013-07-12 12:25 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-12 12:25 - 2013-07-12 12:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-12 12:24 - 2013-07-12 12:24 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-12 12:24 - 2013-07-12 12:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-07-12 12:22 - 2013-07-12 12:22 - 00112322 _____ C:\Users\Gaz\Desktop\OTL.Txt
2013-07-12 12:14 - 2013-07-12 12:13 - 36364784 _____ (Safer-Networking Ltd.                                       ) C:\Users\Gaz\Downloads\spybotsd-2.1.20-SR1.exe
2013-07-12 12:07 - 2013-07-12 12:07 - 00072574 _____ C:\Users\Gaz\Downloads\Extras.Txt
2013-07-12 12:06 - 2013-07-12 12:06 - 00112322 _____ C:\Users\Gaz\Downloads\OTL.Txt
2013-07-12 12:05 - 2013-07-12 12:04 - 05087831 _____ (Swearware) C:\Users\Gaz\Downloads\ComboFix.exe
2013-07-12 11:06 - 2013-07-12 07:37 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-12 10:48 - 2013-07-12 10:48 - 00000000 ____D C:\Users\Gaz\Desktop\Old Firefox Data
2013-07-12 10:41 - 2013-07-12 10:41 - 00559306 _____ (Oleg N. Scherbakov) C:\Users\Gaz\Downloads\JRT.exe
2013-07-12 10:34 - 2013-03-07 16:03 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\Samsung
2013-07-12 10:34 - 2013-03-07 15:57 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-12 10:33 - 2013-03-07 15:57 - 00000000 ____D C:\ProgramData\Samsung
2013-07-12 10:33 - 2010-07-13 12:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-12 10:32 - 2013-07-12 10:32 - 00602112 _____ (OldTimer Tools) C:\Users\Gaz\Downloads\OTL.exe
2013-07-12 10:29 - 2013-07-12 10:29 - 00000011 ____R C:\Windows\amunres.lsl
2013-07-12 10:29 - 2013-04-11 13:01 - 00000000 ____D C:\Program Files (x86)\nutricalc
2013-07-12 10:28 - 2012-10-02 13:42 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\BitTorrent
2013-07-12 09:49 - 2013-07-12 09:49 - 00013938 _____ C:\Users\Gaz\Desktop\logs.zip
2013-07-12 09:43 - 2013-07-12 09:43 - 00012892 _____ C:\Users\Gaz\Downloads\hijackthis.log
2013-07-12 09:43 - 2013-07-12 09:43 - 00012892 _____ C:\Users\Gaz\Desktop\hijackthis.log
2013-07-12 09:43 - 2013-07-12 09:43 - 00003118 _____ C:\Windows\System32\Tasks\{F2EC8332-980D-4ED7-BEE0-3E196FFE6976}
2013-07-12 09:42 - 2012-09-27 11:03 - 00000000 ____D C:\Users\Gaz\AppData\Local\VirtualStore
2013-07-12 09:41 - 2013-07-12 09:41 - 00023408 _____ C:\Users\Gaz\Desktop\dds.txt
2013-07-12 09:41 - 2013-07-12 09:41 - 00010323 _____ C:\Users\Gaz\Desktop\attach.txt
2013-07-12 09:11 - 2013-07-12 09:11 - 00000000 ____D C:\Users\Gaz\Downloads\Facebook_Credits_Generator_V1.4.6
2013-07-12 09:11 - 2013-07-12 09:10 - 00478180 _____ C:\Users\Gaz\Downloads\Facebook_Credits_Generator_V1.4.6.rar
2013-07-12 08:07 - 2013-07-12 08:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gaz\Downloads\HijackThis.exe
2013-07-12 08:07 - 2013-07-12 08:07 - 00111320 _____ C:\Users\Gaz\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-12 08:06 - 2013-07-12 08:06 - 00688992 ____R (Swearware) C:\Users\Gaz\Desktop\dds.scr
2013-07-12 08:00 - 2013-07-12 08:00 - 00000000 _____ C:\Windows\setuperr.log
2013-07-12 07:51 - 2013-07-12 07:51 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-12 07:51 - 2013-07-12 07:51 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\Malwarebytes
2013-07-12 07:51 - 2013-07-12 07:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-12 07:51 - 2013-07-12 07:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-12 07:50 - 2013-07-12 07:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Gaz\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-12 07:39 - 2013-07-12 07:39 - 00000000 _____ C:\autoexec.bat
2013-07-12 07:38 - 2013-07-12 07:38 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-12 07:36 - 2013-07-12 07:36 - 00726464 _____ (Enigma Software Group USA, LLC.) C:\Users\Gaz\Downloads\SpyHunter-Installer.exe
2013-07-11 09:56 - 2013-07-11 09:02 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-11 09:04 - 2010-07-13 13:01 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-11 09:01 - 2013-07-11 09:01 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Gaz\Desktop\FLVMPlayer.exe
2013-07-11 09:01 - 2013-07-11 09:01 - 00003430 _____ C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 09:00 - 2013-07-11 09:00 - 00283272 _____ C:\Users\Gaz\Downloads\Setup(1).exe
2013-07-11 08:57 - 2013-07-11 08:57 - 00167536 _____ () C:\Users\Gaz\Downloads\OnlineWeatherSetup-1HThAqP.exe
2013-07-11 08:54 - 2013-07-11 08:54 - 00138026 _____ C:\Users\Gaz\Downloads\Top Eleven Be A Football Manager Hack And Cheat Tool(1).zip
2013-07-11 07:29 - 2013-07-11 07:29 - 03253738 _____ C:\Users\Gaz\Downloads\Nokia_Lumia_900_RM-808_RM-823_L1L2_Service_Manual_v2.0.rar
2013-07-09 07:11 - 2013-07-05 13:27 - 00000000 ____D C:\Users\Gaz\AppData\Local\LogMeIn Rescue Applet
2013-07-08 13:30 - 2013-06-26 11:30 - 00072767 _____ C:\Users\Gaz\Documents\Performance Review Meeting 1.xlsx
2013-07-08 11:33 - 2013-07-05 13:02 - 00072984 _____ C:\Users\Gaz\Documents\Performance Review Meeting (Autosaved).xlsx
2013-07-05 14:27 - 2012-11-14 15:45 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\Mp3tag
2013-07-05 13:27 - 2013-07-05 13:27 - 01295200 _____ (LogMeIn, Inc.) C:\Users\Gaz\Downloads\Support-LogMeInRescue.exe
2013-07-05 13:04 - 2013-06-05 12:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 11:29 - 2013-07-03 11:29 - 01037120 _____ (Solid State Networks) C:\Users\Gaz\Downloads\install_reader11_en_mssd_aaa_aih.exe
2013-07-03 11:09 - 2013-03-06 10:38 - 00000000 ____D C:\Users\Gaz\Documents\Gaz
2013-07-03 10:00 - 2013-07-03 09:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-01 14:54 - 2013-07-01 14:54 - 00636984 _____ C:\Users\Gaz\Downloads\Top Eleven Free Tokens Generator v2.4.1.rar
2013-07-01 14:54 - 2013-07-01 14:54 - 00000000 ____D C:\Users\Gaz\Downloads\Top Eleven Free Tokens Generator v2.4.1
2013-07-01 14:47 - 2013-07-01 14:47 - 01879632 _____ (InstallX, LLC) C:\Users\Gaz\Downloads\vioplayer2_d5498902.exe
2013-07-01 14:29 - 2013-07-01 14:29 - 00000000 ____D C:\Users\Gaz\Downloads\Top Eleven Be A Football Manager Hack And Cheat Tool
2013-07-01 14:20 - 2013-07-01 14:20 - 00495112 _____ C:\Users\Gaz\Downloads\TinyMediaPlayer_RocketFuelInstaller.exe
2013-07-01 09:27 - 2013-07-01 09:27 - 00000000 ____D C:\Users\Gaz\Downloads\john179j5w
2013-07-01 09:23 - 2013-07-01 09:22 - 03936725 _____ C:\Users\Gaz\Downloads\john179j5w.zip
2013-07-01 09:23 - 2013-07-01 09:20 - 13338017 _____ (RAR Password Unlocker, Inc.                                 ) C:\Users\Gaz\Downloads\rar_password_unlocker_trial.exe
2013-07-01 09:15 - 2013-07-01 09:15 - 00341970 _____ (dnSoft Research Group) C:\Users\Gaz\Downloads\rpc412_setup.exe
2013-07-01 09:13 - 2013-07-01 09:11 - 06072255 _____ C:\Users\Gaz\Downloads\Top Eleven Hack 2013 MDS.rar
2013-07-01 08:40 - 2013-07-01 08:40 - 03263292 _____ C:\Users\Gaz\Downloads\Top Eleven Hack 2013.rar
2013-07-01 07:36 - 2013-07-01 07:36 - 01110476 _____ C:\Users\Gaz\Downloads\7z920.exe
2013-07-01 07:35 - 2013-07-01 07:35 - 00202582 _____ C:\Users\Gaz\Downloads\Hack Token TopElven V.3 By IT-Dark.net New 2012.rar
2013-07-01 07:33 - 2013-07-01 07:33 - 00138026 _____ C:\Users\Gaz\Downloads\Top Eleven Be A Football Manager Hack And Cheat Tool.zip
2013-06-25 08:08 - 2013-06-25 08:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 07:27 - 2012-11-30 08:38 - 00000845 _____ C:\Windows\wininit.ini
2013-06-25 07:27 - 2012-11-20 14:55 - 00000000 ____D C:\Users\Gaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-25 07:15 - 2012-09-27 11:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 07:15 - 2012-09-27 11:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-21 12:50 - 2013-06-21 12:50 - 00001704 _____ C:\Users\Gaz\Desktop\Google Drive.lnk
2013-06-21 12:48 - 2013-06-21 12:48 - 00000000 ____D C:\Users\Gaz\AppData\LocalGoogle
2013-06-21 12:48 - 2012-09-27 11:21 - 00000000 ____D C:\Users\Gaz\AppData\Local\Google
2013-06-21 12:48 - 2010-07-13 12:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-21 12:47 - 2012-09-27 11:27 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-06-21 12:47 - 2012-09-27 11:27 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-06-21 12:46 - 2013-06-21 12:46 - 00781760 _____ (Google Inc.) C:\Users\Gaz\Downloads\googledrivesync.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-21 09:41 - 2013-06-21 09:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-21 09:41 - 2013-06-21 09:41 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-21 09:41 - 2012-12-06 11:33 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-21 09:41 - 2012-12-06 11:33 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-21 07:45 - 2010-07-13 12:53 - 00000000 ____D C:\ProgramData\McAfee
2013-06-18 08:15 - 2012-10-01 08:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 15:13 - 2013-06-17 15:13 - 12090368 _____ C:\Users\Gaz\Downloads\Unofficial GiffGaff Helper.exe
2013-06-17 13:35 - 2013-06-11 09:34 - 00032635 _____ C:\Users\Gaz\Documents\Long Life Mould Tracker.xlsx
2013-06-17 11:02 - 2012-10-01 08:36 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 11:02 - 2012-10-01 08:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-17 11:02 - 2012-10-01 08:36 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 12:15

==================== End Of Log ============================
Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/17/2013 4:11 PM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Gaz at 2013-07-17 14:10:21
Running from C:\Users\Gaz\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 CODEC Version 1.0
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.2)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (x32 Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avery Wizard 4.0 (x32 Version: 4.0.201)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 14.0.2.3)
CCleaner (Version: 3.26)
Cheat Engine 6.2 (x32)
CLARiSOFT (x32 Version: 4.4.0.4)
CopyTrans Suite Remove Only (HKCU Version: 2.37)
CR2 Codec by Ardfry Imaging, LLC (32 bit) (x32 Version: 1.0.0.0)
CR2 Codec by Ardfry Imaging, LLC (64 bit) (Version: 1.0.0.0)
Cute Flowchart (x32 Version: 1.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.0.22)
EPSON Scan (x32)
EPSON SX218 Series Printer Uninstall
FileZilla Client 3.6.0.2 (x32 Version: 3.6.0.2)
Google Chrome (x32 Version: 27.0.1453.116)
Google Drive (x32 Version: 1.10.4769.632)
Google Update Helper (x32 Version: 1.3.21.145)
iCloud (Version: 2.1.2.8)
Identity Card (x32 Version: 1.00.3003)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2125)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.2.1001)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Launch Manager (x32 Version: 4.0.12)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Standard 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (Version: 2.0.1578.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.53 (x32 Version: v2.53)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 14.0.1468.721)
MyFreeCodec (HKCU)
MyWinLocker (x32 Version: 3.1.212.0)
MyWinLocker Suite (x32 Version: 3.1.212.0)
Notepad++ (x32 Version: 6.1.8)
PDF Settings CS5 (x32 Version: 10.0)
ProScan 5.7 (x32)
PSD Codec by Ardfry Imaging, LLC (32 bit) (x32 Version: 1.0.0.0)
PSD Codec by Ardfry Imaging, LLC (64 bit) (Version: 1.0.0.0)
PSD CODEC Version 1.0
QuickTime (x32 Version: 7.74.80.86)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6141)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30122)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
ScanXL Professional (x32 Version: 3.5.0)
Shredder (Version: 2.0.8.3)
Shredder (x32 Version: 2.0.8.3)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (x32)
Soluto (Version: 1.3.1133.0)
Speccy (Version: 1.20)
Spybot - Search & Destroy (x32 Version: 2.1.20)
SureTrend - Data Analysis Software (x32)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
SyncToy 2.1 (x64) (Version: 2.1.0)
TeamViewer 8 (x32 Version: 8.0.18051)
ThermaData Logger (x32 Version: 3.4.10)
ThermaData Logger Cradle (Driver Removal) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
WD Drive Utilities (x32 Version: 1.0.3.3)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.24.0)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Wondershare Application Center 1.0.0.58 (x32 Version: 1.0.0.58)
Wondershare MobileGo for Android ( Version 3.0.2 ) (x32 Version: 3.0.2)

==================== Restore Points  =========================

11-07-2013 08:03:39 Removed Adobe Reader XI (11.0.03).
11-07-2013 13:15:23 Windows Update
12-07-2013 06:37:52 Installed SpyHunter
12-07-2013 09:32:29 Removed Samsung Kies
12-07-2013 10:02:53 Removed SpyHunter
12-07-2013 13:08:50 Windows Update
16-07-2013 08:44:21 Windows Update
17-07-2013 12:36:37 Removed 7-Zip 9.20 (x64 edition)
17-07-2013 12:37:26 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

2012-12-06 15:54 - 2013-04-02 12:51 - 00002241 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com 
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: {03A8BB9D-B3E6-4872-B79B-923B87F01B75} - System32\Tasks\AdobeAAMUpdater-1.0-Technical-Gaz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {14DB5F63-CB7D-451C-A1C9-CBDF68F7FA4C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {159786B1-45B5-4522-B0DB-6FDD14B0F471} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27] (Google Inc.)
Task: {48FFD983-2CE3-49CD-9391-AD1F20111AB7} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {4973317D-53B1-4FBE-8310-A5542917668A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {4D199907-BCFA-479B-BB9F-C25B85014515} - System32\Tasks\Laptop Backup to Server => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {76F3DA38-2543-4107-BF3C-9D0217CB3F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27] (Google Inc.)
Task: {77293258-911E-4993-BF53-B6032D604A8E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1601622141-15418948-692270088-1000
Task: {9AC0A2F4-A871-4302-8280-0EF062BE37FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {A6BAEB85-918B-4A7B-A895-CC3B77883A93} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17] (Adobe Systems Incorporated)
Task: {A9C671F4-E298-435B-9DDE-69E3A77547CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {BCEC45EE-4AF1-4FC2-9673-9FA55D17F7E6} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {D76441D5-8614-47F1-A6DE-75113162D6DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E108DAEC-FFDD-4F4F-86F3-319C08BC3790} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {E76310D1-D1A9-43E8-AD7A-427FD13A8CBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File
Task: {F75A15EC-4308-470B-BC62-F7798BCF37EA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/17/2013 02:06:56 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/17/2013 02:06:32 PM) (Source: DCOM) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3766.71 MB
Available physical RAM: 1840.54 MB
Total Pagefile: 7531.61 MB
Available Pagefile: 5188.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:174.79 GB) (Free:67.52 GB) NTFS (Disk=0 Partition=3)
Drive d: (Backup) (Fixed) (Total:45 GB) (Free:14.12 GB) NTFS (Disk=0 Partition=4)
Drive f: () (Removable) (Total:0.96 GB) (Free:0.45 GB) FAT (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BBA9336E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=45 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 983 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=982 MB) - (Type=06)

==================== End Of Log ============================
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 7/18/2013 12:14 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Copy/paste all the text in bold to Notepad.
 
 
 
start
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x]
AppInit_DLLs-x32:   [0 ] ()
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 WACService; "C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe" [x]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
C:\ProgramData\FullRemove.exe
Task: {03A8BB9D-B3E6-4872-B79B-923B87F01B75} - System32\Tasks\AdobeAAMUpdater-1.0-Technical-Gaz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {14DB5F63-CB7D-451C-A1C9-CBDF68F7FA4C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {159786B1-45B5-4522-B0DB-6FDD14B0F471} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27] (Google Inc.)
Task: {48FFD983-2CE3-49CD-9391-AD1F20111AB7} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20]
Task: {4973317D-53B1-4FBE-8310-A5542917668A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Des
Task: {4D199907-BCFA-479B-BB9F-C25B85014515} - System32\Tasks\Laptop Backup to Server => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {76F3DA38-2543-4107-BF3C-9D0217CB3F30} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27] (Google Inc.)
Task: {77293258-911E-4993-BF53-B6032D604A8E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1601622141-15418948-692270088-1000
Task: {9AC0A2F4-A871-4302-8280-0EF062BE37FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {A6BAEB85-918B-4A7B-A895-CC3B77883A93} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17] (
Task: {A9C671F4-E298-435B-9DDE-69E3A77547CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft
Task: {BCEC45EE-4AF1-4FC2-9673-9FA55D17F7E6} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27
Task: {D76441D5-8614-47F1-A6DE-75113162D6DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (App
Task: {E108DAEC-FFDD-4F4F-86F3-319C08BC3790} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {E76310D1-D1A9-43E8-AD7A-427FD13A8CBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy
Task: {F75A15EC-4308-470B-BC62-F7798BCF37EA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
end
 


In Notepad, click File (at the top), and select: Save As...
In the Save As... prompt, name the file fixlist.txt, and save it to the Desktop <<--- Important!!

NOTE. It is important that FRST64 and the fixlist.txt are in the same location (Desktop) or this will not work.

Run FRST64 and press the Fix button, just once, and wait.
When done, the tool makes a log on the Desktop: Fixlog.txt

Please post Fixlog.txt in your reply, along with a combofix log.
 
 
Please download Combofix from:
 
And save to the desktop.
 
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall.
In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

jamesedward
New Member


Date Joined Jun 2013
Total Posts : 2
 
   Posted 7/22/2013 8:54 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Hi GazNicki you need to remove unwanted software first because that must be a cause of your low speed performance.After that scan your complete system with anyone from these antivirus software like AVAST,AVG,Immunet or Commodo. You will surely get some positive result.

Post Edited (Touch) : 7/22/2013 6:22:41 AM GMT

Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/22/2013 9:55 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
FRST - FixLog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by Gaz at 2013-07-22 07:53:29 Run:1
Running from C:\Users\Gaz\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\APSDaemon => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ScrSav => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
WACService => Service deleted successfully.
cpuz136 => Service deleted successfully.
pccsmcfd => Service deleted successfully.
C:\ProgramData\FullRemove.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03A8BB9D-B3E6-4872-B79B-923B87F01B75} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03A8BB9D-B3E6-4872-B79B-923B87F01B75} => Key not found.
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Technical-Gaz => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Technical-Gaz => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14DB5F63-CB7D-451C-A1C9-CBDF68F7FA4C} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{159786B1-45B5-4522-B0DB-6FDD14B0F471} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{159786B1-45B5-4522-B0DB-6FDD14B0F471} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48FFD983-2CE3-49CD-9391-AD1F20111AB7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48FFD983-2CE3-49CD-9391-AD1F20111AB7} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4973317D-53B1-4FBE-8310-A5542917668A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4973317D-53B1-4FBE-8310-A5542917668A} => Key deleted successfully.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D199907-BCFA-479B-BB9F-C25B85014515} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D199907-BCFA-479B-BB9F-C25B85014515} => Key deleted successfully.
C:\Windows\System32\Tasks\Laptop Backup to Server => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Laptop Backup to Server => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{76F3DA38-2543-4107-BF3C-9D0217CB3F30} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76F3DA38-2543-4107-BF3C-9D0217CB3F30} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77293258-911E-4993-BF53-B6032D604A8E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77293258-911E-4993-BF53-B6032D604A8E} => Key deleted successfully.
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-1601622141-15418948-692270088-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-1601622141-15418948-692270088-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AC0A2F4-A871-4302-8280-0EF062BE37FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC0A2F4-A871-4302-8280-0EF062BE37FD} => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6BAEB85-918B-4A7B-A895-CC3B77883A93} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6BAEB85-918B-4A7B-A895-CC3B77883A93} => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9C671F4-E298-435B-9DDE-69E3A77547CB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9C671F4-E298-435B-9DDE-69E3A77547CB} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\AutomaticBackup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCEC45EE-4AF1-4FC2-9673-9FA55D17F7E6} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D76441D5-8614-47F1-A6DE-75113162D6DB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D76441D5-8614-47F1-A6DE-75113162D6DB} => Key deleted successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E108DAEC-FFDD-4F4F-86F3-319C08BC3790} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E108DAEC-FFDD-4F4F-86F3-319C08BC3790} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserDefendert => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E76310D1-D1A9-43E8-AD7A-427FD13A8CBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E76310D1-D1A9-43E8-AD7A-427FD13A8CBA} => Key deleted successfully.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F75A15EC-4308-470B-BC62-F7798BCF37EA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F75A15EC-4308-470B-BC62-F7798BCF37EA} => Key deleted successfully.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.


The system needs a manual reboot. 

==== End of Fixlog ====
Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/22/2013 1:50 PM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Combofix.txt

ComboFix 13-07-22.01 - Gaz 22/07/2013   8:28:32.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3767.2324 [GMT 1:00]
Running from: C:\Users\Gaz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\proscan
C:\Program Files (x86)\proscan\CommBase.dll
C:\Program Files (x86)\proscan\DGChart.dll
C:\Program Files (x86)\proscan\DGDyno.dll
C:\Program Files (x86)\proscan\DiagnosticReport.dll
C:\Program Files (x86)\proscan\dtc.dat
C:\Program Files (x86)\proscan\FreezeFrameData.dll
C:\Program Files (x86)\proscan\Gauge.dll
C:\Program Files (x86)\proscan\O2TestResults.dll
C:\Program Files (x86)\proscan\O2Waveform.dll
C:\Program Files (x86)\proscan\pid.dat
C:\Program Files (x86)\proscan\ProScan.exe
C:\Program Files (x86)\proscan\ProScan_Help.chm
C:\Program Files (x86)\proscan\RichTextBoxPrintCtrl.dll
C:\Program Files (x86)\proscan\SensorDisplay.dll
C:\Program Files (x86)\proscan\setup.log
C:\Program Files (x86)\proscan\uninstall.exe
C:\Users\Gaz\AppData\Local\assembly\tmp
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\_ctypes.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\_elementtree.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\_hashlib.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\_multiprocessing.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\_socket.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\_ssl.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\pyexpat.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\pysqlite2._sqlite.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\python27.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\pythoncom27.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\PyWinTypes27.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\select.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\unicodedata.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32api.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32com.shell.shell.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32crypt.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32event.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32file.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32inet.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32pdh.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32process.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32profile.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32security.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\win32ts.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\windows._cacheinvalidation.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._controls_.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._core_.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._gdi_.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._html2.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._misc_.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._windows_.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wx._wizard.pyd
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wxbase294u_net_vc90.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wxbase294u_vc90.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wxmsw294u_adv_vc90.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wxmsw294u_core_vc90.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wxmsw294u_html_vc90.dll
C:\Users\Gaz\AppData\Local\Temp\_MEI29362\wxmsw294u_webview_vc90.dll
C:\Windows\ST6UNST.000
C:\Windows\SysWow64\muzapp.exe
C:\Windows\wininit.ini


(((((((((((((((((((((((((   Files Created from 2013-06-22 to 2013-07-22  )))))))))))))))))))))))))))))))


2013-07-22 07:39:27 . 2013-07-22 07:39:27    --------    d-----w-    C:\Users\Management Team\AppData\Local\temp
2013-07-22 06:58:54 . 2013-07-02 08:34:27    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40059CB7-7A57-4565-AAF1-9B2FB1CC34E3}\mpengine.dll
2013-07-19 07:25:43 . 2013-07-19 07:25:43    --------    d-----w-    C:\Users\Gaz\AppData\Local\Wondershare
2013-07-19 07:25:41 . 2013-07-19 07:25:41    --------    d-----w-    C:\Program Files (x86)\Common Files\Wondershare
2013-07-19 07:25:27 . 2013-07-19 07:25:27    --------    d-----w-    C:\Users\Gaz\AppData\Roaming\Wondershare
2013-07-19 07:25:26 . 2013-07-19 07:25:26    --------    d-----w-    C:\Program Files (x86)\Wondershare
2013-07-18 10:46:50 . 2013-07-02 08:34:27    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 13:08:31 . 2013-07-22 06:53:39    --------    d-----w-    C:\FRST
2013-07-17 12:41:25 . 2013-07-17 12:41:25    --------    d-----w-    C:\Windows\ERUNT
2013-07-17 12:37:41 . 2013-07-17 12:37:41    --------    d-----w-    C:\Program Files\7-Zip
2013-07-17 10:28:20 . 2013-07-17 10:28:02    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EEBC53D-6D6C-43EB-81F5-84893643F907}\gapaengine.dll
2013-07-17 08:48:22 . 2013-07-17 08:48:38    --------    d-----w-    C:\Program Files\iPod
2013-07-17 08:48:21 . 2013-07-17 08:48:38    --------    d-----w-    C:\Program Files\iTunes
2013-07-17 08:48:21 . 2013-07-17 08:48:38    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-07-17 08:46:51 . 2013-07-17 08:48:22    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 08:42:01 . 2013-07-17 08:42:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-07-17 08:42:01 . 2013-07-17 08:42:00    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-07-17 08:42:01 . 2013-07-17 08:41:59    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-07-17 08:42:01 . 2013-07-17 08:41:59    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-07-17 08:42:01 . 2013-07-17 08:41:58    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-07-12 11:25:03 . 2013-07-12 11:30:03    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-07-12 06:51:46 . 2013-07-12 06:51:46    --------    d-----w-    C:\Users\Gaz\AppData\Roaming\Malwarebytes
2013-07-12 06:51:22 . 2013-07-12 06:51:22    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-07-12 06:51:20 . 2013-04-04 13:50:32    25928    ----a-w-    C:\Windows\system32\drivers\mbam.sys
2013-07-12 06:51:19 . 2013-07-12 06:51:33    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-12 06:38:28 . 2013-07-12 06:38:28    --------    d-----w-    C:\Program Files\Enigma Software Group
2013-07-12 06:37:31 . 2013-07-12 10:06:50    --------    d-----w-    C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-11 06:31:00 . 2013-05-27 05:50:47    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 06:31:00 . 2013-05-27 05:50:46    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 06:31:00 . 2013-05-27 04:57:25    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 06:30:59 . 2013-05-27 05:50:46    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 06:30:59 . 2013-05-27 04:57:58    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 06:30:59 . 2013-05-27 04:57:26    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 06:30:59 . 2013-05-27 03:15:11    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 06:30:46 . 2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\system32\qedit.dll
2013-07-11 06:30:45 . 2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-07-11 06:30:45 . 2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\system32\WMVDECOD.DLL
2013-07-11 06:30:44 . 2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 06:24:09 . 2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\system32\win32k.sys
2013-07-11 06:24:07 . 2013-04-10 05:48:18    1732608    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 06:24:07 . 2013-04-10 05:46:24    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:24:06 . 2013-04-10 05:46:24    1402880    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 06:24:06 . 2013-04-10 05:46:24    1393152    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 06:24:06 . 2013-04-10 05:03:14    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 06:23:40 . 2013-04-09 23:34:01    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-07-11 06:23:40 . 2013-04-02 22:51:57    1643520    ----a-w-    C:\Windows\system32\DWrite.dll
2013-07-05 12:27:46 . 2013-07-09 06:11:06    --------    d-----w-    C:\Users\Gaz\AppData\Local\LogMeIn Rescue Applet
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-07-12 13:20:17 . 2012-10-01 08:29:41    78185248    ----a-w-    C:\Windows\system32\MRT.exe
2013-06-21 11:01:21 . 2012-10-08 07:01:59    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-21 08:41:29 . 2013-06-21 08:41:40    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 08:41:25 . 2012-12-06 10:33:56    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-21 08:41:25 . 2012-12-06 10:33:56    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-17 10:02:43 . 2012-10-01 07:36:44    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-17 10:02:43 . 2012-10-01 07:36:44    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-04 08:15:02 . 2013-06-04 08:15:02    103448    ----a-w-    C:\Windows\system32\drivers\ssudbus.sys
2013-06-04 08:15:00 . 2013-06-04 08:15:00    203672    ----a-w-    C:\Windows\system32\drivers\ssudmdm.sys
2013-05-13 05:51:01 . 2013-06-12 06:23:05    184320    ----a-w-    C:\Windows\system32\cryptsvc.dll
2013-05-13 05:51:00 . 2013-06-12 06:23:05    1464320    ----a-w-    C:\Windows\system32\crypt32.dll
2013-05-13 05:51:00 . 2013-06-12 06:23:05    139776    ----a-w-    C:\Windows\system32\cryptnet.dll
2013-05-13 05:50:40 . 2013-06-12 06:23:04    52224    ----a-w-    C:\Windows\system32\certenc.dll
2013-05-13 04:45:55 . 2013-06-12 06:23:05    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 . 2013-06-12 06:23:04    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 . 2013-06-12 06:23:04    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 . 2013-06-12 06:23:06    1192448    ----a-w-    C:\Windows\system32\certutil.exe
2013-05-13 03:08:10 . 2013-06-12 06:23:06    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 . 2013-06-12 06:23:04    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 . 2013-06-12 06:23:12    30720    ----a-w-    C:\Windows\system32\cryptdlg.dll
2013-05-10 03:20:54 . 2013-06-12 06:23:12    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 . 2013-06-12 06:28:27    1910632    ----a-w-    C:\Windows\system32\drivers\tcpip.sys
2013-05-02 15:29:56 . 2012-10-01 08:11:48    278800    ------w-    C:\Windows\system32\MpSigStub.exe
2013-05-02 13:30:03 . 2013-05-02 13:30:03    719360    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2013-05-02 13:30:03 . 2013-05-02 13:30:03    226304    ----a-w-    C:\Windows\system32\elshyph.dll
2013-05-02 13:30:03 . 2013-05-02 13:30:03    185344    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-05-02 13:30:03 . 2013-05-02 13:30:03    158720    ----a-w-    C:\Windows\SysWow64\msls31.dll
2013-05-02 13:30:03 . 2013-05-02 13:30:03    1054720    ----a-w-    C:\Windows\system32\MsSpellCheckingFacility.exe
2013-05-02 13:30:02 . 2013-05-02 13:30:02    73728    ----a-w-    C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-05-02 13:30:02 . 2013-05-02 13:30:02    523264    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-05-02 13:30:02 . 2013-05-02 13:30:02    48640    ----a-w-    C:\Windows\SysWow64\mshtmler.dll
2013-05-02 13:30:02 . 2013-05-02 13:30:02    38400    ----a-w-    C:\Windows\SysWow64\imgutil.dll
2013-05-02 13:30:02 . 2013-05-02 13:30:02    150528    ----a-w-    C:\Windows\SysWow64\iexpress.exe
2013-05-02 13:30:02 . 2013-05-02 13:30:02    138752    ----a-w-    C:\Windows\SysWow64\wextract.exe
2013-05-02 13:30:02 . 2013-05-02 13:30:02    137216    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-05-02 13:30:02 . 2013-05-02 13:30:02    12800    ----a-w-    C:\Windows\SysWow64\mshta.exe
2013-05-02 13:30:02 . 2013-05-02 13:30:02    110592    ----a-w-    C:\Windows\SysWow64\IEAdvpack.dll
2013-05-02 13:30:01 . 2013-05-02 13:30:01    61952    ----a-w-    C:\Windows\SysWow64\tdc.ocx
2013-05-02 13:30:01 . 2013-05-02 13:30:01    441856    ----a-w-    C:\Windows\system32\html.iec
2013-05-02 13:30:01 . 2013-05-02 13:30:01    361984    ----a-w-    C:\Windows\SysWow64\html.iec
2013-05-02 13:30:01 . 2013-05-02 13:30:01    281600    ----a-w-    C:\Windows\system32\dxtrans.dll
2013-05-02 13:30:01 . 2013-05-02 13:30:01    23040    ----a-w-    C:\Windows\SysWow64\licmgr10.dll
2013-05-02 13:30:01 . 2013-05-02 13:30:01    216064    ----a-w-    C:\Windows\system32\msls31.dll
2013-05-02 13:30:01 . 2013-05-02 13:30:01    197120    ----a-w-    C:\Windows\system32\msrating.dll
2013-05-02 13:30:01 . 2013-05-02 13:30:01    1441280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-05-02 13:30:01 . 2013-05-02 13:30:00    452096    ----a-w-    C:\Windows\system32\dxtmsft.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    97280    ----a-w-    C:\Windows\system32\mshtmled.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    905728    ----a-w-    C:\Windows\system32\mshtmlmedia.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    81408    ----a-w-    C:\Windows\system32\icardie.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    762368    ----a-w-    C:\Windows\system32\ieapfltr.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    62976    ----a-w-    C:\Windows\system32\pngfilt.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    599552    ----a-w-    C:\Windows\system32\vbscript.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    52224    ----a-w-    C:\Windows\system32\msfeedsbs.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    51200    ----a-w-    C:\Windows\system32\imgutil.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    27648    ----a-w-    C:\Windows\system32\licmgr10.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    270848    ----a-w-    C:\Windows\system32\iedkcs32.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    247296    ----a-w-    C:\Windows\system32\webcheck.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    235008    ----a-w-    C:\Windows\system32\url.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    173568    ----a-w-    C:\Windows\system32\ieUnatt.exe
2013-05-02 13:30:00 . 2013-05-02 13:30:00    167424    ----a-w-    C:\Windows\system32\iexpress.exe
2013-05-02 13:30:00 . 2013-05-02 13:30:00    1509376    ----a-w-    C:\Windows\system32\inetcpl.cpl
2013-05-02 13:30:00 . 2013-05-02 13:30:00    149504    ----a-w-    C:\Windows\system32\occache.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    144896    ----a-w-    C:\Windows\system32\wextract.exe
2013-05-02 13:30:00 . 2013-05-02 13:30:00    1400416    ----a-w-    C:\Windows\system32\ieapfltr.dat
2013-05-02 13:30:00 . 2013-05-02 13:30:00    13824    ----a-w-    C:\Windows\system32\mshta.exe
2013-05-02 13:30:00 . 2013-05-02 13:30:00    136192    ----a-w-    C:\Windows\system32\iepeers.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    135680    ----a-w-    C:\Windows\system32\IEAdvpack.dll
2013-05-02 13:30:00 . 2013-05-02 13:30:00    12800    ----a-w-    C:\Windows\system32\msfeedssync.exe
2013-05-02 13:30:00 . 2013-05-02 13:30:00    102912    ----a-w-    C:\Windows\system32\inseng.dll
2013-05-02 13:30:00 . 2013-05-02 13:29:59    92160    ----a-w-    C:\Windows\system32\SetIEInstalledDate.exe
2013-05-02 13:29:59 . 2013-05-02 13:29:59    77312    ----a-w-    C:\Windows\system32\tdc.ocx
2013-05-02 13:29:59 . 2013-05-02 13:29:59    48640    ----a-w-    C:\Windows\system32\mshtmler.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    9728    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    5632    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    5632    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    4096    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    3072    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    3072    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-02 13:27:59 . 2013-05-02 13:27:59    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    522752    ----a-w-    C:\Windows\system32\XpsGdiConverter.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    465920    ----a-w-    C:\Windows\system32\WMPhoto.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    3928064    ----a-w-    C:\Windows\system32\d2d1.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    3584    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    2776576    ----a-w-    C:\Windows\system32\msmpeg2vdec.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    2560    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    1682432    ----a-w-    C:\Windows\system32\XpsPrint.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-02 13:27:58 . 2013-05-02 13:27:58    10752    ---ha-w-    C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-02 13:27:57 . 2013-05-02 13:27:57    648192    ----a-w-    C:\Windows\system32\d3d10level9.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    130736    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    130736    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    130736    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40:28    120176    ----a-w-    C:\Program Files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" [2013-06-06 22:57:24 19676256]
"BitTorrent"="C:\Users\Gaz\AppData\Roaming\BitTorrent\BitTorrent.exe" [2013-07-19 07:23:09 1125464]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
MobileGo Service.lnk - C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe [2013-7-19 99144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;Google Device Driver;C:\Windows\system32\Drivers\wsadb.sys;C:\Windows\SYSNATIVE\Drivers\wsadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);C:\Windows\system32\DRIVERS\dc3d.sys;C:\Windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys;C:\Windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys;C:\Windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 silabenm;SystemSure SMART Cable Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys;C:\Windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;SystemSure SMART Cable Driver;C:\Windows\system32\DRIVERS\silabser.sys;C:\Windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS;C:\Windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe;C:\Program Files\Soluto\SolutoRemoteService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys;C:\Windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys;C:\Windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys;C:\Windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys;C:\Windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys;C:\Windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Sentinel64;Sentinel64;C:\Windows\System32\Drivers\Sentinel64.sys;C:\Windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe;C:\Program Files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe;C:\Program Files\Soluto\SolutoService.exe [x]
S3 cpuz136;cpuz136;C:\Windows\TEMP\cpuz136\cpuz136_x64.sys;C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys;C:\Windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys;C:\Windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys;C:\Windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 11:48:56    1165776    ----a-w-    C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    164016    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    164016    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    164016    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36:40    164016    ----a-w-    C:\Users\Gaz\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42:12    137584    ----a-w-    C:\Program Files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 22:57:26    778192    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 22:57:26    778192    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 22:57:26    778192    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 22:57:26    778192    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 22:57:26    778192    ----a-w-    C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-01-10 21:43:26 417560]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 11:34:16 1281512]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 11:08:58 1229296]

------- Supplementary Scan -------

uStart Page = hxxp://www.google.co.uk/
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.50.3
FF - ProfilePath - C:\Users\Gaz\AppData\Roaming\Mozilla\Firefox\Profiles\bfllieko.default-1373622507671\
FF - ExtSQL: 2013-07-12 12:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Gaz\AppData\Roaming\Mozilla\Firefox\Profiles\bfllieko.default-1373622507671\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-07-12 12:22; FasterFox_Lite@BigRedBrent; C:\Users\Gaz\AppData\Roaming\Mozilla\Firefox\Profiles\bfllieko.default-1373622507671\extensions\FasterFox_Lite@BigRedBrent

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-ProScan - C:\Program Files (x86)\ProScan\uninstall.exe
AddRemove-SLABCOMM&10C4&EA60 - C:\Program Files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-TDLCRADL&10C4&8213 - C:\Windows\system32\Silabs\DriverUninstaller.exe USBXpress\TDLCRADL&10C4&8213
AddRemove-{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1 - C:\Program Files (x86)\Wondershare\Wondershare Application Center\unins001.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 7/23/2013 10:15 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
How are things running now                     ?


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 

GazNicki
New Member


Date Joined Apr 2008
Total Posts : 14
 
   Posted 7/25/2013 11:24 AM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Feels much better thanks Touch :)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 7/25/2013 3:58 PM (GMT +3)    Quote: Installed a world of garbage - please help me remove itAlert an admin about: Installed a world of garbage - please help me remove it
Great                  smile
 
 
 
 
Is there anything else I can help with?

Otherwise, I will close the thread...............


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
Do not PM me with logfiles. They will be deleted. 

 

Back to Top
 
New Topic Post reply to : Installed a world of garbage - please help me remove it Printable version of : Installed a world of garbage - please help me remove it
 
Forum Information
Currently it is Tuesday, September 02, 2014 2:40 PM (GMT +3)
There are a total of 60,585 posts in 13,313 threads.
In the last 3 days there were 1 new threads and 5 reply posts. View Active Threads
Who's Online
This forum has 36304 registered members. Please welcome our newest member, Ryan Roach.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard Backup: 3 GB of files are "missing" but freespace calcuation seems to think they (3)8/31/2014 11:20:08 PM (Robert Mateescu)
Blocking of sites (5)8/31/2014 6:53:45 PM (Robert Mateescu)