Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: cannot remove Win32.downloader malware

  1. #1
    Junior Member
    Join Date
    Feb 2014
    Posts
    18

    Default cannot remove Win32.downloader malware

    thank you tashi for your response. I have tried running spybot as administrator and at startup several times. I have followed your instructions.
    here is the dds have
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
    Run by H at 9:02:12 on 2014-02-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3767.1871 [GMT 0:00]
    .
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
    C:\Windows\system32\svchost.exe -k bthaudiosvc
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\lxcycoms.exe
    C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyServer = localhost:8118
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.symantec.com
    uURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
    uURLSearchHooks: {81d24ea1-3106-46a5-a324-fa96b8178519} - <orphaned>
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
    mURLSearchHooks: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
    TB: AF-HSS Toolbar: {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
    TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
    TB: AF-HSS Toolbar: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Google Update] "C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    StartupFolder: C:\Users\H\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{278E566C-8F28-44DB-9BEE-335AAA7FBCA5} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{278E566C-8F28-44DB-9BEE-335AAA7FBCA5}\74357475C414E4 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{62A4F96F-62B9-4067-9009-0BF19CAD32FB} : DHCPNameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~2\citrix\icacli~1\rshook.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxps://www.google.com/search
    FF - prefs.js: network.proxy.type - 2
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-27 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-27 207904]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-13 55024]
    R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-21 316248]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1501000.012\SymDS64.sys [2013-12-28 493656]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1501000.012\SymEFA64.sys [2013-12-28 1147480]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-1-27 28184]
    R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-1-27 440672]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-27 1038072]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-27 421704]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
    R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140124.001\IDSviA64.sys [2014-1-25 521944]
    R1 RapportCerberus_59849;RapportCerberus_59849;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [2013-10-30 606672]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-12-21 282648]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-12-21 397784]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-27 78648]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-10-5 133944]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-27 50344]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-27 113704]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-8-3 325200]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-10-13 868896]
    R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 HFGService;Handsfree Headset Service;C:\Windows\System32\svchost.exe -k bthaudiosvc [2009-7-13 27136]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
    R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s --> C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe -s [?]
    R2 lxcy_device;lxcy_device;C:\Windows\System32\lxcycoms.exe -service --> C:\Windows\System32\lxcycoms.exe -service [?]
    R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe [2013-8-22 143928]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [2013-12-28 275696]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-6-28 255744]
    R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-12-21 1444120]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-28 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-8-3 243232]
    R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-27 80184]
    R3 BthAudioHF;BthAudioHF Service;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]
    R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
    R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-3 135560]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-8-3 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-3 1108000]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
    S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys [2013-8-22 168096]
    S1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1501000.012\ccSetx64.sys [2013-12-28 162392]
    S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1501000.012\Ironx64.sys [2013-12-28 264280]
    S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1501000.012\symnets.sys [2013-12-28 590936]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-6-13 14448]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-2-22 9216]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-3 245280]
    S3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
    S3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
    S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-6-13 155824]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-14 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-20 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-01-31 22:36:31 0 ----a-w- C:\Windows\SysWow64\sho2754.tmp
    2014-01-29 18:00:14 0 ----a-w- C:\Windows\SysWow64\sho9680.tmp
    2014-01-27 16:30:29 -------- d-----w- C:\Users\H\New folder
    2014-01-27 15:18:27 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2014-01-27 15:17:54 440672 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
    2014-01-27 15:10:12 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-01-27 15:10:12 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-01-27 15:10:11 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-01-27 15:10:11 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-01-27 15:10:11 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-01-27 15:10:11 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-01-27 15:10:02 43152 ----a-w- C:\Windows\avastSS.scr
    2014-01-27 12:34:38 -------- d--h--w- C:\Users\H\AppData\Roaming\AVAST Software
    2014-01-27 12:28:33 -------- d-----w- C:\Program Files\AVAST Software
    2014-01-27 12:27:39 -------- d-----w- C:\ProgramData\AVAST Software
    2014-01-25 18:06:09 -------- d-----w- C:\Program Files\iPod
    2014-01-25 18:06:08 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-01-25 18:06:08 -------- d-----w- C:\Program Files\iTunes
    2014-01-25 18:06:08 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-01-25 18:03:08 -------- d-----w- C:\Program Files\Bonjour
    2014-01-25 18:03:08 -------- d-----w- C:\Program Files (x86)\Bonjour
    2014-01-25 16:40:16 -------- d-----w- C:\ProgramData\Logs
    2014-01-20 09:58:21 -------- d--h--w- C:\Users\H\AppData\Local\LogMeIn Rescue Applet
    2014-01-20 09:56:28 -------- d-----w- C:\Users\H\AppData\Local\Conduit
    2014-01-19 12:16:44 0 ----a-w- C:\Windows\SysWow64\sho42FE.tmp
    2014-01-17 22:43:58 0 ----a-w- C:\Windows\SysWow64\sho9097.tmp
    2014-01-17 18:50:57 -------- d--h--w- C:\Users\H\AppData\Local\Oxford University Press
    2014-01-17 18:50:57 -------- d-----w- C:\Users\H\AppData\Roaming\Oxford University Press
    2014-01-17 18:08:57 -------- d-----w- C:\Program Files (x86)\Oxford University Press
    2014-01-16 01:50:40 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-15 08:56:20 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2014-01-15 08:56:20 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2014-01-15 08:56:20 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2014-01-15 08:56:20 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2014-01-15 08:56:20 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2014-01-15 08:56:20 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2014-01-15 08:56:20 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2014-01-15 08:55:58 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-01-15 08:55:48 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
    2014-01-08 00:30:56 0 ----a-w- C:\Windows\SysWow64\shoAEC8.tmp
    2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2014-01-05 17:41:13 0 ----a-w- C:\Windows\SysWow64\shoE7DE.tmp
    2014-01-04 16:50:33 -------- d-----w- C:\Users\H\AppData\Local\Amazon Cloud Player
    .
    ==================== Find3M ====================
    .
    2014-02-02 19:47:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-02 19:47:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-01-03 22:30:09 0 ----a-w- C:\Windows\SysWow64\sho5A20.tmp
    2013-12-28 19:51:08 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-12-24 02:14:04 0 ----a-w- C:\Windows\SysWow64\sho6F57.tmp
    2013-12-21 22:56:32 316248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
    2013-12-12 10:01:10 0 ----a-w- C:\Windows\SysWow64\shoAE89.tmp
    2013-12-03 22:30:00 0 ----a-w- C:\Windows\SysWow64\sho51F.tmp
    2013-12-01 09:37:00 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2013-12-01 09:37:00 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-25 14:44:44 19392 ----a-w- C:\Windows\System32\roboot64.exe
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-12 02:58:41 0 ----a-w- C:\Windows\SysWow64\shoA43B.tmp
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    .
    ============= FINISH: 9:05:21.68 ===============

    here is the aswmbr
    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-02-03 09:13:01
    -----------------------------
    09:13:01.741 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:13:01.741 Number of processors: 4 586 0x2505
    09:13:01.742 ComputerName: HALIMAB-PC UserName: H
    09:13:03.447 Initialize success
    09:13:06.621 AVAST engine defs: 14020201
    09:13:11.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:13:11.409 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    09:13:11.544 Disk 0 MBR read successfully
    09:13:11.549 Disk 0 MBR scan
    09:13:11.556 Disk 0 Windows 7 default MBR code
    09:13:11.561 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
    09:13:11.585 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
    09:13:11.591 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
    09:13:11.609 Disk 0 scanning C:\Windows\system32\drivers
    09:13:26.022 Service scanning
    09:13:53.399 Modules scanning
    09:13:53.414 Disk 0 trace - called modules:
    09:13:53.430 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    09:13:53.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007007060]
    09:13:53.929 3 CLASSPNP.SYS[fffff8800161c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004faa050]
    09:13:54.865 AVAST engine scan C:\Windows
    09:13:57.455 AVAST engine scan C:\Windows\system32
    09:16:52.978 AVAST engine scan C:\Windows\system32\drivers
    09:17:11.495 AVAST engine scan C:\Users\H
    09:18:28.952 Disk 0 MBR has been saved successfully to "C:\Users\H\Desktop\MBR.dat"
    09:18:28.968 The log file has been saved successfully to "C:\Users\H\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hi and welcome

    I can see a lot of things going on here.

    Avast and Norton Internet Security. One might be a paid for subscription that has expired?
    Need to get this down to just 1 antivirus on your computer or we will not be able to run all the necessary scans. Let me know if you need any uninstall tools.

    ~~~~~~~~~~~~~~~~~~~~~~~~~

    P2P software/programs are a major contributor to infections. I see you have uTorrent. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.




    We need to disable Spybot S&D's "TeaTimer"
    TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

    In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done.
    1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
    2. If prompted with a legal dialog, accept the warning.
    3. Click and then on "Advanced Mode"
    4. You may be presented with a warning dialog. If so, press
    5. Click on
    6. Click on
    7. Uncheck this checkbox:
    8. Close/Exit Spybot Search and Destroy


    ~~~~~~~~~~~~~~~~~~~

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.


    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    At times this scanner will appear to be stalled, on a heavily infected computer it can take quite a while to finish, please be patient. To check that the tool is still running, open task manager and look for JRT.exe.

    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.

    Vista / 7 / 8 users:
    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    When they are complete let me have the two reports and let me know how things are running.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Feb 2014
    Posts
    18

    Default con't win32.downloader.gen step2

    I thought I had uninstalled Norton totally before installing Avast. I guess there are residual files that did not go. I have as your recommendation uninstalled utorrent as well.
    when the computer restarted, it showed a warning message which says it cannot find C:\users\AppData\Local\Conduit\BackgroundContainer\Backgroundcontainer.dll which, coincidentally is the location Spybot gave as the Win32.downloader.gen malware.

    Shall I continue to step involving the Junkware removal tool?

    # Username : H - HALIMAB-PC
    # Running from : C:\Users\H\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\ProgramData\boost_interprocess
    [#] Folder Deleted : C:\ProgramData\Browser Manager
    Folder Deleted : C:\ProgramData\IBUpdaterService
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\AF-HSS
    Folder Deleted : C:\Users\H\AppData\Local\Conduit
    Folder Deleted : C:\Users\H\AppData\Local\PackageAware
    Folder Deleted : C:\Users\H\AppData\Local\torch
    Folder Deleted : C:\Users\H\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\H\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\H\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\H\AppData\LocalLow\AF-HSS
    Folder Deleted : C:\Users\H\AppData\Roaming\file scout
    Folder Deleted : C:\Users\H\AppData\Roaming\PerformerSoft
    Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\FCTB
    Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\Conduit
    Folder Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\ConduitCommon
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
    Folder Deleted : C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\h4ykg8bs.default-1340233384957\searchplugins\safesearch.xml
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\searchplugins\safesearch.xml
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\searchplugins\Search_Results.xml
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\searchplugins\search-the-web.xml
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\h4ykg8bs.default-1340233384957\user.js
    File Deleted : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\qywyl651.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DD182CC-FB8D-42D6-93AF-DE1F143FCF2F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8DD182CC-FB8D-42D6-93AF-DE1F143FCF2F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E61616DF-C0BE-4249-BAA7-7E45F35DB468}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\filescout
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKCU\Software\AppDataLow\Software\AF-HSS
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\torch
    Key Deleted : HKLM\Software\AF-HSS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AF-HSS Toolbar
    Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\prefs.js ]

    Line Deleted : user_pref("extensions.delta.admin", false);
    Line Deleted : user_pref("extensions.delta.aflt", "babsst");
    Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Line Deleted : user_pref("extensions.delta.dfltLng", "en");
    Line Deleted : user_pref("extensions.delta.excTlbr", false);
    Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
    Line Deleted : user_pref("extensions.delta.id", "ea5fbbb30000000000001c659d5ff28d");
    Line Deleted : user_pref("extensions.delta.instlDay", "15855");
    Line Deleted : user_pref("extensions.delta.instlRef", "sst");
    Line Deleted : user_pref("extensions.delta.newTab", false);
    Line Deleted : user_pref("extensions.delta.prdct", "delta");
    Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Line Deleted : user_pref("extensions.delta.rvrt", "false");
    Line Deleted : user_pref("extensions.delta.smplGrp", "none");
    Line Deleted : user_pref("extensions.delta.tlbrId", "base");
    Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
    Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.59:33:13");
    Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
    Line Deleted : user_pref("extensions.delta_i.babExt", "");
    Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119943&tt=gc_");
    Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 3);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 3);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1391416351804");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "hxxps%3A//www.google.co.uk/");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV0b29saWQmcD0%3D");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "132320309");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "2295945e4f7140cb26a9897d05e27c68a4ed0309");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
    Line Deleted : user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);

    -\\ Google Chrome v32.0.1700.102

    [ File : C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [15957 octets] - [03/02/2014 17:38:52]
    AdwCleaner[R1].txt - [16018 octets] - [03/02/2014 17:41:27]
    AdwCleaner[S0].txt - [15745 octets] - [03/02/2014 17:42:15]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15806 octets] ##########

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I thought I had uninstalled Norton totally before installing Avast. I guess there are residual files that did not go. I have as your recommendation uninstalled utorrent as well.
    when the computer restarted, it showed a warning message which says it cannot find C:\users\AppData\Local\Conduit\BackgroundContainer\Backgroundcontainer.dll which, coincidentally is the location Spybot gave as the Win32.downloader.gen malware.

    Shall I continue to step involving the Junkware removal tool?
    Yes please, as suspected this machine is heavily infected

    http://www.bleepingcomputer.com/down...-removal-tool/ <--Norton removal tool
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Feb 2014
    Posts
    18

    Default malware removal

    here is the JRT file
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by H on 03/02/2014 at 18:23:45.62
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name Type Value Data
    ========================================================================================
    BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun




    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2413547309-3373987886-2876452647-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs



    ~~~ Files

    Successfully deleted: [File] C:\Windows\syswow64\sho13A.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho1441.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho1637.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho1693.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho17AE.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho19B9.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho1BBB.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho2754.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho28A6.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho2B7.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho2CBC.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho2CE9.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho3A8A.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho4089.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho421A.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho42FE.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho44C8.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho4885.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho492C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho4A38.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho4AC0.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho4D97.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho4F5C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho501.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho50BE.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho51F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho5634.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho56D.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho5811.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho5A20.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho637D.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho6580.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho65AE.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho65F9.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho6A65.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho6EBC.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho6F57.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho6FF6.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho7105.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho782C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho7AB3.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho7C1F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho7C8.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho81A0.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho8664.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho87C3.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho8B4C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho8DEC.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho9097.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho964B.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho9680.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho96B2.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho97C8.tmp
    Successfully deleted: [File] C:\Windows\syswow64\sho99A4.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoA0F0.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoA43B.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoA54C.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoAB1D.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoAE89.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoAE93.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoAEC8.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB00.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB078.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB0D3.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB2B3.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB5ED.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB83.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoB891.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoBA11.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoBA7A.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoBC59.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC1E8.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC40F.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC4EB.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoC566.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoCCEF.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoCDE5.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoD750.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoDA82.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoDC56.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoDDAF.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoDE75.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoE4D9.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoE5DC.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoE738.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoE7DE.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoEAB0.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoEAC4.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoEAFC.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoEC55.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoED59.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoEFDC.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoF181.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoF53E.tmp
    Successfully deleted: [File] C:\Windows\syswow64\shoFB5B.tmp



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\H\appdata\local\cre"
    Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{10BC6893-BA3B-447B-825B-032B1BB23DF2}
    Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{396F670F-8621-4F73-8EE4-21DB51254B8A}
    Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{63CA1F15-0125-4A4C-8F1F-07417D11E304}
    Successfully deleted: [Empty Folder] C:\Users\H\appdata\local\{83D27F20-138E-4E30-B736-B201D9DB157D}



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\fctb
    Successfully deleted the following from C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\prefs.js

    user_pref("freecause5e889f1137386e34f5adccce03875424.AutoSearchEventData", "auto%20search");
    user_pref("freecause5e889f1137386e34f5adccce03875424.ClearCacheDate", 3);
    user_pref("freecause5e889f1137386e34f5adccce03875424.DNSCatch", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.DisplayEULA", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.DnsCatchEventData", "dns%20catch");
    user_pref("freecause5e889f1137386e34f5adccce03875424.EBOMode", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCAData_xx", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.EnableDCA_xx", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.FirstLaunchShown", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.InstallDomain", "sharethis.com");
    user_pref("freecause5e889f1137386e34f5adccce03875424.InstallType", "one_click");
    user_pref("freecause5e889f1137386e34f5adccce03875424.LoadLayoutDate.100311", 3);
    user_pref("freecause5e889f1137386e34f5adccce03875424.NewTabSearchEventData", "tab%20search");
    user_pref("freecause5e889f1137386e34f5adccce03875424.ShowRecommendedOptions", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.StateReportDate", "1391449741251");
    user_pref("freecause5e889f1137386e34f5adccce03875424.TopRightSearchEventData", "top%20right%20search");
    user_pref("freecause5e889f1137386e34f5adccce03875424.beforeInstallSaved", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.homepage", "www.google.com");
    user_pref("freecause5e889f1137386e34f5adccce03875424.beforeinstall.search", "Google");
    user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_img", "aHR0cDovL3Mzd2l6YXJkLmZyZWVjYXVzZS5jb20vc2VhcmNoLnBuZw%3D%3D");
    user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.engine_url", "aHR0cDovL3NlYXJjaC55YWhvby5jb20vc2VhcmNoP2VpPXV0Zi04JmZyPWZyZWVjYXVzZSZ0eXBlPSV
    user_pref("freecause5e889f1137386e34f5adccce03875424.comp.search.sharethis_search.text", "Search%20Here%21");
    user_pref("freecause5e889f1137386e34f5adccce03875424.customNewTab", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.dcaDefaultMode", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowInstallerPage", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.dcaShowSurvey", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.helpUsImprove", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.hideOthers", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.partnerauth", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.processAddrBar", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.remove_search", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.restoreSearch", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.searchHistory", true);
    user_pref("freecause5e889f1137386e34f5adccce03875424.showFirstLaunchOptions", false);
    user_pref("freecause5e889f1137386e34f5adccce03875424.tb_lang", "en");
    user_pref("freecause5e889f1137386e34f5adccce03875424.tool_id", "100311");
    user_pref("freecause5e889f1137386e34f5adccce03875424.user_id", "132320309");
    user_pref("freecause5e889f1137386e34f5adccce03875424.user_key", "2295945e4f7140cb26a9897d05e27c68a4ed0309");
    user_pref("freecause5e889f1137386e34f5adccce03875424.user_layouts", "100311");
    user_pref("freecause5e889f1137386e34f5adccce03875424.user_lnames", "ShareThis%20Toolbar");
    user_pref("freecause5e889f1137386e34f5adccce03875424.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
    user_pref("freecause5e889f1137386e34f5adccce03875424.yahooSearch", true);
    user_pref("keyword.URL", "hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=");
    Emptied folder: C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\qywyl651.default\minidumps [18 files]
    Emptied folder: C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\pxges0f6.default-1368729130564\minidumps [7 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 03/02/2014 at 18:38:02.01
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Junior Member
    Join Date
    Feb 2014
    Posts
    18

    Default cannot remove Win32.downloader malware

    Have run the Norton removal tool now, too. but on restart, I got the warning message 2x "There was a problem starting C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    That should had made a difference?


    let's see if we can find some left overs.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

    Tweaking.com Registry Backup


    Tweaking.com Registry Backup
    • Download the tool found here to your Desktop so it is easy to find.
    • Double click on the file you just downloaded
      to install it to your system.
    • Once the tool is installed, double-click on the Tweaking.com Registry Backup icon
      **Note** The tool should automatically open to the Backup Registry tab.


    • Press Backup Now
    • When the back up is complete, the tool will tell you that Successful */* Files Backed Up
    • You have now successfully backed up your Registry.


    Once you have the tool downloaded there is a tab labeled Settings where you can set where the backups are saved at.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    (use correct version for your system.....Which system am I using?)


    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    C:\Users\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
    JRT found it and deleted it.....let's continue and see if the next scanner can find it as well.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Feb 2014
    Posts
    18

    Default cannot remove Win32.downloader malware

    I will have to send these in 4 lots because I keep getting a message that it is too long. First, the first file


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
    Ran by H (administrator) on HALIMAB-PC on 03-02-2014 19:32:17
    Running from C:\Users\H\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    () C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    ( ) C:\Windows\System32\lxcycoms.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
    HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
    HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
    HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [960080 2010-05-25] (Dritek System Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
    HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-27] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [] - [x]
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [Google Update] - C:\Users\H\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-24] (Google Inc.)
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\H\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {53ff305e-d44c-11e2-8194-1c7508051370} - E:\Startme.exe
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {84f5167a-4f45-11e2-b84e-1c7508051370} - "E:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {86c18bf5-9c04-11e0-8122-1c7508051370} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-2413547309-3373987886-2876452647-1000\...\MountPoints2: {c89e4185-900d-11e0-a47e-1c7508051370} - E:\LaunchU3.exe -a
    AppInit_DLLs-x32: c:\progra~2\citrix\icacli~1\rshook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
    Startup: C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

    ==================== Internet (Whitelisted) ====================

    ProxyServer: localhost:8118
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    URLSearchHook: HKCU - (No Name) - {81d24ea1-3106-46a5-a324-fa96b8178519} - No File
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
    SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564
    FF NewTab: www.google.com
    FF SearchEngineOrder.1: Google
    FF SelectedSearchEngine: Google
    FF Homepage: www.google.com
    FF Keyword.URL: hxxp://search.yahoo.com/search?ourmark=3&ei=utf-8&fr=freecause&type=100311&p=
    FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
    FF NetworkProxy: "type", 2
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\H\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Users\H\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\searchplugins\search-the-web.xml
    FF Extension: iCloud Bookmarks - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\firefoxdav@icloud.com [2013-12-20]
    FF Extension: Pocket - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\isreaditlater@ideashower.com [2013-10-21]
    FF Extension: Fun Characters - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\funcharacters@diegoruiz.info.xpi [2013-06-22]
    FF Extension: Grammarly - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\grammar.plugin@grammarly.com.xpi [2013-07-29]
    FF Extension: Push to Kindle - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2013-05-16]
    FF Extension: Media Hint - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\mediahint@jetpack.xpi [2013-10-22]
    FF Extension: ShareThis - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{1b8cc170-8c85-11db-b606-0800200c9a66}.xpi [2013-07-27]
    FF Extension: ShowIP - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013-05-29]
    FF Extension: ShareThis Toolbar - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{5e889f11-3738-6e34-f5ad-ccce03875424}.xpi [2013-11-13]
    FF Extension: Modify Headers - C:\Users\H\AppData\Roaming\Mozilla\Firefox\Profiles\pxges0f6.default-1368729130564\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-05-16]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
    FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\
    FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ []
    FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
    FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ []
    FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-18]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-27]
    FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
    FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR DefaultSearchKeyword: google.co.uk
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
    CHR Plugin: (Skype Click to Call) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\npSkypeChromePlugin.dll No File
    CHR Plugin: (Conduit Chrome Plugin) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    CHR Plugin: (Google Talk Plugin) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\H\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Media Go Detector) - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    CHR Extension: (Google Translate) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-10-21]
    CHR Extension: (Media Hint) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2013-10-22]
    CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-10-21]
    CHR Extension: (Hola Better Internet) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-10]
    CHR Extension: (RealDownloader) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-17]
    CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-21]
    CHR Extension: (Google Wallet) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-21]
    CHR Extension: (uTorrentControl2) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2013-10-17]
    CHR Extension: (Push to Kindle) - C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc [2013-10-21]
    CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\H\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-27]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

  10. #10
    Junior Member
    Join Date
    Feb 2014
    Posts
    18

    Default malware removal 3nd of first file

    ==================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-27] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-27] (AVAST Software)
    R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
    S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-03] (WildTangent, Inc.)
    R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
    R2 Kodak Cloud Software Connector; C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe [1526192 2012-06-14] ()
    R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566192 2006-11-29] ( )
    R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
    R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-01-22] (Trusteer Ltd.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)

    ==================== Drivers (Whitelisted) ====================

    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-27] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-27] (AVAST Software)
    R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-01-27] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-27] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-27] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-27] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-27] (AVAST Software)
    R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-27] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-27] ()
    R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
    S1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-04] (Symantec Corporation)
    S3 massfilter; C:\Windows\SysWOW64\drivers\massfilter.sys [9216 2009-09-07] (ZTE Incorporated)
    R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-30] ()
    R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-01-22] (Trusteer Ltd.)
    R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-01-22] (Trusteer Ltd.)
    R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-01-22] (Trusteer Ltd.)
    S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2012-03-21] (SMART Technologies ULC)
    S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2012-03-21] (SMART Technologies ULC)
    S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2012-03-21] (SMART Technologies ULC)
    S3 ZTEusbmdm6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbmdm6k.sys [119680 2009-09-07] (ZTE Incorporated)
    S3 ZTEusbnmea; C:\Windows\SysWOW64\DRIVERS\ZTEusbnmea.sys [119680 2009-09-07] (ZTE Incorporated)
    S3 ZTEusbser6k; C:\Windows\SysWOW64\DRIVERS\ZTEusbser6k.sys [119680 2009-09-07] (ZTE Incorporated)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-03 19:32 - 2014-02-03 19:32 - 00036631 _____ () C:\Users\H\Desktop\FRST.txt
    2014-02-03 19:32 - 2014-02-03 19:32 - 00000000 ____D () C:\FRST
    2014-02-03 19:31 - 2014-02-03 19:31 - 02080256 _____ (Farbar) C:\Users\H\Desktop\FRST64.exe
    2014-02-03 19:27 - 2014-02-03 19:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HALIMAB-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-02-03 19:25 - 2014-02-03 19:25 - 00000000 ____D () C:\RegBackup
    2014-02-03 19:24 - 2014-02-03 19:24 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-02-03 19:24 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-02-03 19:19 - 2014-02-03 19:19 - 03936992 _____ () C:\Users\H\Desktop\tweaking.com_registry_backup_setup.exe
    2014-02-03 19:09 - 2014-02-03 19:29 - 00000000 ____D () C:\Users\H\Desktop\spybot tools from forum
    2014-02-03 19:05 - 2014-02-03 19:07 - 00000000 ____D () C:\Users\H\Desktop\various
    2014-02-03 18:50 - 2014-02-03 18:50 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-02-03 18:50 - 2014-02-03 18:50 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-02-03 18:23 - 2014-02-03 18:23 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-03 17:43 - 2014-02-03 18:47 - 00021554 _____ () C:\Windows\PFRO.log
    2014-02-03 17:38 - 2014-02-03 17:42 - 00000000 ____D () C:\AdwCleaner
    2014-02-03 08:58 - 2014-02-03 14:32 - 00000000 ____D () C:\Windows\ERDNT
    2014-02-03 08:56 - 2014-02-03 08:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-02-02 13:35 - 2014-02-03 18:49 - 00000672 _____ () C:\Windows\setupact.log
    2014-02-02 13:35 - 2014-02-02 13:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-02-02 10:35 - 2014-02-03 14:32 - 00003346 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
    2014-02-02 10:24 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102447.backup
    2014-02-02 10:24 - 2014-02-02 10:23 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102434.backup
    2014-02-02 10:23 - 2014-02-02 10:22 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102303.backup
    2014-01-31 16:33 - 2014-02-03 14:32 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4}
    2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC}
    2014-01-27 16:36 - 2014-01-27 16:36 - 00002962 _____ () C:\Windows\System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26}
    2014-01-27 16:30 - 2014-01-27 16:30 - 00000000 ____D () C:\Users\H\New folder
    2014-01-27 16:29 - 2014-01-27 18:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-01-27 16:07 - 2014-01-27 16:07 - 00002962 _____ () C:\Windows\System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A}
    2014-01-27 16:05 - 2014-01-27 16:05 - 00002962 _____ () C:\Windows\System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A}
    2014-01-27 16:03 - 2014-01-27 16:03 - 00002962 _____ () C:\Windows\System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076}
    2014-01-27 15:43 - 2014-01-27 15:43 - 00282992 _____ (Mozilla) C:\Users\H\Downloads\Firefox Setup Stub 26.0.exe
    2014-01-27 15:19 - 2014-01-27 15:19 - 00002044 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
    2014-01-27 15:19 - 2014-01-27 15:19 - 00001984 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
    2014-01-27 15:18 - 2014-01-27 15:18 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2014-01-27 15:17 - 2014-01-27 15:17 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2014-01-27 15:10 - 2014-02-03 18:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-01-27 15:10 - 2014-01-27 15:10 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-27 15:10 - 2014-01-27 15:10 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-27 12:34 - 2014-01-27 12:34 - 00000000 ___HD () C:\Users\H\AppData\Roaming\AVAST Software
    2014-01-27 12:28 - 2014-01-27 12:28 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-01-27 12:27 - 2014-01-27 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iTunes
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iPod
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files\Bonjour
    2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-01-25 17:52 - 2014-01-25 17:55 - 148904784 _____ (Apple Inc.) C:\Users\H\Downloads\iTunes64Setup.exe
    2014-01-25 09:55 - 2014-01-25 09:55 - 05341472 _____ (Dll-Files.com ) C:\Users\H\Downloads\dffsetup-msvcr80.exe
    2014-01-20 17:26 - 2014-01-20 17:27 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
    2014-01-20 09:58 - 2014-01-20 10:27 - 00000000 ___HD () C:\Users\H\AppData\Local\LogMeIn Rescue Applet
    2014-01-17 18:50 - 2014-01-27 14:48 - 00000000 ____D () C:\Users\H\AppData\Roaming\Oxford University Press
    2014-01-17 18:50 - 2014-01-17 18:50 - 00000000 ___HD () C:\Users\H\AppData\Local\Oxford University Press
    2014-01-17 18:09 - 2014-01-17 18:09 - 00001629 _____ () C:\Users\Public\Desktop\English File third edition Elementary.lnk
    2014-01-17 18:08 - 2014-01-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Oxford University Press
    2014-01-16 01:51 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-01-16 01:50 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-01-16 01:50 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-01-16 01:50 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-01-16 01:49 - 2014-01-16 01:50 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
    2014-01-15 08:56 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-01-15 08:56 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-01-15 08:56 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-01-15 08:56 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-01-15 08:56 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-01-15 08:56 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2014-01-15 08:56 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-01-15 08:55 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2014-01-15 08:55 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-01-10 11:39 - 2014-02-03 14:32 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-01-07 07:59 - 2014-01-27 14:58 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-01-06 19:23 - 2014-01-06 19:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
    2014-01-04 16:50 - 2014-01-27 14:58 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
    2014-01-04 16:50 - 2014-01-18 10:33 - 00000000 ____D () C:\Users\H\AppData\Local\Amazon Cloud Player
    2014-01-04 16:49 - 2014-01-04 16:49 - 36152456 _____ (Amazon) C:\Users\H\Downloads\AmazonCloudPlayerInstaller_399.exe

    ==================== One Month Modified Files and Folders =======

    2014-02-03 19:32 - 2014-02-03 19:32 - 00036631 _____ () C:\Users\H\Desktop\FRST.txt
    2014-02-03 19:32 - 2014-02-03 19:32 - 00000000 ____D () C:\FRST
    2014-02-03 19:31 - 2014-02-03 19:31 - 02080256 _____ (Farbar) C:\Users\H\Desktop\FRST64.exe
    2014-02-03 19:29 - 2014-02-03 19:09 - 00000000 ____D () C:\Users\H\Desktop\spybot tools from forum
    2014-02-03 19:27 - 2014-02-03 19:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HALIMAB-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-02-03 19:27 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-02-03 19:27 - 2009-07-14 04:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-02-03 19:25 - 2014-02-03 19:25 - 00000000 ____D () C:\RegBackup
    2014-02-03 19:24 - 2014-02-03 19:24 - 00002251 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-02-03 19:24 - 2014-02-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-02-03 19:19 - 2014-02-03 19:19 - 03936992 _____ () C:\Users\H\Desktop\tweaking.com_registry_backup_setup.exe
    2014-02-03 19:08 - 2013-06-13 20:06 - 00000000 ____D () C:\Users\H\Documents\Media Go
    2014-02-03 19:07 - 2014-02-03 19:05 - 00000000 ____D () C:\Users\H\Desktop\various
    2014-02-03 19:07 - 2013-01-25 10:26 - 00000000 ____D () C:\Users\H\Desktop\greensquare
    2014-02-03 19:07 - 2012-02-04 10:55 - 00000296 _____ () C:\Windows\Tasks\PrintProjects Communicator.job
    2014-02-03 19:06 - 2013-11-23 18:59 - 00000000 ____D () C:\Users\H\Desktop\Crisis and CIEH
    2014-02-03 19:01 - 2011-05-31 18:08 - 00000000 ____D () C:\ProgramData\Kodak
    2014-02-03 18:59 - 2011-12-24 14:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job
    2014-02-03 18:54 - 2010-10-13 06:22 - 01413639 _____ () C:\Windows\WindowsUpdate.log
    2014-02-03 18:50 - 2014-02-03 18:50 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-02-03 18:50 - 2014-02-03 18:50 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-02-03 18:50 - 2014-01-27 15:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-02-03 18:49 - 2014-02-02 13:35 - 00000672 _____ () C:\Windows\setupact.log
    2014-02-03 18:49 - 2010-12-20 07:02 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-03 18:48 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-03 18:47 - 2014-02-03 17:43 - 00021554 _____ () C:\Windows\PFRO.log
    2014-02-03 18:46 - 2010-12-20 02:29 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-02-03 18:46 - 2010-08-03 06:07 - 00000000 ____D () C:\ProgramData\Norton
    2014-02-03 18:36 - 2010-12-20 07:02 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-03 18:23 - 2014-02-03 18:23 - 00000000 ____D () C:\Windows\ERUNT
    2014-02-03 17:50 - 2009-07-14 05:13 - 00727334 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-03 17:47 - 2012-04-05 06:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-03 17:42 - 2014-02-03 17:38 - 00000000 ____D () C:\AdwCleaner
    2014-02-03 17:32 - 2012-02-28 20:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-02-03 16:54 - 2012-11-21 16:49 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000UA.job
    2014-02-03 16:54 - 2012-11-21 16:49 - 00000890 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job
    2014-02-03 14:32 - 2014-02-03 08:58 - 00000000 ____D () C:\Windows\ERDNT
    2014-02-03 14:32 - 2014-02-02 10:35 - 00003346 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
    2014-02-03 14:32 - 2014-01-31 16:33 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-02-03 14:32 - 2014-01-10 11:39 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2413547309-3373987886-2876452647-1000
    2014-02-03 08:56 - 2014-02-03 08:56 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2014-02-03 08:56 - 2010-12-20 02:27 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-02-02 19:47 - 2012-04-05 06:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-02-02 19:47 - 2012-04-05 06:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-02-02 19:47 - 2011-06-02 17:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-02 13:35 - 2014-02-02 13:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-02-02 10:24 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102447.backup
    2014-02-02 10:23 - 2014-02-02 10:24 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102434.backup
    2014-02-02 10:22 - 2014-02-02 10:23 - 00450712 ____R () C:\Windows\system32\Drivers\etc\hosts.20140202-102303.backup
    2014-02-02 07:34 - 2011-12-24 14:26 - 00000840 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2413547309-3373987886-2876452647-1000Core.job
    2014-01-31 16:39 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-01-27 22:35 - 2010-12-20 23:02 - 00000000 ____D () C:\Users\H\AppData\Local\Apple
    2014-01-27 18:07 - 2014-01-27 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{25C68268-E81B-4740-8445-A0E990FDEBF4}
    2014-01-27 16:37 - 2014-01-27 16:37 - 00002962 _____ () C:\Windows\System32\Tasks\{01CE5DFF-93BC-433A-A3A2-AD28A565E4CC}
    2014-01-27 16:36 - 2014-01-27 16:36 - 00002962 _____ () C:\Windows\System32\Tasks\{4811AC6E-E0BA-42D1-AE43-79B6A205DA26}
    2014-01-27 16:30 - 2014-01-27 16:30 - 00000000 ____D () C:\Users\H\New folder
    2014-01-27 16:29 - 2013-12-20 23:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-01-27 16:07 - 2014-01-27 16:07 - 00002962 _____ () C:\Windows\System32\Tasks\{3C68EB6A-E311-4A85-9BB8-3A43DAC36A9A}
    2014-01-27 16:05 - 2014-01-27 16:05 - 00002962 _____ () C:\Windows\System32\Tasks\{C8BC8C04-C892-4F10-AC08-EE3F6DDDF68A}
    2014-01-27 16:04 - 2011-02-27 18:36 - 00000000 ____D () C:\Program Files\CCleaner
    2014-01-27 16:03 - 2014-01-27 16:03 - 00002962 _____ () C:\Windows\System32\Tasks\{EC44D2C3-C8F6-40EE-93F5-97CDDAA88076}
    2014-01-27 15:43 - 2014-01-27 15:43 - 00282992 _____ (Mozilla) C:\Users\H\Downloads\Firefox Setup Stub 26.0.exe
    2014-01-27 15:19 - 2014-01-27 15:19 - 00002044 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
    2014-01-27 15:19 - 2014-01-27 15:19 - 00001984 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
    2014-01-27 15:18 - 2014-01-27 15:18 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2014-01-27 15:17 - 2014-01-27 15:17 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-01-27 15:10 - 2014-01-27 15:10 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-01-27 15:10 - 2014-01-27 15:10 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-01-27 14:59 - 2013-12-29 11:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
    2014-01-27 14:59 - 2013-03-10 16:53 - 00000000 ___SD () C:\Users\H\Google Drive
    2014-01-27 14:59 - 2012-02-04 12:44 - 00000000 ___RD () C:\Users\H\Dropbox
    2014-01-27 14:59 - 2011-11-02 08:05 - 00000000 ____D () C:\Windows\system32\Drivers\MCLIENTx64
    2014-01-27 14:59 - 2011-01-07 19:49 - 00000000 ____D () C:\Users\H\Downloads\Tor Browser
    2014-01-27 14:59 - 2010-08-03 06:07 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
    2014-01-27 14:58 - 2014-01-07 07:59 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
    2014-01-27 14:58 - 2014-01-04 16:50 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
    2014-01-27 14:58 - 2013-10-23 16:28 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice 4.0.1 (en-US) Installation Files
    2014-01-27 14:58 - 2013-09-22 09:59 - 00000000 ____D () C:\Users\H\Documents\Data from Baoji University Arts and Sciiences Advance Knowledge in Nanoelectronics and Optoelectronics - HispanicBusiness.com_files
    2014-01-27 14:58 - 2013-07-28 13:53 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice 4.0.0 (en-US) Installation Files
    2014-01-27 14:58 - 2013-06-14 08:13 - 00000000 ____D () C:\Users\H\AppData\Local\Viber
    2014-01-27 14:58 - 2013-05-30 11:43 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
    2014-01-27 14:58 - 2013-05-30 11:05 - 00000000 ____D () C:\Users\H\AppData\Roaming\Scribus
    2014-01-27 14:58 - 2013-05-16 18:32 - 00000000 ____D () C:\Users\H\Documents\Old Firefox Data
    2014-01-27 14:58 - 2013-04-07 11:33 - 00000000 ____D () C:\Users\H\AppData\Roaming\vlc
    2014-01-27 14:58 - 2013-01-25 10:30 - 00000000 ____D () C:\Users\H\Documents\karim
    2014-01-27 14:58 - 2012-12-04 07:27 - 00000000 ____D () C:\Users\H\AppData\Roaming\ICAClient
    2014-01-27 14:58 - 2012-10-15 05:55 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.4.1 (en-US) Installation Files
    2014-01-27 14:58 - 2012-09-28 09:51 - 00000000 ____D () C:\Users\H\AppData\Roaming\SMART Technologies
    2014-01-27 14:58 - 2012-07-12 15:19 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.4 (en-US) Installation Files
    2014-01-27 14:58 - 2012-07-12 12:37 - 00000000 ____D () C:\Users\H\Downloads\[ www.TorrentDay.com ] - The.Daily.Show.2012.01.24.Elizabeth.Warren.HDTV.XviD-FQM
    2014-01-27 14:58 - 2012-07-04 07:58 - 00000000 ____D () C:\Users\H\AppData\Local\{BD52D38F-4F0D-4325-BB9E-32223CCB54AA}
    2014-01-27 14:58 - 2012-06-29 05:14 - 00000000 ____D () C:\Users\H\Documents\computer and tech stuff
    2014-01-27 14:58 - 2012-03-23 08:37 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Cloud Networks
    2014-01-27 14:58 - 2012-03-23 08:37 - 00000000 ____D () C:\Users\H\AppData\Local\The_Cloud_Networks
    2014-01-27 14:58 - 2012-03-04 19:58 - 00000000 ____D () C:\Users\H\Downloads\iolo
    2014-01-27 14:58 - 2012-02-24 22:02 - 00000000 ___RD () C:\Users\H\Documents\Insync
    2014-01-27 14:58 - 2012-02-24 22:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Insync
    2014-01-27 14:58 - 2012-02-15 01:34 - 00000000 ____D () C:\Users\H\AppData\Local\{FFFA2FB9-4857-4475-8379-F36343DA5801}
    2014-01-27 14:58 - 2012-02-04 12:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-01-27 14:58 - 2012-02-04 11:20 - 00000000 ____D () C:\Users\H\Documents\greensquare_brain
    2014-01-27 14:58 - 2011-12-24 14:25 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
    2014-01-27 14:58 - 2011-11-18 10:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\ASUS WebStorage
    2014-01-27 14:58 - 2011-11-09 08:43 - 00000000 ____D () C:\Users\H\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}
    2014-01-27 14:58 - 2011-11-01 17:34 - 00000000 ____D () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2014-01-27 14:58 - 2011-09-29 09:43 - 00000000 ____D () C:\Users\H\Documents\ESOL
    2014-01-27 14:58 - 2011-05-07 01:53 - 00000000 ____D () C:\Users\H\Downloads\DeDRM_WinApp_v1.8
    2014-01-27 14:58 - 2011-03-21 06:19 - 00000000 ____D () C:\Users\H\Downloads\OpenOffice.org 3.3 (en-US) Installation Files
    2014-01-27 14:58 - 2011-03-20 21:18 - 00000000 ____D () C:\Users\H\AppData\Roaming\Tor
    2014-01-27 14:58 - 2011-03-11 18:16 - 00000000 ____D () C:\Users\H\Documents\kindle docs
    2014-01-27 14:58 - 2011-03-01 20:08 - 00000000 ____D () C:\Users\H\AppData\Roaming\Spotify
    2014-01-27 14:58 - 2011-02-12 08:31 - 00000000 ____D () C:\Users\H\AppData\Roaming\Real
    2014-01-27 14:58 - 2010-12-22 08:50 - 00000000 ____D () C:\Users\H\Downloads\avast
    2014-01-27 14:58 - 2010-12-21 06:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\SNS
    2014-01-27 14:58 - 2010-12-20 07:02 - 00000000 ____D () C:\Users\H\AppData\Roaming\Skype
    2014-01-27 14:58 - 2010-12-20 04:32 - 00000000 ____D () C:\Users\H\AppData\Roaming\Thunderbird
    2014-01-27 14:58 - 2010-12-20 04:25 - 00000000 ____D () C:\Users\H\AppData\Roaming\Mozilla
    2014-01-27 14:58 - 2010-12-20 04:14 - 00000000 ____D () C:\Users\H\AppData\Roaming\Google
    2014-01-27 14:58 - 2010-12-20 02:27 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-01-27 14:58 - 2010-12-20 02:26 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-01-27 14:58 - 2010-12-20 02:26 - 00000000 ___RD () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-01-27 14:58 - 2010-12-19 22:27 - 00000000 ____D () C:\Users\H\Documents\redist
    2014-01-27 14:58 - 2010-12-19 22:25 - 00000000 ____D () C:\Users\H\Documents\inserts for docs
    2014-01-27 14:57 - 2011-11-02 08:05 - 00000000 ____D () C:\Program Files (x86)\Norton Management
    2014-01-27 14:57 - 2010-08-03 06:34 - 00000000 ___HD () C:\OEM
    2014-01-27 14:57 - 2010-08-03 06:05 - 00000000 ____D () C:\ProgramData\Symantec
    2014-01-27 14:57 - 2010-08-03 06:05 - 00000000 ____D () C:\Program Files (x86)\Symantec
    2014-01-27 14:57 - 2010-08-03 05:46 - 00000000 ____D () C:\Intel
    2014-01-27 14:54 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
    2014-01-27 14:52 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-01-27 14:49 - 2010-12-19 22:26 - 00000000 ____D () C:\Users\H\Documents\ptlls
    2014-01-27 14:48 - 2014-01-17 18:50 - 00000000 ____D () C:\Users\H\AppData\Roaming\Oxford University Press
    2014-01-27 14:48 - 2013-07-28 14:08 - 00000000 ____D () C:\Users\H\AppData\Roaming\OpenOffice
    2014-01-27 14:48 - 2012-07-08 14:07 - 00000000 ____D () C:\Users\H\AppData\Roaming\RealNetworks
    2014-01-27 14:48 - 2012-02-04 11:42 - 00000000 ____D () C:\Users\H\AppData\Roaming\XMind
    2014-01-27 14:48 - 2012-01-12 10:02 - 00000000 ____D () C:\Users\H\Documents\ESOL EFL CD
    2014-01-27 14:48 - 2012-01-08 10:51 - 00000000 ____D () C:\Users\H\Documents\New folder
    2014-01-27 14:48 - 2011-11-08 10:48 - 00000000 ____D () C:\Users\H\AppData\Roaming\SoftGrid Client
    2014-01-27 14:48 - 2011-10-20 20:39 - 00000000 ____D () C:\Users\H\Documents\Fax
    2014-01-27 14:48 - 2011-04-26 18:43 - 00000000 ____D () C:\Users\H\AppData\Roaming\Transparent
    2014-01-27 14:48 - 2011-01-25 03:21 - 00000000 ____D () C:\Users\H\Documents\CLASSWORK
    2014-01-27 14:48 - 2010-12-21 04:15 - 00000000 ____D () C:\Users\H\AppData\Roaming\Trusteer
    2014-01-27 14:48 - 2010-12-20 04:51 - 00000000 ____D () C:\Users\H\AppData\Roaming\OpenOffice.org
    2014-01-27 14:48 - 2010-12-19 22:26 - 00000000 ____D () C:\Users\H\Documents\javamail-1.4.3
    2014-01-27 14:46 - 2013-11-21 21:19 - 00000000 ____D () C:\Users\H\AppData\Local\TomTom
    2014-01-27 14:46 - 2012-02-24 22:00 - 00000000 ____D () C:\Users\H\AppData\Roaming\Insync
    2014-01-27 14:46 - 2012-02-04 12:41 - 00000000 ____D () C:\Users\H\AppData\Roaming\Dropbox
    2014-01-27 14:46 - 2011-04-21 06:20 - 00000000 ____D () C:\Users\H\AppData\Local\Trusteer
    2014-01-27 14:46 - 2010-12-22 23:46 - 00000000 ____D () C:\Users\H\AppData\Roaming\Hemera
    2014-01-27 14:46 - 2010-12-20 04:03 - 00000000 ____D () C:\Users\H\AppData\Roaming\Adobe
    2014-01-27 14:46 - 2010-12-20 02:27 - 00000000 ____D () C:\Users\H\AppData\Roaming\Macromedia
    2014-01-27 14:46 - 2010-12-20 02:27 - 00000000 ____D () C:\Users\H\AppData\Local\VirtualStore
    2014-01-27 14:43 - 2011-02-12 08:42 - 00000000 ____D () C:\ProgramData\Real
    2014-01-27 12:34 - 2014-01-27 12:34 - 00000000 ___HD () C:\Users\H\AppData\Roaming\AVAST Software
    2014-01-27 12:28 - 2014-01-27 12:28 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-01-27 12:27 - 2014-01-27 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iTunes
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files\iPod
    2014-01-25 18:06 - 2014-01-25 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-01-25 18:04 - 2014-01-25 18:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files\Bonjour
    2014-01-25 18:03 - 2014-01-25 18:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-01-25 18:02 - 2010-12-20 23:02 - 00000000 ____D () C:\ProgramData\Apple
    2014-01-25 17:55 - 2014-01-25 17:52 - 148904784 _____ (Apple Inc.) C:\Users\H\Downloads\iTunes64Setup.exe
    2014-01-25 17:32 - 2011-02-27 14:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-01-25 09:55 - 2014-01-25 09:55 - 05341472 _____ (Dll-Files.com ) C:\Users\H\Downloads\dffsetup-msvcr80.exe
    2014-01-23 08:29 - 2010-12-20 23:04 - 00000000 ___HD () C:\Users\H\AppData\Roaming\Apple Computer
    2014-01-22 20:37 - 2010-12-21 04:15 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
    2014-01-20 17:27 - 2014-01-20 17:26 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
    2014-01-20 10:27 - 2014-01-20 09:58 - 00000000 ___HD () C:\Users\H\AppData\Local\LogMeIn Rescue Applet
    2014-01-18 16:55 - 2010-12-21 04:53 - 00000000 ___HD () C:\Users\H\AppData\Local\Adobe
    2014-01-18 10:33 - 2014-01-04 16:50 - 00000000 ____D () C:\Users\H\AppData\Local\Amazon Cloud Player
    2014-01-17 18:50 - 2014-01-17 18:50 - 00000000 ___HD () C:\Users\H\AppData\Local\Oxford University Press
    2014-01-17 18:09 - 2014-01-17 18:09 - 00001629 _____ () C:\Users\Public\Desktop\English File third edition Elementary.lnk
    2014-01-17 18:08 - 2014-01-17 18:08 - 00000000 ____D () C:\Program Files (x86)\Oxford University Press
    2014-01-16 08:02 - 2009-07-14 04:45 - 00338160 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-01-16 01:53 - 2013-10-17 20:57 - 00000000 ____D () C:\ProgramData\Oracle
    2014-01-16 01:50 - 2014-01-16 01:49 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
    2014-01-16 01:50 - 2011-01-03 08:25 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-01-15 21:43 - 2013-07-16 05:48 - 00000000 ____D () C:\Windows\system32\MRT
    2014-01-15 21:33 - 2010-12-20 02:52 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-01-13 11:44 - 2011-11-08 10:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
    2014-01-06 19:23 - 2014-01-06 19:23 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
    2014-01-05 17:43 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-01-04 16:49 - 2014-01-04 16:49 - 36152456 _____ (Amazon) C:\Users\H\Downloads\AmazonCloudPlayerInstaller_399.exe
    2014-01-04 16:20 - 2011-03-01 20:08 - 00000000 ___HD () C:\Users\H\AppData\Local\Spotify
    2014-01-04 16:19 - 2011-03-01 20:08 - 00001785 _____ () C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2014-01-04 16:09 - 2011-03-01 20:07 - 31412160 _____ (Spotify Ltd) C:\Users\H\Downloads\Spotify Installer.exe

    Some content of TEMP:
    ====================
    C:\Users\H\AppData\Local\Temp\Quarantine.exe
    C:\Users\H\AppData\Local\Temp\tbuTo2.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-29 09:55
    ================ End Of Log ============================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •