1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop-ups since Grandson used computer

Discussion in 'Virus & Other Malware Removal' started by LoisM, Feb 23, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    My grandson used my laptop. Now, I cannot find Google, there are pop-ups, browser re-directs, and it is running very slow. I think I've followed the instructions, but one program only printed gibberage. I could not post all of it...it was too long. If I did something wrong, please tell me and I will do it correctly. I don't know enough about computers to fix anything. Thank you for your help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:07:23 PM, on 2/23/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal
    Running processes:
    C:\Program Files\Webroot\WRSA.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\gareth\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN11762455006729261&ctid=CT3279141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Unfriend Checker - {09942569-D515-42BE-9F5A-A439B20F91AB} - C:\Program Files (x86)\Unfriend Checker\uc.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
    O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -rem
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93AD97A3-C8E7-4E28-8B03-335316B9E86B}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
    O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
    --
    End of file - 11776 bytes

    MZ   ÿÿ ¸ @ Ø º ´ Í!¸LÍ!This program cannot be run in DOS mode.
    $ 1¸„:uÙêiuÙêiuÙêi¶ÖµiwÙêiuÙëiîÙêi¶Ö·idÙêi!úÚiÙêi²ßìitÙêiRichuÙêi PE L ÆãK à   P  À ` Ð  @      0  Í  €      Ø+   Ø UPX0 À   € àUPX1 P Ð F  @ à.rsrc    J @ À 3.07 UPX!
    ¾Çüx½
    ‚û TD Š & ¦ÿ÷ÿU‹ìƒì\ƒ} t+F‹Eu
    ƒH‹
    ¨>Bÿ¿lÿ ‰HPÿu ÿ[email protected] é uS݌}÷V‹5°E¤WPLƒeôíæl»1E äP‹}ð¿ý±·ðDp; ï¶FRVV¯Uuÿ¿ýè‹Ï+MèÁ‰M™÷ÿ3ҊðQùÛÍNUMèÁ‹Ê1T»vé>ŠÈPE3Áá×m··À ÈsôPBø¢p‡™åìrEðPˆ TßÞ¾½ÿÓè9}qŒwÿ ƒ~Xÿºûteÿv4½5…À3tnÛ¶/jWÇ:« èî"Ý͹*Ê )XWKpÛg›ÛÿXÖðh -P¹gWøjÿh 6%Xr ¿9Yˆw¤\_^3À[ÉÛßð·Â_‹L$¡ÈF‹ÑSiÒAVûÝÿÿW‹TöÂtOq3ÿ;5ÌsB‹Îiɼ}YþD‹ÁGët Ûÿö/BO…Ét ë
    u ‹Ù3ڃã9Ù´Û³÷‰F1ArÊt[Â…wÃ7îQQ‹U¿òiö˜{À3ÉóW?üB‹F¨^~ìö 9M t$¾B‰;„D‹ÂiÀ°ðýG|B‹‡
    ,RÛËö÷#ëu(›@ÿEüµwÍtë ø;A‹Ðr¼ùÛ7
    ͈û,lü tóø·ù/ƒN@ë狀áƒÉ‰ëÙ?ö? V3öƒù s49Èv,Pö¿ð $¨uGÓç…züt ~^°ÿ$þ‰FÂóÙò[Ù?á ¡&shy;seùZám†”ØB=#¼ïð+üß3Û9tK;ßsEÕrƒÆ5¶&shy;°d„b(ý&shy;pÛ <˜¦‹¾@ƒâÓàì…w¿«ü#ȋÁÓâ;ÂvCÆxw[w{ßrÆt
    ÷ƒVã rŸßÚîmCüóŠ‹DÓN}@¹ÁmøÛ @eÁà
    +ÈQ;Jِq³ôvt$öj‹ÆxÐkÀtÜ]¸øƒ8C\P!0=¯ÿökœ iCu@FëH‹£ãÛÛð+&|$ ž/Œ{jv7ž{w5th0u
    u0q³±u/Ph¡ÿe…DÞ¯a{…ö}’Î^Š¸[ëõ»ïîÐ|'Ctlj…™hpŸ°sŽŸË? Qì¤o8^MÊ¡"JØWjc»°ðY}ØNÌKó¥ñÜcÿûmàš‹úÁæ
    ë‰]üÁç
    ñùMû…ïú܉


    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-23 15:31:12
    Windows 6.1.7601 Service Pack 1 x64
    Running: ns8ou75i.exe

    ---- Registry - GMER 2.1 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dcd22af
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dcd22af (not active ControlSet)
    ---- EOF - GMER 2.1 ----
     
  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi and welcome to TSG.

    My name is Iain and I will be helping you clean your system.

    You may wish to Subscribe to this thread (bottom left corner of this thread) so that you are notified when you receive a reply.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

    If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

    Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 3 days I shall no longer check this thread for replies.

    Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


    IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.




    Combofix
    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

    You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

    Please include the log C:\ComboFix.txt in your next reply for further review.
     
  3. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Dear Iain, Thank you for your help. It may take me a day longer to reply because I have to drive to my sister's home for her to help me understand your instructions. Here is the Combo Fix text. Thank you again! :):)

    ComboFix 13-02-26.01 - gareth 02/26/2013 19:01:59.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2676 [GMT -6:00]
    Running from: c:\users\gareth\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\FunWebProducts
    c:\program files (x86)\MyWebSearch
    c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
    c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
    c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
    c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
    c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
    c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
    c:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S
    c:\program files (x86)\Unfriend Checker\uc.Dll
    c:\windows\SysWow64\pt
    c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
    c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
    c:\windows\TEMP\WRusr.dll-659416-0.tmp
    c:\windows\TEMP\WRusr.dll-659416-1.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_MyWebSearchService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-27 01:09 . 2013-02-27 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-27 00:09 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE230E73-570E-4598-8BFB-007C49DE53DD}\mpengine.dll
    2013-02-17 02:22 . 2013-02-17 02:22 -------- d-----w- C:\components
    2013-02-17 01:28 . 2013-02-17 01:28 -------- d-----w- c:\users\gareth\AppData\Local\VisualBeeClient
    2013-02-17 01:26 . 2013-02-17 01:26 -------- d-----w- c:\users\gareth\AppData\Local\VisualBeeExe
    2013-02-17 01:20 . 2013-02-17 01:26 -------- d-----w- c:\programdata\VisualBee
    2013-02-16 22:50 . 2013-02-06 23:06 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
    2013-02-16 22:50 . 2013-02-16 22:51 -------- d-----w- c:\programdata\Sendori
    2013-02-16 22:50 . 2013-02-16 22:50 -------- d-----w- c:\program files (x86)\Sendori
    2013-02-16 22:50 . 2013-02-27 01:08 -------- d-----w- c:\program files (x86)\Unfriend Checker
    2013-02-16 22:49 . 2013-02-16 22:49 -------- d-----w- c:\users\gareth\AppData\Local\SwvUpdater
    2013-02-16 22:49 . 2013-02-16 22:49 -------- d-----w- c:\program files (x86)\Conduit
    2013-02-16 22:48 . 2013-02-17 02:23 -------- d-----w- c:\users\gareth\AppData\Local\Conduit
    2013-02-16 22:37 . 2013-01-17 07:28 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-16 21:59 . 2013-02-16 21:59 -------- d-----w- c:\windows\SysWow64\Extensions
    2013-02-16 21:59 . 2013-02-16 21:59 -------- d-----w- c:\windows\SysWow64\searchplugins
    2013-02-16 21:58 . 2013-02-16 21:58 -------- d-----w- c:\users\gareth\AppData\Roaming\Babylon
    2013-02-16 21:58 . 2013-02-16 21:58 -------- d-----w- c:\programdata\Babylon
    2013-02-16 21:58 . 2013-02-16 21:58 -------- d-----w- c:\program files (x86)\Vittalia
    2013-02-16 21:23 . 2012-12-07 05:42 2155248 ----a-w- c:\windows\system32\Incinerator64.dll
    2013-02-16 21:23 . 2012-12-07 05:42 2097032 ----a-w- c:\windows\SysWow64\Incinerator32.dll
    2013-02-16 21:23 . 2012-12-07 05:35 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
    2013-02-16 21:23 . 2012-12-07 05:58 57144 ----a-w- c:\windows\system32\iolobtdfg.exe
    2013-02-16 21:23 . 2012-12-07 05:57 25744 ----a-w- c:\windows\system32\smrgdf.exe
    2013-02-16 21:23 . 2012-12-07 05:35 69000 ----a-w- c:\windows\system32\offreg.dll
    2013-02-16 21:23 . 2012-12-07 05:35 56200 ----a-w- c:\windows\SysWow64\offreg.dll
    2013-02-16 21:22 . 2013-02-16 21:22 -------- d-----w- c:\program files (x86)\iolo
    2013-02-16 21:21 . 2012-12-07 05:35 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
    2013-02-16 21:21 . 2013-02-16 21:21 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
    2013-02-16 21:20 . 2013-02-16 21:20 -------- d-----w- C:\iolo
    2013-02-16 21:13 . 2013-02-16 21:33 -------- d-----w- c:\programdata\iolo
    2013-02-16 21:13 . 2013-02-16 21:30 -------- d-----w- c:\users\gareth\AppData\Roaming\iolo
    2013-02-13 17:08 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 17:08 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 16:27 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-13 16:27 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-13 16:27 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-13 16:27 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-13 16:27 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-13 16:27 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-13 16:27 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-13 16:27 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-13 16:27 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 01:10 . 2012-02-27 02:30 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
    2013-02-05 04:49 . 2012-03-13 20:15 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-04 04:43 . 2013-02-13 16:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 17:38 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 17:38 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 17:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 17:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-07 13:20 . 2013-01-09 13:30 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-09 13:30 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-09 13:30 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-09 13:30 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-09 13:30 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-09 13:30 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-09 13:30 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-09 13:30 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-09 13:30 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-09 13:30 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-09 13:30 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-09 13:30 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-09 13:30 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-09 13:30 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-09 13:30 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-09 13:30 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-09 13:30 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-09 13:30 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-09 13:30 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-09 13:30 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-09 13:30 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-09 13:30 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-09 13:30 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-09 13:30 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-09 13:30 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-09 13:30 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-09 13:30 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-09 13:30 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-09 13:30 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-09 13:30 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-09 13:30 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-09 13:30 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-09 13:30 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-09 13:30 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-09 13:30 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-09 13:30 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-09 13:30 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-09 13:30 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-09 13:30 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-09 13:30 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-09 13:30 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-09 13:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 03:23 . 2013-01-09 13:30 338432 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38 . 2013-01-09 13:30 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AROReminder"="c:\program files (x86)\ARO 2012\ARO.exe" [2012-07-27 2553752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
    "SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-02-06 83232]
    .
    c:\users\gareth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-11-3 549040]
    FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe [2011-12-27 12862]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-12-07 30752]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-04 379520]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2013-02-06 119072]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-09-08 92800]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-12-07 1053184]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-12-07 82160]
    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2013-02-06 15136]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2013-02-06 3623200]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-09-16 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-27 c:\windows\Tasks\AmiUpdXp.job
    - c:\users\gareth\AppData\Local\SwvUpdater\Updater.exe [2013-02-16 22:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-16 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-16 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-16 416024]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN11762455006729261&ctid=CT3279141
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B}\65562796A7F6E602D496649623230303021353545402355636572756: NameServer = 192.168.1.1
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE "%1"
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
    BHO-{09942569-D515-42BE-9F5A-A439B20F91AB} - c:\program files (x86)\Unfriend Checker\uc.dll
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
    89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
    "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2,
    03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de
    "{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5,
    04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
    02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
    "{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2,
    03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de
    "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"=hex:51,66,7a,6c,4c,1d,38,12,94,e0,d5,
    0f,dd,36,e8,0d,fb,3a,19,52,5d,9a,01,4e
    "{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
    18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
    bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
    "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
    d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:ce,83,92,c9,d1,a6,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\Splendid\ACMON.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\windows\SysWOW64\ACEngSvr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\Sendori\SendoriUp.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-26 19:18:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-27 01:18
    .
    Pre-Run: 78,314,876,928 bytes free
    Post-Run: 78,176,804,864 bytes free
    .
    - - End Of File - - AD12FE2EA54DD9CEFC9DF9CE6C2639C4
     
  4. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    I don&#8217;t think you have too much to worry about. I suspect that your grandson was trying to play games and unknowingly received adware for his trouble.


    Please go to: VirusTotal

    • Make sure the 'Upload a file' tab is selected.
    • To the right of the page you'll find a "Choose File" button.

      [​IMG]

      Click the "Choose File" button and browse to this file in RED:

      c:\windows\SysWow64\acovcnt.exe

    • Then click the blue "Scan it!" button in the middle of the VirusTotal page.
    • If you receive a message saying the File has already been analyzed click Reanalyze file now.
    • This will scan the file. Please be patient.
    • Once scanned, copy and paste the results in your next reply.



    Download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.
    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
     
  5. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Dear Glaswegian,

    Thank you so much for your help. The link to "VirusTotal" did not work in your message, but we were able to find it with Goggle. Here are the logs you requested, and thank you again. Knowing it was not bad was encouraging to me. :)

    ssdeep
    384:eswH94Z+gT87cSDxeHlxpCjkDADNZop8ZYNniy91AI1ZQSrS9E5l1wX:OHE5g7p8xQrN8niLI1ZQSeu5lG

    TrID
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)


    PEiD packer identifier
    Armadillo v1.71

    ExifTool
    MIMEType.................: application/octet-stream
    Subsystem................: Windows GUI
    MachineType..............: Intel 386 or later, and compatibles
    TimeStamp................: 2005:04:07 14:47:39+01:00
    FileType.................: Win32 EXE
    PEType...................: PE32
    CodeSize.................: 20480
    LinkerVersion............: 6.0
    EntryPoint...............: 0x1613
    InitializedDataSize......: 28672
    SubsystemVersion.........: 4.0
    ImageVersion.............: 0.0
    OSVersion................: 4.0
    UninitializedDataSize....: 0

    Portable Executable structural information
    Compilation timedatestamp.....: 2005-04-07 13:47:39
    Target machine................: Intel 386 or later processors and compatible processors
    Entry point address...........: 0x00001613
    PE Sections...................:
    Name Virtual Address Virtual Size Raw Size Entropy MD5
    .text 4096 20198 20480 6.60 f7aa46b67e4004a80db01ad39b5c4bd7
    .rdata 24576 2866 4096 4.20 f3ceef6b97b6aad02714644497ad4da9
    .data 28672 16700 12288 0.56 af4abe2835a3f5bf87330b627a696dbf
    .rsrc 49152 192 4096 0.14 c85d6206afcdfed0fe16bdc48441d945
    PE Imports....................:
    [[ADVAPI32.dll]]
    RegSetValueExA, RegCloseKey, RegDeleteValueA, RegCreateKeyA
    [[KERNEL32.dll]]
    GetLastError, HeapFree, GetStdHandle, LCMapStringW, SetHandleCount, SetEvent, LCMapStringA, HeapDestroy, ExitProcess, GetVersionExA, GetEnvironmentStringsW, FlushFileBuffers, GetModuleFileNameA, RtlUnwind, LoadLibraryA, FreeEnvironmentStringsA, GetStartupInfoA, GetEnvironmentStrings, GetCPInfo, UnhandledExceptionFilter, MultiByteToWideChar, FreeEnvironmentStringsW, GetCommandLineA, GetProcAddress, SetStdHandle, SetFilePointer, WideCharToMultiByte, GetStringTypeA, GetModuleHandleA, WriteFile, GetCurrentProcess, CloseHandle, GetACP, HeapReAlloc, GetStringTypeW, GetOEMCP, TerminateProcess, GetEnvironmentVariableA, HeapCreate, VirtualFree, CreateEventA, GetFileType, HeapAlloc, GetVersion, VirtualAlloc
    [[ole32.dll]]
    CoInitializeEx, CoUninitialize
    [[USER32.dll]]
    GetMessageA, CreateWindowExA, LoadCursorA, LoadIconA, LoadStringA, DispatchMessageA, TranslateAcceleratorA, PostQuitMessage, TranslateMessage, DefWindowProcA, RegisterClassExA
    [[DDRAW.dll]]
    DirectDrawCreateEx
    PE Resources..................:
    Resource type Number of resources
    RT_STRING 1
    Resource language Number of resources
    CHINESE TRADITIONAL 1

    Symantec Reputation
    Suspicious.Insight

    ClamAV PUA Engine
    Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.

    First seen by VirusTotal
    2007-02-24 16:04:15 UTC ( 6 years ago )

    Last seen by VirusTotal
    2013-03-02 20:22:29 UTC ( 2 minutes ago )

    File names (max. 25)
    1. acovcnt.exe
    2. acovcnt.exo
    3. 1acovcnt.exe
    4. acovcnt.vxe
    5. 92B5341C00A6C273B02B008F34ABFF0022BA03A5.exe
    6. acovcnt.texe
    7. DPYGMWPDRM-603.pms.exe.SVD
    8. smona_aaf659e3d38ad04848a9c3ed6250b30dc13acc8ac9f527a11f0c14e6ec8735b2.bin
    9. acovcnt_****you.exe
    10. acovcnt.ex
    11. 6BCAF46E2B7FA9ACE92B4D39F3037C5C
    12. acovcnt.ex_
    13. 6bcaf46e2b7fa9ace92b4d39f3037c5c6d5a81e3cf59832d73f28d6e87f51d073c3e409545056.exe
    14. acovcnt.exe
    15. acovcnt.exe
    16. acovcnt.exe_txt
    17. acovcnt.exe
    18. acovcnt.ex0
    19. s
    20. acovcnt.exe
    21. acovcnt.exe
    22. acovcnt.exe_


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.03.02.12
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    gareth :: GARETH-PC [administrator]
    3/2/2013 3:27:16 PM
    mbam-log-2013-03-02 (15-27-16).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217269
    Time elapsed: 2 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 6
    HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
    HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 4
    C:\Users\gareth\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
    C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
     
  6. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Apologies - I must have missed your reply. I shall correct the VT link - thanks.

    How is your system running now?

    Let's run an online scan to check for remnants.

    Go here to run an online scannner from ESET. Vista and Windows 7 users - run as Administrator.
    • Note: You will need to use Internet explorer for this scan. For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open..
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic and also let me know how things are now.
     
  7. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Dear Glaswegian, I am sorry it has taken me two days to respond. I have to drive to my sister's house for her help. My computer is still very slow...and when my sister tried to run System Mechanics, it stayed at a low overall status. I started ESET Scan 2 hours and forty five minutes ago...the Target seem to be stuck on one file, but the files scanned are continuing to change....it says there are 53 infected files. Should it take this long to scan? I'm afraid to stop it. Thank you again for you help. :eek:
     
  8. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Dear Glaswegian,

    I am not sure if the ESET scan completed correctly. It was running so slowly. After over 3 hours, it showed it was only 47% completed....so we started task manager to see what programs were running simultaenously. It only showed ESET scan. When I turned task manager off, it said the scan was complete...the log only had 3 lines..so I also copied the infected files it showed...here are the results.. Thank you again for all of your help. Also, do you know why System Mechanics cannot repair? It mentioned something about Malware bytes. :(

    [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
    C:\ProgramData\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/FunWeb application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/FunWeb application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir a variant of Win32/Toolbar.MyWebSearch.G application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/FunWeb application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/FunWeb application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir a variant of Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
    C:\Users\All Users\VisualBee\VisualBeeSoftware.exe a variant of Win32/Toolbar.Babylon.A application
    C:\Users\gareth\AppData\Local\VisualBeeExe\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A application
    C:\Users\gareth\AppData\LocalLow\FunWebProducts\Installr\Cache\00C9963A.exe a variant of Win32/Toolbar.MyWebSearch.O application
    C:\Users\gareth\Downloads\PopularScreenSavers.exe Win32/AdInstaller application
    C:\Users\gareth\Downloads\SoftonicDownloader_for_webshots-desktop.exe a variant of Win32/SoftonicDownloader.E application
    D:\GARETH-PC\Backup Set 2012-11-08 133125\Backup Files 2012-11-08 133125\Backup files 10.zip multiple threats
    D:\GARETH-PC\Backup Set 2012-11-08 133125\Backup Files 2012-11-08 133125\Backup files 12.zip a variant of Win32/Toolbar.MyWebSearch.O application
    D:\GARETH-PC\Backup Set 2012-11-08 133125\Backup Files 2012-11-08 133125\Backup files 13.zip Win32/AdInstaller application
    D:\GARETH-PC\Backup Set 2012-11-08 133125\Backup Files 2012-11-08 133125\Backup files 25.zip Win32/Toolbar.MyWebSearch application
    D:\GARETH-PC\Backup Set 2012-11-08 133125\Backup Files 2013-01-06 211807\Backup files 1.zip Win32/AdInstaller application
    D:\GARETH-PC\Backup Set 2013-01-27 211526\Backup Files 2013-02-10 212632\Backup files 1.zip multiple threats
    D:\GARETH-PC\Backup Set 2013-01-27 211526\Backup Files 2013-02-10 212632\Backup files 17.zip Win32/Toolbar.MyWebSearch application
    D:\GARETH-PC\Backup Set 2013-01-27 211526\Backup Files 2013-02-10 212632\Backup files 4.zip multiple threats
    D:\GARETH-PC\Backup Set 2013-01-27 211526\Backup Files 2013-02-17 214138\Backup files 1.zip a variant of Win32/Toolbar.Babylon.A application
    D:\GARETH-PC\Backup Set 2013-01-27 211526\Backup Files 2013-02-17 214138\Backup files 2.zip multiple threats
    D:\GARETH-PC\Backup Set 2013-03-03 211538\Backup Files 2013-03-03 211538\Backup files 10.zip Win32/Toolbar.MyWebSearch application
    D:\GARETH-PC\Backup Set 2013-03-03 211538\Backup Files 2013-03-03 211538\Backup files 11.zip multiple threats
    D:\GARETH-PC\Backup Set 2013-03-03 211538\Backup Files 2013-03-03 211538\Backup files 12.zip multiple threats
    D:\GARETH-PC\Backup Set 2013-03-03 211538\Backup Files 2013-03-03 211538\Backup files 13.zip multiple threats
     
  9. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    What Eset found is safely held in Quarantine - and we'll deal with that later.

    I have no time for programmes like System Mechanic - I personally do not believe they make much difference and in fact can cause more problems than they fix.

    Please follow the instructions here

    http://captaindbg.com/sfc-scannow-to-repair-windows-7-files/

    to run the System File Checker. Do NOT run a Repair Install.

    Please report back and let me know if any files were replaced.



    Then I'd like to see a DDS log please.

    [​IMG]
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.


    Please include the following logs in your thread:
    • Contents of the DDS.txt posted as text in your reply
    • Attach the Attach.txt to your post by clicking the Manage Attachments button under Additional Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.
     
  10. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Glaswegian,

    Thank you again....I followed the steps but I could not read the CBS log. It gave me three messages that the log could not be opened. We do not have the Windows Disk to repair Windows right now. She will have to check with her son-in-law who bought the computer for her. I've attached the Attach.txt, and here are the contents of the dds.txt file.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by gareth at 18:45:01 on 2013-03-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2579 [GMT -6:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://asus.msn.com
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    BHO: {09942569-D515-42BE-9F5A-A439B20F91AB} - <orphaned>
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [AROReminder] C:\Program Files (x86)\ARO 2012\ARO.exe -rem
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
    mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    StartupFolder: C:\Users\gareth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B}\2456C6B696E6F5E4F575962756C6563737F5736454933413 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B}\65562796A7F6E602D496649623230303021353545402355636572756 : NameServer = 192.168.1.1
    TCP: Interfaces\{93AD97A3-C8E7-4E28-8B03-335316B9E86B}\65562796A7F6E602D496649623230303021353545402355636572756 : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-2-16 30752]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-12-27 379520]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-2-6 119072]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-9-8 92800]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-2-16 1053184]
    R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-2-16 82160]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-2-6 15136]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-2-6 3623200]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-27 2656280]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-17 317440]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-10-17 76912]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-17 74840]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-3 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-10 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
    FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
    .
    =============== Created Last 30 ================
    .
    2013-03-08 00:27:03 -------- d-----w- C:\Windows\SysWow64\pt
    2013-03-07 00:28:05 -------- d-----w- C:\Program Files (x86)\ESET
    2013-03-06 21:58:23 -------- d-----w- C:\Users\gareth\AppData\Local\{68A6CF25-FF01-4673-8496-BE4922E6666B}
    2013-03-05 20:36:05 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{91A15E2F-436C-4CA1-9C88-4D4EB029361F}\mpengine.dll
    2013-03-02 21:23:08 -------- d-----w- C:\Users\gareth\AppData\Roaming\Malwarebytes
    2013-03-02 21:22:50 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-03-02 21:22:20 -------- d-----w- C:\Users\gareth\AppData\Local\Programs
    2013-02-27 01:12:57 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-02-27 00:59:50 98816 ----a-w- C:\Windows\sed.exe
    2013-02-27 00:59:50 256000 ----a-w- C:\Windows\PEV.exe
    2013-02-27 00:59:50 208896 ----a-w- C:\Windows\MBR.exe
    2013-02-27 00:59:46 -------- d-----w- C:\ComboFix
    2013-02-23 00:34:32 -------- d-----w- C:\Users\gareth\AppData\Local\{B9EB00B2-C20F-4A16-ACBB-6F85BAD4ADA7}
    2013-02-19 14:46:30 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-02-17 02:22:11 -------- d-----w- C:\components
    2013-02-17 01:28:23 -------- d-----w- C:\Users\gareth\AppData\Local\VisualBeeClient
    2013-02-17 01:26:19 -------- d-----w- C:\Users\gareth\AppData\Local\VisualBeeExe
    2013-02-17 01:20:17 -------- d-----w- C:\ProgramData\VisualBee
    2013-02-16 22:50:57 325920 ----a-w- C:\Windows\SysWow64\Sendori.dll
    2013-02-16 22:50:54 -------- d-----w- C:\ProgramData\Sendori
    2013-02-16 22:50:51 -------- d-----w- C:\Program Files (x86)\Sendori
    2013-02-16 22:50:05 -------- d-----w- C:\Program Files (x86)\Unfriend Checker
    2013-02-16 22:49:51 -------- d-----w- C:\Users\gareth\AppData\Local\SwvUpdater
    2013-02-16 22:49:28 -------- d-----w- C:\Program Files (x86)\Conduit
    2013-02-16 22:48:20 -------- d-----w- C:\Users\gareth\AppData\Local\Conduit
    2013-02-16 22:37:32 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-02-16 21:59:56 -------- d-----w- C:\Windows\SysWow64\Extensions
    2013-02-16 21:59:55 -------- d-----w- C:\Windows\SysWow64\searchplugins
    2013-02-16 21:58:57 -------- d-----w- C:\Users\gareth\AppData\Roaming\Babylon
    2013-02-16 21:58:57 -------- d-----w- C:\ProgramData\Babylon
    2013-02-16 21:58:25 -------- d-----w- C:\Program Files (x86)\Vittalia
    2013-02-16 21:48:34 -------- d-----w- C:\Users\gareth\AppData\Local\{D61D2289-AB14-4BF3-9355-806C7A262E98}
    2013-02-16 21:23:03 2155248 ----a-w- C:\Windows\System32\Incinerator64.dll
    2013-02-16 21:23:03 2097032 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
    2013-02-16 21:23:01 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
    2013-02-16 21:23:00 69000 ----a-w- C:\Windows\System32\offreg.dll
    2013-02-16 21:23:00 57144 ----a-w- C:\Windows\System32\iolobtdfg.exe
    2013-02-16 21:23:00 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
    2013-02-16 21:23:00 25744 ----a-w- C:\Windows\System32\smrgdf.exe
    2013-02-16 21:22:59 -------- d-----w- C:\Program Files (x86)\iolo
    2013-02-16 21:21:03 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
    2013-02-16 21:21:01 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
    2013-02-16 21:20:42 -------- d-----w- C:\iolo
    2013-02-16 21:13:03 -------- d-----w- C:\Users\gareth\AppData\Roaming\iolo
    2013-02-16 21:13:03 -------- d-----w- C:\ProgramData\iolo
    2013-02-13 17:08:36 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 17:08:36 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-13 16:27:07 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-13 16:27:05 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-13 16:27:05 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-13 16:27:05 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-13 16:27:05 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-13 16:27:05 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-13 16:27:05 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-13 16:27:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-13 16:27:03 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-12 19:25:00 -------- d-----w- C:\Users\gareth\AppData\Local\{2ECFE2FC-0C4E-47C5-92DF-707A3B2A95F4}
    2013-02-12 02:31:02 -------- d-----w- C:\Users\gareth\AppData\Local\{45850790-F93A-41A0-B455-BF4C038366ED}
    .
    ==================== Find3M ====================
    .
    2013-03-08 00:00:56 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    .
    ============= FINISH: 18:46:07.10 ===============
     

    Attached Files:

  11. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Glaswegian, we are removing her files and pictures tonight. And will try to get the Windows disk tomorrow. The other things you ask us to do are below. :)
     
  12. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
  13. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Hi Glaswegian,

    We removed Sendori. Now, what should we do?
     
  14. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi

    How is your system running now?

    Let's run this scanner


    Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

    Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.

    [​IMG]

    • If Malicious objects are found, ensure Skip is selected


    • Click Continue then click Reboot now

      [​IMG]

    • Once complete, a log will be produced at the root drive which is typically C:\

      For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

    Please attach that log.
     
  15. LoisM

    LoisM Thread Starter

    Joined:
    Feb 23, 2013
    Messages:
    11
    Glaswegian,

    The computer seems to be running much faster now, and Explorer is working correctly. I've attached the TDSS file you requested. In the beginning, you mentioned some files that were quarantined. Will we remove them also? Thank you again for your time and expertise.
     

    Attached Files:

  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090733

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice