Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

JS/Redirect.CH and TR/Crypt.ZPACK.Gen8 - help please! [Solved]

Started by f1charlie , Jan 22 2013 03:24 AM

  • This topic is locked This topic is locked

#1
f1charlie
Posted 22 January 2013 - 03:24 AM

f1charlie

    Member

  • Member
  • PipPip
  • 14 posts
Hi,

I hope one of you clever guys will be able to help me.

My computer has several user accounts and Avira detected JS/Redirect.CH in
C:\Users\Rachel\Appdata\Local\702331b6-0878-4f3e-8294-0e67b4b2fa03.crx. I instructed Avira to quarantine the file.

Shortly after, Avira reported blocking TR/Crypt.ZPACK.Gen8 in C:\Users\Rachel\Appdata\Roaming\arosv.dll, murtf.dll and cakrec.dll. I instructed Avira to quarantine these.

I looked in C:\Users\Rachel\Appdata\Roaming to confirm removal of the dll files (which they had), but noted that the .crx file was still in the \Local folder. I rescanned this folder with Avira and quarantined the file, which this time did remove it.

I tried a system scan with Avira which seemed to hang at 3% (but maybe I didn't allow it long enough), so did a scan with Malwarebytes and SuperAntiSpyware which both came up clean.

Now when Rachel logs on, a warning window appears for each of the removed .dll files - "Error loading ***.dll. The specified module could not be found." Clicking OK appears to allow normal operation to continue.

Can someone help me to get rid of these warnings and confirm that my computer is now clean? I ran OTL from my account with 'scan all users' selected - should I have run it from Rachel's account? The OTL report is below. Many thanks.



OTL logfile created on: 22/01/2013 07:53:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Computer\Security\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 29.08% Memory free
6.21 Gb Paging File | 3.99 Gb Available in Paging File | 64.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 921.17 Gb Total Space | 656.39 Gb Free Space | 71.26% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 755.25 Gb Free Space | 81.08% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.17 Gb Free Space | 51.66% Space Free | Partition Type: NTFS
Drive L: | 465.76 Gb Total Space | 144.49 Gb Free Space | 31.02% Space Free | Partition Type: NTFS
Drive M: | 149.01 Gb Total Space | 64.11 Gb Free Space | 43.02% Space Free | Partition Type: NTFS
Drive N: | 1863.01 Gb Total Space | 1028.93 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 124.31 Gb Free Space | 26.69% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 197.64 Gb Free Space | 21.22% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Computer\Security\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\XYplorer\XYplorer.exe (www.xyplorer.com)
PRC - C:\Program Files\Serviio\bin\ServiioConsole.exe ()
PRC - C:\Program Files\Serviio\bin\ServiioService.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Cobian Backup 11\cbVSCService11.exe (CobianSoft, Luis Cobian)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Users\Charles\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
PRC - C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
PRC - C:\Program Files\Microsoft Office 2010\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Codebox\BitMeter\BitMeter2.exe ( )
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\pmxmiced.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Serviio\bin\ServiioConsole.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Users\Charles\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Tablet\Pen\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\IZArc\IZArcCM.dll ()
MOD - C:\Program Files\Microsoft Office 2010\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Serviio) -- C:\Program Files\Serviio\bin\ServiioService.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (KooRaRooMediaServer) -- C:\Program Files\KooRaRoo Media\KooRaRooMediaServer.exe (Programming Sunrise)
SRV - (AdobeActiveFileMonitor11.0) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (cbVSCService11) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe (CobianSoft, Luis Cobian)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ALSysIO) -- C:\Users\Charles\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (Apowersoft_AudioDevice) -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (NPF) -- C:\Windows\System32\drivers\aztech_npf32.sys (CACE Technologies)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7FDUM_enGB496
IE - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google SSL"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk|www.ebay.co.uk|www.talkphotography.co.uk/forums/|www.giveawayoftheday.com|http://www.topcashback.co.uk|http://www.searchlotto.co.uk//index.php"
FF - prefs.js..extensions.enabledAddons: %7B11483926-db67-4190-91b1-ef20fcec5f33%7D:0.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3
FF - prefs.js..extensions.enabledItems: {BC0AE9E6-E549-4554-A222-EA083A894683}:1.0.0.47
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@entriq.com/Download Manager Plugin Version Chk,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2008/07/24 16:59:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@entriq.com/Download Manager Plugin,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2008/07/24 16:59:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@entriq.com/Download Manager Plugin Version Chk,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2008/07/24 16:59:53 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@entriq.com/Download Manager Plugin,version=3.8.2.9: C:\Program Files\Entriq\MediaSphere\3.8.2.9 [2008/07/24 16:59:53 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\en.pixelplan.pl/PIXELPLANWebViewer: C:\Users\Charles\AppData\Roaming\Pixelplan\Pixelplan O4C Viewer Web\1.2.7\npPIXELPLANWebViewer.dll (Pixelplan S.C.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/05 22:13:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 22:06:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 22:06:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 22:06:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 22:06:49 | 000,000,000 | ---D | M]

[2008/07/16 18:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Extensions
[2010/08/08 20:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\89qxfs7x.test\extensions
[2010/08/08 20:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\89qxfs7x.test\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/08 20:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\89qxfs7x.test\extensions\staged-xpis
[2012/12/13 08:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions
[2012/08/05 22:13:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/21 22:50:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(14)
[2009/08/18 07:17:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(147)
[2009/11/21 08:47:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(35)
[2009/03/18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\89qxfs7x.test\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2012/12/13 08:55:25 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\[email protected]
[2011/12/31 09:58:42 | 000,074,526 | ---- | M] () (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi
[2012/11/23 22:45:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/08/12 22:36:19 | 000,001,820 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\searchplugins\bing.xml
[2012/12/08 14:10:49 | 000,002,641 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\searchplugins\google-ssl.xml
[2013/01/18 22:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 22:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/18 22:06:51 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/11 15:12:58 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/01/11 15:12:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/11 15:12:58 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/11 15:12:58 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/01/11 15:12:58 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/11 15:12:58 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Pixelplan Web Viewer (Enabled) = C:\Users\Charles\AppData\Roaming\Pixelplan\Pixelplan O4C Viewer Web\1.2.7\npPIXELPLANWebViewer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: ServiioTube = C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakaojhfbcaonblkoflkbfjpmehpgmbc\1.3_0\
CHR - Extension: Adblock Plus = C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/01/19 22:01:51 | 001,047,938 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 31489 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-500675024-2545780642-2448618569-1000..\Run: [DriverMax_RESTART] File not found
O4 - Startup: C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-500675024-2545780642-2448618569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://s.userzoom.com/s/UserZoom.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F46DDA2-E12C-4FF2-A700-9FA57281BE1A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{542F07E1-2D71-4B25-92CA-08DBBBA83221}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/03/29 09:59:00 | 000,000,038 | ---- | M] () - L:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/08/04 22:39:53 | 000,000,026 | ---- | M] () - M:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 03:53:50 | 000,000,027 | ---- | M] () - N:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/08/05 08:03:17 | 000,000,000 | RH-D | M] - S:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012/08/05 09:31:48 | 000,000,041 | -H-- | M] () - S:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/05 13:14:18 | 000,000,025 | ---- | M] () - T:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c3f35877-911d-11df-b30e-001d098948ac}\Shell - "" = AutoRun
O33 - MountPoints2\{c3f35877-911d-11df-b30e-001d098948ac}\Shell\AutoRun\command - "" = M:\sources\sperr32.exe x64
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/21 20:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/01/19 23:16:03 | 000,000,000 | ---D | C] -- C:\Users\Charles\LuminanceHDR
[2013/01/19 23:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Luminance HDR
[2013/01/18 22:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/15 22:19:07 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\XYplorer
[2013/01/15 22:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\XYplorer
[2013/01/14 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Charles\Documents\Callum
[2013/01/12 09:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft
[2013/01/07 23:08:33 | 000,000,000 | ---D | C] -- C:\PhSp_CS2_UE_Ret
[2013/01/07 22:39:28 | 000,000,000 | ---D | C] -- C:\CS_2.0_WWE_Extras_2
[2013/01/03 22:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Two Pilots
[2013/01/03 22:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Retouch Pilot
[2012/12/31 13:06:27 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\vlc
[3 C:\Users\Charles\AppData\Roaming\*.tmp files -> C:\Users\Charles\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/22 07:54:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 07:53:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 07:52:04 | 000,001,493 | -H-- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\tlbdata.xml
[2013/01/22 07:48:24 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 07:48:24 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 19:53:17 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/21 19:53:17 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/21 19:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/21 19:47:26 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 23:17:14 | 000,000,020 | ---- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2013/01/19 22:01:51 | 001,047,938 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/15 22:20:38 | 000,000,898 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\XYplorer.lnk
[2013/01/14 22:13:04 | 000,001,997 | ---- | M] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/10 08:11:10 | 002,111,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/08 20:27:23 | 001,047,576 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130119-220150.backup
[2013/01/07 23:56:25 | 000,001,172 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013/01/05 12:30:25 | 000,000,020 | ---- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/01/03 23:41:15 | 000,000,632 | RHS- | M] () -- C:\Users\Charles\ntuser.pol
[2012/12/29 14:21:28 | 000,000,844 | ---- | M] () -- C:\Users\Charles\Desktop\TeamViewer.lnk
[2012/12/28 10:21:08 | 001,047,576 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130108-202723.backup
[3 C:\Users\Charles\AppData\Roaming\*.tmp files -> C:\Users\Charles\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/15 22:20:38 | 000,000,898 | ---- | C] () -- C:\Users\Charles\Application Data\Microsoft\Internet Explorer\Quick Launch\XYplorer.lnk
[2013/01/11 15:06:58 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/08 23:14:30 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2013/01/08 20:06:08 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2013/01/08 20:06:08 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2013/01/07 23:56:25 | 000,001,172 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2013/01/07 23:55:56 | 000,001,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2012/12/29 14:21:28 | 000,000,844 | ---- | C] () -- C:\Users\Charles\Desktop\TeamViewer.lnk
[2012/12/03 23:12:32 | 000,000,376 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\burnaware.ini
[2012/11/23 19:03:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\SingleFiles
[2012/11/18 12:11:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/31 20:57:19 | 000,000,332 | -H-- | C] () -- C:\Users\Charles\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012/10/31 20:57:19 | 000,000,268 | ---- | C] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012/09/15 08:09:15 | 000,000,094 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\AlamySizeCheck Preferences
[2012/08/24 16:15:55 | 000,060,304 | ---- | C] () -- C:\Users\Charles\g2mdlhlpx.exe
[2012/08/22 20:31:21 | 000,037,585 | ---- | C] () -- C:\Users\Charles\avira.jpg
[2012/08/20 14:41:53 | 000,000,268 | RH-- | C] () -- C:\Users\Charles\AppData\Roaming\StatusSheet
[2012/08/20 14:41:53 | 000,000,268 | R--- | C] () -- C:\ProgramData\Strings
[2012/08/20 14:41:53 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/08/20 14:41:53 | 000,000,012 | R--- | C] () -- C:\ProgramData\Textures
[2012/08/20 14:41:12 | 000,000,268 | RH-- | C] () -- C:\Users\Charles\AppData\Roaming\Stingers
[2012/08/20 14:41:12 | 000,000,268 | RH-- | C] () -- C:\Users\Charles\AppData\Roaming\Static Library
[2012/08/20 14:41:12 | 000,000,268 | R--- | C] () -- C:\ProgramData\Super Strings
[2012/08/20 14:41:12 | 000,000,268 | R--- | C] () -- C:\ProgramData\String Ensemble
[2012/08/20 14:41:12 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/08/20 14:41:12 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/08/20 14:41:12 | 000,000,012 | R--- | C] () -- C:\ProgramData\Track Settings
[2012/08/20 14:40:55 | 000,000,268 | RH-- | C] () -- C:\Users\Charles\AppData\Roaming\Synth Textures
[2012/08/20 14:40:55 | 000,000,268 | R--- | C] () -- C:\ProgramData\Techno Kit
[2012/08/20 14:40:55 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012/08/20 14:40:55 | 000,000,012 | R--- | C] () -- C:\ProgramData\deskjet
[2012/08/11 07:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/09 21:44:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/07 16:37:41 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/07/04 05:09:18 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012/07/04 01:32:18 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/04/26 21:27:59 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\WebCamLib.dll
[2012/03/16 21:16:00 | 022,657,871 | ---- | C] () -- C:\Users\Charles\frensham.psd
[2012/03/16 21:06:46 | 000,421,798 | ---- | C] () -- C:\Users\Charles\frensham7.jpg
[2012/03/16 21:05:36 | 000,463,452 | ---- | C] () -- C:\Users\Charles\frensham6.jpg
[2012/03/16 21:04:07 | 000,414,203 | ---- | C] () -- C:\Users\Charles\farnham6.jpg
[2012/03/16 20:27:18 | 000,317,484 | ---- | C] () -- C:\Users\Charles\farnham5.jpg
[2012/03/16 20:18:11 | 000,466,311 | ---- | C] () -- C:\Users\Charles\frensham4.jpg
[2012/03/16 20:17:41 | 000,487,535 | ---- | C] () -- C:\Users\Charles\frensham3.jpg
[2012/03/16 20:17:16 | 000,428,779 | ---- | C] () -- C:\Users\Charles\frensham2.jpg
[2012/03/16 20:16:50 | 000,481,327 | ---- | C] () -- C:\Users\Charles\frensham1.jpg
[2012/03/06 17:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/02/24 21:43:28 | 000,652,243 | ---- | C] () -- C:\Users\Charles\catfood.pdf
[2012/01/12 23:08:30 | 000,212,420 | ---- | C] () -- C:\Users\Charles\tim label.jpg
[2012/01/12 23:08:12 | 000,699,792 | ---- | C] () -- C:\Users\Charles\tim label.psd
[2012/01/12 22:59:07 | 028,189,252 | ---- | C] () -- C:\Users\Charles\tim1.tif
[2012/01/12 22:49:54 | 001,483,292 | ---- | C] () -- C:\Users\Charles\tim1 copy.jpg
[2012/01/12 22:49:26 | 028,372,176 | ---- | C] () -- C:\Users\Charles\tim1.psd
[2012/01/09 22:51:48 | 000,166,141 | ---- | C] () -- C:\Users\Charles\2012-01-09_225141.jpg
[2012/01/08 22:51:39 | 000,180,094 | ---- | C] () -- C:\Users\Charles\excel.jpg
[2011/10/31 23:20:34 | 000,000,218 | ---- | C] () -- C:\Users\Charles\.recently-used.xbel
[2011/10/05 21:56:44 | 004,643,559 | ---- | C] () -- C:\Users\Charles\P1120593 edit4.jpg
[2011/10/05 21:28:31 | 004,605,156 | ---- | C] () -- C:\Users\Charles\P1120593 edit3.jpg
[2011/10/05 21:14:20 | 003,983,669 | ---- | C] () -- C:\Users\Charles\P1120593 edit2.jpg
[2011/10/05 19:46:37 | 003,131,077 | ---- | C] () -- C:\Users\Charles\P1120593 edit.jpg
[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/07/26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/07/26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/07/26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/07/18 19:09:12 | 017,965,737 | ---- | C] () -- C:\Users\Charles\test2.nef
[2011/07/18 19:08:53 | 017,802,365 | ---- | C] () -- C:\Users\Charles\test1.nef
[2011/07/18 19:08:24 | 016,996,321 | ---- | C] () -- C:\Users\Charles\test.nef
[2011/06/27 17:14:29 | 000,000,412 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\All CPU Meter_Settings.ini
[2011/04/27 20:06:38 | 000,134,080 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2010/04/23 15:47:35 | 000,013,646 | ---- | C] () -- C:\Users\Charles\backup.tabletprefs
[2010/03/06 18:02:34 | 000,000,268 | RH-- | C] () -- C:\Users\Charles\AppData\Roaming\Spacious
[2010/03/06 18:02:34 | 000,000,268 | R--- | C] () -- C:\ProgramData\Standard
[2010/03/06 18:02:34 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/03/06 18:02:34 | 000,000,012 | R--- | C] () -- C:\ProgramData\String Comparison
[2009/07/27 22:24:23 | 000,208,771 | ---- | C] () -- C:\Users\Charles\vodafone.jpg
[2008/12/05 19:52:11 | 000,000,268 | RH-- | C] () -- C:\Users\Charles\AppData\Roaming\Audio
[2008/12/05 19:52:11 | 000,000,268 | R--- | C] () -- C:\ProgramData\Automatic Filter
[2008/12/05 19:44:30 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2008/06/17 22:37:31 | 000,000,582 | ---- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat
[2008/06/11 17:19:17 | 000,001,356 | ---- | C] () -- C:\Users\Charles\AppData\Local\d3d9caps.dat
[2008/06/01 14:24:23 | 000,000,632 | RHS- | C] () -- C:\Users\Charles\ntuser.pol
[2008/05/30 22:42:00 | 000,053,760 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/24 14:49:32 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Alien Skin
[2009/02/27 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Ashampoo
[2012/09/25 14:30:59 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Audacity
[2012/12/14 16:17:37 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Canon
[2010/05/29 12:10:56 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\CPS Labs
[2009/04/06 08:49:59 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Expression Media 2
[2012/11/04 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\iSpring Solutions
[2008/05/20 22:31:00 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\LinkManager 4.0
[2009/02/07 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\NIKON
[2013/01/10 22:46:22 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\onOne Software
[2012/11/24 20:07:12 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\ProcessLasso
[2011/05/17 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Publish Providers
[2011/08/04 12:29:01 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Samsung
[2011/05/17 19:01:51 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Sony
[2012/08/22 16:09:10 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Unity
[2009/01/25 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Callum\AppData\Roaming\Xara
[2012/06/07 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\.mono
[2012/07/20 19:15:15 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Acronis
[2011/11/20 22:36:40 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Alien Skin
[2012/02/10 23:06:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Anthropics
[2011/11/26 22:33:00 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Anvsoft
[2012/04/26 21:27:59 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Apowersoft
[2011/10/26 22:54:33 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Ashampoo
[2012/09/15 22:35:00 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Audacity
[2009/11/06 23:05:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Auslogics
[2009/07/26 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\avidemux
[2012/04/18 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Bitmeter2
[2012/08/05 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Burn4U
[2012/08/05 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Byngo
[2012/12/14 17:07:59 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Canon
[2012/12/16 22:28:20 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\CD-LabelPrint
[2012/08/05 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\CodedColor
[2010/01/02 21:26:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ColorCop
[2008/11/20 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/30 10:16:36 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\CoreFTP
[2008/07/09 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\CPS Labs
[2012/10/05 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Digiarty
[2008/05/25 21:15:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DisplayTune
[2009/02/24 18:33:47 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Expression Media 2
[2010/08/11 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\fdrtools.com
[2013/01/13 23:01:14 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\FileZilla
[2011/03/26 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\FreeStone Group
[2010/07/21 22:49:50 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Genie-Soft
[2012/08/05 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GetRightToGo
[2012/10/07 10:19:18 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HandBrake
[2010/02/10 23:33:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HDRsoft
[2012/08/05 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HippoEDIT
[2012/08/05 22:13:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\IcoFX
[2010/02/07 08:29:05 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ImgBurn
[2009/04/28 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Instant Housecall
[2012/10/31 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\iSpring Solutions
[2011/07/15 22:20:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\JAlbum
[2011/02/23 18:07:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Jalbum AB
[2008/07/14 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\JGsoft
[2011/12/27 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\KeePass
[2011/01/13 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Keynote Systems
[2010/01/06 12:55:38 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\kompozer.net
[2011/01/20 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Kristanix Software
[2012/08/05 09:35:46 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Leadertech
[2008/05/20 21:22:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\LinkManager 4.0
[2012/10/06 07:58:20 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\M8 Software
[2012/10/07 10:41:14 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\mkvtoolnix
[2011/01/19 20:39:36 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Morpheus Software
[2012/12/02 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\NeatImage SL 32
[2012/08/05 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\NetMeter
[2012/08/20 14:44:31 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Nikon
[2012/08/05 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\OneTouch 4.0
[2013/01/10 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\onOne Software
[2008/07/05 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Opera
[2012/08/05 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PanoViewer
[2011/07/18 18:02:19 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Picturenaut
[2012/09/12 22:00:06 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Pixelplan
[2012/08/05 22:13:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Pixpedia Publisher
[2013/01/04 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ProcessLasso
[2010/09/06 20:16:06 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Publish Providers
[2010/02/06 07:57:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\r2 Studios
[2008/12/30 20:29:12 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\RawTherapee
[2012/12/01 12:46:19 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\RetouchPilot
[2011/08/03 21:04:05 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Samsung
[2012/08/05 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Scribus
[2012/08/05 09:39:38 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Seagate
[2012/10/01 21:56:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Serif
[2010/09/10 17:54:36 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Sony
[2010/09/10 17:50:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Sony Creative Software Inc
[2012/10/12 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Spotify
[2012/12/29 14:20:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TeamViewer
[2008/09/21 07:49:14 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Template
[2012/05/31 17:49:39 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Unity
[2012/12/14 17:24:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\uTorrent
[2008/09/18 21:08:10 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Xara
[2013/01/21 23:44:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\XYplorer
[2012/10/03 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Zoner
[2013/01/10 22:47:46 | 000,000,000 | ---D | M] -- C:\Users\Email\AppData\Roaming\onOne Software
[2013/01/11 10:40:06 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\Canon
[2009/05/04 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\CPS Labs
[2009/04/13 18:09:19 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\Expression Media 2
[2008/05/20 21:59:04 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\LinkManager 4.0
[2009/08/18 16:19:59 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\NetMeter
[2011/09/29 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\NIKON
[2013/01/10 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\onOne Software
[2012/08/05 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\ProcessLasso
[2010/12/02 17:01:55 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\Publish Providers
[2010/12/02 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\Kirstie\AppData\Roaming\Sony
[2012/12/14 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Canon
[2008/05/25 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\DisplayTune
[2012/08/05 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\IcoFX
[2008/08/29 20:55:22 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\JGsoft
[2008/05/20 22:38:32 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\LinkManager 4.0
[2009/08/18 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\NetMeter
[2009/12/09 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\NIKON
[2012/08/05 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\OneTouch 4.0
[2013/01/10 22:50:24 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\onOne Software
[2012/08/05 22:13:40 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\ProcessLasso
[2009/01/11 15:26:46 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Serif
[2010/05/30 19:41:28 | 000,000,000 | ---D | M] -- C:\Users\Rachel\AppData\Roaming\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Web:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Updater:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Recipes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Presentations:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\My Scanned Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\My OneTouch Archive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\My Albums:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\MoviePlus:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Memberships:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Mail Attachments:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Hart:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Expression:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\dixons order.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Charles\Documents\AdobeStockPhotos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\Restore Point Shortcut:Roxio EMC Stream
@Alternate Data Stream - 332 bytes -> C:\ProgramData:iSpring Converter 6
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:867C1254
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:63CD0333
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:335CB24A
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:DCD39382
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:F8B88761
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CF778051
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Edited by f1charlie, 22 January 2013 - 03:43 AM.

  • 0

Advertisements

#2
gringo_pr
Posted 22 January 2013 - 01:28 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
f1charlie
Posted 22 January 2013 - 04:28 PM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Gringo,

Thanks for taking the time to look at my problem. Reports as follows:

Security Check

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java™ 6 Update 33
Java 7 Update 11
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0)
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows7FirewallControl Windows7FirewallService.exe
Windows7FirewallControl Windows7FirewallControl.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


ADWCleaner

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 22:04:45
# Updated 21/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Charles - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Charles\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-GB)

File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\prefs.js

[OK] File is clean.

File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\77fikbfa.default\prefs.js

[OK] File is clean.

File : C:\Users\Kirstie\AppData\Roaming\Mozilla\Firefox\Profiles\nd8svpss.default\prefs.js

[OK] File is clean.

File : C:\Users\Callum\AppData\Roaming\Mozilla\Firefox\Profiles\dewxn2s6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Callum\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2933 octets] - [23/10/2012 21:18:09]
AdwCleaner[R2].txt - [1755 octets] - [23/10/2012 21:28:10]
AdwCleaner[S1].txt - [2867 octets] - [23/10/2012 21:20:12]
AdwCleaner[S2].txt - [1973 octets] - [22/01/2013 22:04:45]

########## EOF - C:\AdwCleaner[S2].txt - [2033 octets] ##########


Roguekiller

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Charles [Admin rights]
Mode : Remove -- Date : 01/22/2013 22:20:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x83A68E35 -> HOOKED (Unknown @ 0x8EEE3716)
SSDT[276] : NtRequestWaitReplyPort @ 0x83A7AFE0 -> HOOKED (Unknown @ 0x8EEE3720)
SSDT[289] : NtSetContextThread @ 0x83ACA10B -> HOOKED (Unknown @ 0x8EEE371B)
SSDT[314] : NtSetSecurityObject @ 0x839F703C -> HOOKED (Unknown @ 0x8EEE3725)
SSDT[332] : NtSystemDebugControl @ 0x83A2FEF1 -> HOOKED (Unknown @ 0x8EEE372A)
SSDT[334] : NtTerminateProcess @ 0x83A28173 -> HOOKED (Unknown @ 0x8EEE36B7)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8EEE373E)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8EEE3743)

¤¤¤ Extern Hives: ¤¤¤
-> D:\Users\Callum\NTUSER.DAT
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 22b9c56caa9103501087522ef81bedc0
[BSP] 9611ba96401e21730aff4765c0e0bdb0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 345 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 706860 | Size: 10244 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21687750 | Size: 943277 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] ae09f135fa477de9ed7c7739c2a6befa
[BSP] c8a54a50f74f1560b2b660b0ee6e7ccb : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01222013_02d2220.txt >>
RKreport[1]_S_01222013_02d2219.txt ; RKreport[2]_D_01222013_02d2220.txt
  • 0

#4
gringo_pr
Posted 22 January 2013 - 10:54 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
f1charlie
Posted 23 January 2013 - 01:44 AM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Gringo,

PC seems to be running OK, but still getting the missing dll errors when I log on as Rachel. Combofix log below:


ComboFix 13-01-22.01 - Charles 23/01/2013 7:20.1.4 - x86
Running from: c:\users\Charles\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\15a05a1824a8793fae296ac6f79b78023a0c9d3c
c:\users\Callum\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3842C8AB-07ED-41E0-941D-C0044F5D7561}.xps
c:\users\Callum\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B158AF3D-D63E-44BA-80CF-764894BC1058}.xps
c:\users\Callum\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
c:\users\Callum\AppData\Roaming\ispro3_0.tmp
c:\users\Callum\AppData\Roaming\ispro3_1.tmp
c:\users\Callum\AppData\Roaming\ispro3_2.tmp
c:\users\Callum\AppData\Roaming\ispro3_3.tmp
c:\users\Callum\Documents\~WRL0001.tmp
c:\users\Callum\Documents\~WRL0004.tmp
c:\users\Callum\Documents\~WRL2185.tmp
c:\users\Callum\Documents\~WRL2653.tmp
c:\users\Charles\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
c:\users\Charles\AppData\Roaming\ispro3_0.tmp
c:\users\Charles\AppData\Roaming\ispro3_1.tmp
c:\users\Charles\AppData\Roaming\ispro3_2.tmp
c:\users\Charles\AppData\Roaming\Microsoft\~DFKd0c593.tmp
c:\users\Charles\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Charles\AppData\Roaming\Microsoft\bass.dll
c:\users\Charles\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Charles\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Charles\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Charles\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Charles\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Charles\g2mdlhlpx.exe
c:\users\Kirstie\AppData\Roaming\ispro3_0.tmp
c:\users\Kirstie\AppData\Roaming\ispro3_1.tmp
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1174B254-5ACE-4454-8BF2-6D72F721DC0E}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3326E7AA-4CB4-442D-8974-CEEBCC63269C}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{335CBDFD-04EE-469C-A941-840CF9487CF1}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3AB1DBCC-9864-4364-86B2-B7A2C033494D}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3CFF3DA6-4686-478F-B2D6-4263FD4791BF}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DF132A5-3549-437E-A4D0-78D5768CEA50}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5EFD815D-B19B-47BE-80C3-F4647A891B3D}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67950894-78C5-416A-AD02-A15A1DB69D50}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8AD8D5F4-F9A7-40ED-9FA1-B5CFA35A199D}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A361AD6E-04F7-4C5B-9370-555E016D7426}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F12CCF54-B132-4CE8-B47A-03D55FC94B47}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F27F9D89-9D9F-47E0-B09C-68E0401D0295}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F375B5C9-E816-4CE5-B376-8E2805D17D22}.xps
c:\users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBFF87D6-9AF1-4362-BFCE-F0292964E746}.xps
c:\users\Rachel\AppData\Roaming\ispro3_0.tmp
c:\users\Rachel\AppData\Roaming\ispro3_1.tmp
c:\users\Rachel\Documents\~WRD0072.tmp
c:\users\Rachel\Documents\~WRL0091.tmp
c:\users\Rachel\Documents\~WRL3024.tmp
D:\install.exe
L:\autorun.inf
M:\Autorun.inf
N:\Autorun.inf
N:\Setup.exe
S:\autorun.inf
T:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 07:29 . 2013-01-23 07:32 -------- d-----w- c:\users\Charles\AppData\Local\temp
2013-01-23 07:29 . 2013-01-23 07:29 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2013-01-23 07:29 . 2013-01-23 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 07:29 . 2013-01-23 07:29 -------- d-----w- c:\users\Kirstie\AppData\Local\temp
2013-01-23 07:29 . 2013-01-23 07:29 -------- d-----w- c:\users\Callum\AppData\Local\temp
2013-01-22 18:09 . 2013-01-22 18:09 -------- d-----w- c:\program files\ESET
2013-01-21 20:08 . 2013-01-21 20:08 -------- d-----w- c:\users\Charles\AppData\Roaming\SUPERAntiSpyware.com
2013-01-21 20:07 . 2013-01-21 20:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-20 16:46 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-20 10:54 . 2013-01-21 09:24 -------- d-----w- c:\users\Rachel\AppData\Local\CrashDumps
2013-01-19 23:16 . 2013-01-19 23:16 -------- d-----w- c:\users\Charles\LuminanceHDR
2013-01-19 23:15 . 2013-01-19 23:16 -------- d-----w- c:\program files\Luminance HDR
2013-01-15 22:19 . 2013-01-21 23:44 -------- d-----w- c:\users\Charles\AppData\Roaming\XYplorer
2013-01-15 22:19 . 2013-01-15 22:19 -------- d-----w- c:\program files\XYplorer
2013-01-11 10:43 . 2013-01-11 10:43 -------- d-----w- c:\users\Kirstie\AppData\Roaming\Avira
2013-01-11 10:40 . 2013-01-11 10:40 -------- d-----w- c:\users\Kirstie\AppData\Roaming\Canon
2013-01-10 22:50 . 2013-01-10 22:50 -------- d-----w- c:\users\Rachel\AppData\Roaming\onOne Software
2013-01-10 22:48 . 2013-01-10 22:48 -------- d-----w- c:\users\Kirstie\AppData\Roaming\onOne Software
2013-01-10 22:47 . 2013-01-10 22:47 -------- d-----w- c:\users\Email\AppData\Roaming\onOne Software
2013-01-08 20:30 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:30 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:30 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-07 23:08 . 2013-01-07 23:08 -------- d-----w- C:\PhSp_CS2_UE_Ret
2013-01-07 22:39 . 2013-01-07 22:40 -------- d-----w- C:\CS_2.0_WWE_Extras_2
2013-01-03 22:54 . 2013-01-03 22:54 -------- d-----w- c:\program files\Two Pilots
2013-01-03 22:54 . 2013-01-03 22:54 -------- d-----w- c:\program files\Retouch Pilot
2012-12-31 13:06 . 2012-12-31 13:07 -------- d-----w- c:\users\Charles\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 08:26 . 2012-04-02 20:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-13 08:26 . 2011-05-13 16:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 19:43 . 2012-06-27 21:01 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-16 19:43 . 2010-04-21 20:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12 . 2012-12-21 12:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 12:11 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-08-15 16:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 15:29 . 2012-12-01 14:39 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 15:29 . 2012-12-01 14:39 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-23 19:00 . 2008-12-05 19:46 57344 ----a-r- c:\users\Charles\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-11-16 20:17 . 2012-12-01 14:39 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09 . 2012-12-12 19:27 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 12:44 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 18:00 . 2012-12-01 12:53 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC2E705A-3616-4EED-85A1-7D5721AD1D77}\mpengine.dll
2012-11-02 10:18 . 2012-12-12 12:44 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 12:44 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-18 22:06 . 2013-01-18 22:06 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-11 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-04-12 802816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Charles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 23:04 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2011-03-23 11:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 03:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 07:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 18:53 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 17:18]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - www.google.co.uk|www.ebay.co.uk|www.talkphotography.co.uk/forums/|www.giveawayoftheday.com|hxxp://www.topcashback.co.uk|http://www.searchlotto.co.uk//index.php
FF - ExtSQL: !HIDDEN! 2009-06-24 17:49; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DriverMax_RESTART - (no file)
MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
AddRemove-{C921D7C4-24D7-4210-AEE9-DFC5DDC78428} - c:\programdata\{C0E88D43-C806-4727-B790-793860837FB2}\detail2_setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-23 07:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
Completion time: 2013-01-23 07:34:22
ComboFix-quarantined-files.txt 2013-01-23 07:34
.
Pre-Run: 704,134,254,592 bytes free
Post-Run: 705,592,418,304 bytes free
.
- - End Of File - - 9FE878BB30A793FF774FA0A950408B29

Edited by f1charlie, 23 January 2013 - 01:56 AM.

  • 0

#6
gringo_pr
Posted 23 January 2013 - 11:55 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
f1charlie
Posted 23 January 2013 - 01:16 PM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Gringo,

I switched Avira off before running Combofix, but when Combofix got to 'Preparing log report' and Avira pop-up appeared saying that it had blocked access to the registry.

Computer seems to be running OK, but error pop-ops regarding the dlls still appear on log-in to Rachel account.


Report:

ComboFix 13-01-23.01 - Charles 23/01/2013 18:50:07.2.4 - x86
Running from: c:\users\Charles\Desktop\ComboFix.exe
Command switches used :: c:\users\Charles\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 19:01 . 2013-01-23 19:01 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2013-01-23 19:01 . 2013-01-23 19:01 -------- d-----w- c:\users\Kirstie\AppData\Local\temp
2013-01-23 19:01 . 2013-01-23 19:01 -------- d-----w- c:\users\Email\AppData\Local\temp
2013-01-23 19:01 . 2013-01-23 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 19:01 . 2013-01-23 19:01 -------- d-----w- c:\users\Callum\AppData\Local\temp
2013-01-23 07:34 . 2013-01-23 19:01 -------- d-----w- c:\users\Charles\AppData\Local\temp
2013-01-22 18:09 . 2013-01-22 18:09 -------- d-----w- c:\program files\ESET
2013-01-21 20:08 . 2013-01-21 20:08 -------- d-----w- c:\users\Charles\AppData\Roaming\SUPERAntiSpyware.com
2013-01-21 20:07 . 2013-01-21 20:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-20 16:46 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-20 10:54 . 2013-01-21 09:24 -------- d-----w- c:\users\Rachel\AppData\Local\CrashDumps
2013-01-19 23:16 . 2013-01-19 23:16 -------- d-----w- c:\users\Charles\LuminanceHDR
2013-01-19 23:15 . 2013-01-19 23:16 -------- d-----w- c:\program files\Luminance HDR
2013-01-15 22:19 . 2013-01-21 23:44 -------- d-----w- c:\users\Charles\AppData\Roaming\XYplorer
2013-01-15 22:19 . 2013-01-15 22:19 -------- d-----w- c:\program files\XYplorer
2013-01-11 10:43 . 2013-01-11 10:43 -------- d-----w- c:\users\Kirstie\AppData\Roaming\Avira
2013-01-11 10:40 . 2013-01-11 10:40 -------- d-----w- c:\users\Kirstie\AppData\Roaming\Canon
2013-01-10 22:50 . 2013-01-10 22:50 -------- d-----w- c:\users\Rachel\AppData\Roaming\onOne Software
2013-01-10 22:48 . 2013-01-10 22:48 -------- d-----w- c:\users\Kirstie\AppData\Roaming\onOne Software
2013-01-10 22:47 . 2013-01-10 22:47 -------- d-----w- c:\users\Email\AppData\Roaming\onOne Software
2013-01-08 20:30 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:30 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:30 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-07 23:08 . 2013-01-07 23:08 -------- d-----w- C:\PhSp_CS2_UE_Ret
2013-01-07 22:39 . 2013-01-07 22:40 -------- d-----w- C:\CS_2.0_WWE_Extras_2
2013-01-03 22:54 . 2013-01-03 22:54 -------- d-----w- c:\program files\Two Pilots
2013-01-03 22:54 . 2013-01-03 22:54 -------- d-----w- c:\program files\Retouch Pilot
2012-12-31 13:06 . 2012-12-31 13:07 -------- d-----w- c:\users\Charles\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 08:26 . 2012-04-02 20:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-13 08:26 . 2011-05-13 16:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 19:43 . 2012-06-27 21:01 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-16 19:43 . 2010-04-21 20:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12 . 2012-12-21 12:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 12:11 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-08-15 16:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 15:29 . 2012-12-01 14:39 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 15:29 . 2012-12-01 14:39 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-23 19:00 . 2008-12-05 19:46 57344 ----a-r- c:\users\Charles\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-11-16 20:17 . 2012-12-01 14:39 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09 . 2012-12-12 19:27 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 12:44 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 18:00 . 2012-12-01 12:53 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC2E705A-3616-4EED-85A1-7D5721AD1D77}\mpengine.dll
2012-11-02 10:18 . 2012-12-12 12:44 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 12:44 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-18 22:06 . 2013-01-18 22:06 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-11 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-04-12 802816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Charles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 23:04 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2011-03-23 11:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 03:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 07:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 18:53 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 17:18]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9kjkuxho.default\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - www.google.co.uk|www.ebay.co.uk|www.talkphotography.co.uk/forums/|www.giveawayoftheday.com|hxxp://www.topcashback.co.uk|http://www.searchlotto.co.uk//index.php
FF - ExtSQL: !HIDDEN! 2009-06-24 17:49; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-23 19:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
Completion time: 2013-01-23 19:03:07
ComboFix-quarantined-files.txt 2013-01-23 19:03
ComboFix2.txt 2013-01-23 07:34
.
Pre-Run: 707,083,448,320 bytes free
Post-Run: 707,473,494,016 bytes free
.
- - End Of File - - 83BB5B4C7400243FD567D76F871199C1
  • 0

#8
gringo_pr
Posted 23 January 2013 - 04:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
are you running the scans in Rachel account?
  • 0

#9
f1charlie
Posted 23 January 2013 - 04:37 PM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
No from my account which is the admin account. Have I been doing it wrong? :upset:

Edited by f1charlie, 23 January 2013 - 05:07 PM.

  • 0

#10
gringo_pr
Posted 23 January 2013 - 08:05 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
change hers to an admin account and run combofix
  • 0

Advertisements

#11
f1charlie
Posted 24 January 2013 - 01:52 AM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry for the confusion! Changed Rachel account to admin and ran Combofix. Again Avira registry blocked pop-up at end of Combofix, even though I turned real-time protection off.

Computer seems OK and no dll warnings when Rachel logs on!

Report attached, should I run the ClearJavaCache script?



ComboFix 13-01-23.01 - Rachel 24/01/2013 7:32.3.4 - x86
Running from: c:\users\Rachel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 07:43 . 2013-01-24 07:43 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2013-01-24 07:43 . 2013-01-24 07:43 -------- d-----w- c:\users\Kirstie\AppData\Local\temp
2013-01-24 07:43 . 2013-01-24 07:43 -------- d-----w- c:\users\Email\AppData\Local\temp
2013-01-24 07:43 . 2013-01-24 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-24 07:43 . 2013-01-24 07:43 -------- d-----w- c:\users\Charles\AppData\Local\temp
2013-01-24 07:43 . 2013-01-24 07:43 -------- d-----w- c:\users\Callum\AppData\Local\temp
2013-01-22 18:09 . 2013-01-22 18:09 -------- d-----w- c:\program files\ESET
2013-01-21 20:08 . 2013-01-21 20:08 -------- d-----w- c:\users\Charles\AppData\Roaming\SUPERAntiSpyware.com
2013-01-21 20:07 . 2013-01-21 20:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-20 16:46 . 2013-01-12 03:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-20 10:54 . 2013-01-24 07:43 -------- d-----w- c:\users\Rachel\AppData\Local\CrashDumps
2013-01-19 23:16 . 2013-01-19 23:16 -------- d-----w- c:\users\Charles\LuminanceHDR
2013-01-19 23:15 . 2013-01-19 23:16 -------- d-----w- c:\program files\Luminance HDR
2013-01-15 22:19 . 2013-01-23 21:02 -------- d-----w- c:\users\Charles\AppData\Roaming\XYplorer
2013-01-15 22:19 . 2013-01-15 22:19 -------- d-----w- c:\program files\XYplorer
2013-01-11 10:43 . 2013-01-11 10:43 -------- d-----w- c:\users\Kirstie\AppData\Roaming\Avira
2013-01-11 10:40 . 2013-01-11 10:40 -------- d-----w- c:\users\Kirstie\AppData\Roaming\Canon
2013-01-10 22:50 . 2013-01-10 22:50 -------- d-----w- c:\users\Rachel\AppData\Roaming\onOne Software
2013-01-10 22:48 . 2013-01-10 22:48 -------- d-----w- c:\users\Kirstie\AppData\Roaming\onOne Software
2013-01-10 22:47 . 2013-01-10 22:47 -------- d-----w- c:\users\Email\AppData\Roaming\onOne Software
2013-01-08 20:30 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:30 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:30 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-07 23:08 . 2013-01-07 23:08 -------- d-----w- C:\PhSp_CS2_UE_Ret
2013-01-07 22:39 . 2013-01-07 22:40 -------- d-----w- C:\CS_2.0_WWE_Extras_2
2013-01-03 22:54 . 2013-01-03 22:54 -------- d-----w- c:\program files\Two Pilots
2013-01-03 22:54 . 2013-01-03 22:54 -------- d-----w- c:\program files\Retouch Pilot
2012-12-31 13:06 . 2012-12-31 13:07 -------- d-----w- c:\users\Charles\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 08:26 . 2012-04-02 20:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-13 08:26 . 2011-05-13 16:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 19:43 . 2012-06-27 21:01 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-16 19:43 . 2010-04-21 20:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12 . 2012-12-21 12:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 12:11 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-08-15 16:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 15:29 . 2012-12-01 14:39 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 15:29 . 2012-12-01 14:39 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-23 19:00 . 2008-12-05 19:46 57344 ----a-r- c:\users\Charles\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-11-16 20:17 . 2012-12-01 14:39 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-14 02:09 . 2012-12-12 19:27 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:27 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 12:44 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 18:00 . 2012-12-01 12:53 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC2E705A-3616-4EED-85A1-7D5721AD1D77}\mpengine.dll
2012-11-02 10:18 . 2012-12-12 12:44 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 12:44 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-18 22:06 . 2013-01-18 22:06 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-11 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-23 4452352]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2012-04-12 802816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Charles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 23:04 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2011-03-23 11:21 9226664 ----a-w- c:\program files\Innovative Solutions\DriverMax\devices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 11:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 03:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 07:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 18:53 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 17:18]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=1080508
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI7967~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI7967~1\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\77fikbfa.default\
FF - ExtSQL: !HIDDEN! 2009-06-24 17:49; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-arosv - c:\users\Rachel\AppData\Roaming\arosv.dll
HKCU-Run-murtf - c:\users\Rachel\AppData\Roaming\murtf.dll
HKCU-Run-cakrec - c:\users\Rachel\AppData\Roaming\cakrec.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 07:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(9036)
c:\windows\System32\pmxscrll.dll
c:\windows\System32\PMXCOMM.dll
c:\windows\System32\PMXHOOKS.dll
.
Completion time: 2013-01-24 07:45:01
ComboFix-quarantined-files.txt 2013-01-24 07:44
ComboFix2.txt 2013-01-23 19:03
ComboFix3.txt 2013-01-23 07:34
.
Pre-Run: 710,609,231,872 bytes free
Post-Run: 710,404,780,032 bytes free
.
- - End Of File - - A4C8B226C9A526158980B728744B690F
  • 0

#12
gringo_pr
Posted 24 January 2013 - 02:32 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

you can change it back to a user account now if you like

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
f1charlie
Posted 24 January 2013 - 07:57 AM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

Rachel account changed back to user.

Report as requested:



Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
AceHTML 6 Pro
Acrobat.com
Acronis True Image WD Edition
Adobe AIR
Adobe Bridge 1.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Photoshop Elements 11
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Advanced Font Viewer 4.2
Alamy SizeCheck
Alien Skin Eye Candy 4000
Alien Skin Xenofex 2.0
Aneesoft 3D Flash Gallery GOTD
AnVir Task Manager
AnvSoft Photo Flash Maker Professional 5.40
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Artensoft Tilt Shift Generator
Ashampoo Photo Commander 8 v.8.5.0
Ashampoo Snap 3.50
Audacity 1.3.14 (Unicode)
Audible Download Manager
Auslogics Disk Defrag
Auslogics Registry Defrag
Avidemux 2.5
Avira Free Antivirus
Bamboo
BitMeter
Bonjour
Brava! Reader 3.3
Browser Address Error Redirector
BurnAware Home 5.5 GOTD
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Image Garden
Canon My Image Garden Design Files
Canon My Printer
Canon Solution Menu EX
Capture NX 2
Capture One 6.3
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCC Help Turkish
CCleaner
CD-LabelPrint
ClearType Tuning Control Panel Applet
Cobian Backup 11 Gravity
CodedColor PhotoStudio 2010, 6.1.2
Color Efex Pro 3.0 Complete
Color Efex Pro 3.0 Complete for Capture NX 2
ColorPic
CombineZP
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
Core Temp version 0.99.7
CyberLink PhotoDirector 2011
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
DHTML Menu Builder LITE 4.20
DriverMax 5
DVD Architect Studio 5.0
DVDFab 8.2.1.3 (28/09/2012) Qt
DVDSmith Movie Backup 1.0.7
Edraw Max 4
Elements 11 Organizer
Eraser 6.0.10.2620
ERUNT 1.1j
ESET Online Scanner v3
FastStone Capture 5.3
FastStone Image Viewer 4.6
FDRTools Basic 2.3.0
File Uploader
FileHippo.com Update Checker
Free WAV to MP3 Converter
FTP Commander
Fusion 2.0.5
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript
Greenfish Icon Editor Pro 3.0
GridinSoft Notepad
HandBrake 0.9.8
HD Tune 2.55
HiJackThis
HippoEDIT 1.49
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTML-Kit
IcoFX 1.6.4
ImgBurn
Inpaint 2.4
Inpaint 4.7
inSSIDer 2.0
Intel® PRO Network Connections 12.1.11.0
iResizer 2.1
iSpring Converter 6
iSpring Pro 3.5.0
iTunes
iWisoft Free Video Converter 1.2
IZArc 4.1.6
jAlbum
Japanese Fonts Support For Adobe Reader 9
Java 7 Update 11
Java Auto Updater
Java™ 6 Update 33
Just Great Software EditPad Lite 6.4.2
KeePass Password Safe 2.17
KooRaRoo Media
LAME v3.99.3 (for Windows)
Luminance HDR 2.3.0
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia HomeSite+
MakeMKV v1.7.7
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Expression Blend 2
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 2
Microsoft Expression Design 4
Microsoft Expression Encoder 2
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Media 2 SP2
Microsoft Expression Studio 2
Microsoft Expression Studio 4
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Image Composite Editor
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Works
MKVToolNix 5.8.0
Monitor Calibration Wizard 1.0
Morpheus Photo Morpher v3.15
Mouse Suite for Desktop Computers
Mozilla Firefox 17.0 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDefrag v4.2.4
Neat Image v5 Demo (with plug-in)
Neat Image v7.3.0 Demo Standalone
NEF Codec
NewBlue Cartoonr for Vegas
NewBlue VideoFX for Sony Vegas MSPS
Nikon Message Center
Nikon Message Center 2
Nikon Movie Editor
Nikon Transfer
Noiseware Community Edition
OGA Notifier 2.0.0048.0
OneTouch 4.0
Opanda IExif 2.3
OpenAL
PC Inspector smart recovery
PDF to Word
Perfect Effects 4
Photo to FlipBook
photoFXlab
Photomatix Pro version 4.1.1
Photosynth 2.0110.317.1042
Photoupz 1.6
Picasa 3
Picture Control Utility
Picturenaut 3.2
Pixelplan - Flow Architect Studio 3D
Pixelplan - Pixelplan O4C Viewer Web
Pixo
Pixpedia Publisher 3.0.8
Portrait Professional 10.8
Portrait Professional 11.0
PowerPacket Ethernet Adapter
PSE11 STI Installer
Quicken SE 6
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva
Retouch Pilot Free 3.5.3
Revo Uninstaller 1.93
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RuneScape Launcher 1.2
Scanitto Pro
Scratch
Screen Recording Suite V2.4.8
Scribus 1.4.0rc3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB979332)
Serif DrawPlus 8
Serif DrawPlus 8 Resources
Serif MoviePlus 5
Serif MoviePlus 5 'MPEG Codec' Patch
Serif MoviePlus 5 Director's Collection
Serif MoviePlus 5 Resources
Serif PagePlus X4
Serif PagePlus X4 Resources
Serif PhotoPlus 11
Serif WebPlus X5
Serif WebPlus: Interest Template - Music 1
Serif WebPlus: Interest Template - Photography 1
Serif WebPlus: Interest Template - Photography 2
Serviio
ShadowExplorer 0.4
SizeExplorer Free 4.1
Skins
SolveigMM AVI Trimmer
Sonic Activation Module
Sony Vocal Eraser
Sothink DHTML Menu 9
Sothink Flash Menu
Sothink JWScroller
Sothink SWF Quicker
Sothink Tree Menu
Sound Forge Audio Studio 10.0
Speccy
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.6
Startup Delayer v2.5 (build 138)
SUPERAntiSpyware
swMSM
Topaz Adjust 5
Topaz B&W Effects
Topaz Detail 3
Topaz Fusion Express 2
TopazSoftwareManager
TopStyle Lite (Version 3.0)
True Launch Bar (Giveaway of the Day)
TwistingPixels
Uninstall 1.0.0.1
Uninstall Entriq MediaSphere
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
User's Guides
Vectorian Giotto 2.3.1
Vegas Movie Studio HD Platinum 10.0
Video Card Stability Test
ViewNX 2
virtualPhotographer 1.5.6
Vista Codec Package
Vista Shortcut Manager
VLC media player 2.0.5
Webstyle Dreamweaver Extension 3.0.3
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 )
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows7FirewallControl (i386) 5.0.0.15
WinPcap 4.0.2
WinX DVD Ripper Platinum 6.9.2
Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
Wondershare PDF Converter (Build 2.6.2)
WPF Toolkit February 2010 (Version 3.5.50211.1)
Xara Online Dreamweaver Extension
Xara Webstyle 3.1
XYplorer 11.90
Zoner Photo Studio 14
  • 0

#14
gringo_pr
Posted 24 January 2013 - 08:48 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 7 Update 11
Java™ 6 Update 33

 [/list]

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#15
f1charlie
Posted 25 January 2013 - 02:31 AM

f1charlie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Gringo,

Thanks. Java 7 Update 11 is the latest version. I know that there are serious security concerns about Java so is it best not to have it installed at all? What about websites that need it?

I also note that there is a Java 7 Update 9 listed in Revo Uninstaller - should I uninstall that too?

I already have CCleaner and run it (when I remember!). Do you recommend running the registry cleaner in it?

I will follow your instructions when I get back from work.

Once again many thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP