Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Giants adds and Delta toolbar infection [Solved]


  • This topic is locked This topic is locked

#1
haloburn

haloburn

    Member

  • Member
  • PipPip
  • 62 posts
Hello
Last week I inadvertently downloaded what I thought was windows service pack3 ( due to a different issue) from what I thought was windows legitimate link.
I ended up with a delta toolbar, babylon and giant ads extension file, I found them all and deleted them and removed the programmes I thought that was the end of it, but I still had adds on every web page with tons of hyper-linked words
I then ran malwarebytes antimalware and it found two Trojans; listed as Trojan.Dropper and removed them
I am still suffering with the numerous adds and hyperlinked words on every web page :upset: I can't even let my kids use the computer now, due to the nature of the adds
If anyone can assist that would be fantastic
Thanks for your time :)
Please find below OTL scan Thank you

OTL logfile created on: 24/02/2013 18:42:28 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 143.91 Mb Available Physical Memory | 15.01% Memory free
2.26 Gb Paging File | 0.92 Gb Available in Paging File | 40.81% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.59 Gb Total Space | 144.94 Gb Free Space | 80.26% Space Free | Partition Type: NTFS
Drive D: | 5.70 Gb Total Space | 0.47 Gb Free Space | 8.21% Space Free | Partition Type: FAT32

Computer Name: BERETTA | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/24 18:41:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/02/14 15:55:14 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/08 16:35:42 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/04 14:33:40 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
PRC - [2012/08/22 15:49:44 | 000,026,816 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/10/29 20:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/07 13:39:34 | 002,236,416 | ---- | M] (Kontiki Inc.) -- C:\WINDOWS\kdx\KHost.exe
PRC - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/24 18:46:20 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2004/10/25 13:17:56 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (No Company Name) ==========

MOD - [2013/02/14 15:54:50 | 003,061,656 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/02/14 15:49:58 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/07 22:38:43 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/01/09 18:56:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/09 18:04:45 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 18:04:24 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 18:02:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 18:02:38 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/29 20:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 20:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll
MOD - [2009/04/22 21:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 23:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 22:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 22:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 22:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 22:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 22:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 22:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 22:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 22:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 22:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2008/04/14 00:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/02/24 18:47:12 | 000,225,384 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll
MOD - [2006/02/24 18:47:12 | 000,065,634 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll
MOD - [2006/02/24 18:47:12 | 000,032,768 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll
MOD - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
MOD - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2013/02/14 15:55:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/08 16:35:42 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/07 22:38:45 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2012/11/07 16:29:32 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/14 21:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/06 17:49:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/06 21:31:11 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2006/08/07 13:39:36 | 002,007,040 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\KService\KService.exe -- (KService)
SRV - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2006/02/24 18:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/07 16:29:50 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/11/07 16:29:48 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/11/07 16:29:48 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/10/30 14:04:40 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/09/04 11:06:36 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/07/27 09:06:08 | 000,095,616 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/07/27 09:06:08 | 000,076,544 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/07/27 09:06:08 | 000,067,584 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/07/27 09:06:08 | 000,027,520 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/07/27 09:06:06 | 000,102,784 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/07/27 09:06:06 | 000,011,136 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/12/20 02:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/07/04 09:09:41 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/02/24 15:40:00 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka)
DRV - [2009/11/19 05:03:18 | 000,803,328 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/10/07 08:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 08:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 08:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 08:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/09/26 09:53:00 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/09/26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/09/26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 09:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 16:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 11:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/08/17 12:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...00000173135b392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 81 F9 EE 7B 58 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...00000173135b392
IE - HKCU\..\SearchScopes\{CCEA7375-E472-4108-9508-BBE69C5FD396}: "URL" = http://www.google.co...ie7&rlz=1I7HPEA
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: crossriderapp13738%40crossrider.com:0.89.95
FF - prefs.js..extensions.enabledAddons: extension21810%40extension21810.com:0.88.42
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/04 14:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/04 14:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/14 15:55:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/14 15:54:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

[2011/01/09 12:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2013/02/24 11:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions
[2011/01/11 13:17:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/28 15:29:00 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013/02/18 16:35:19 | 000,000,000 | ---D | M] ("mySupermarket Companion") -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
[2013/02/22 22:36:57 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
[2013/02/24 11:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged
[2013/02/22 22:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\chrome
[2013/02/22 22:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\defaults
[2013/02/22 22:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\locale
[2013/02/22 22:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\skin
[2013/02/18 16:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\chrome\content\extensionCode
[2013/02/22 22:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\chrome\content\extensionCode
[2013/02/24 11:20:13 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]
[2013/02/24 11:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\chrome
[2013/02/24 11:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\defaults
[2013/02/24 11:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\locale
[2013/02/24 11:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\skin
[2013/02/24 11:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\chrome\content\extensionCode
[2012/09/14 18:58:00 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
[2013/02/19 20:05:14 | 000,006,484 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\searchplugins\BrowserProtect.xml
[2013/02/22 12:17:28 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\searchplugins\delta.xml
[2013/02/14 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/14 15:53:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/14 15:53:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/14 15:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/02/24 11:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/24 11:23:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/24 11:22:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/24 11:22:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/24 11:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\distribution\extensions
[2013/02/14 15:55:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/04 14:33:54 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/02/10 10:54:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/10 10:54:10 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/09/13 07:31:24 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Hoolapp Android] "C:\DOCUME~1\HP_Owner\APPLIC~1\HOOLAP~1\Hoolapp.exe" /Minimized File not found
O4 - HKCU..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pofssavecredit.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: postoffice.co.uk ([www] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.bti...lcontrol013.cab (mailhelper Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B947BD34-91CC-4590-9BA0-6F0F0D2028E8} http://www.productsa...EmailConfig.cab (EmailClientUtil Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab (webhelper Class)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C79DFE-6A25-48C0-B0C4-B8881E914877}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68F0273A-E8B7-466C-94E9-C2D002C63E70}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 () - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 16:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{21811700-4612-11e2-bdb8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{21811700-4612-11e2-bdb8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21811700-4612-11e2-bdb8-00038a000015}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{21811701-4612-11e2-bdb8-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{21811701-4612-11e2-bdb8-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{21811701-4612-11e2-bdb8-00038a000015}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/22 12:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/02/22 12:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Delta
[2013/02/21 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
[2013/02/19 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Updater21810
[2013/02/19 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\HoolappForAndroid
[2013/02/18 21:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\DfuDrivers
[2013/02/18 15:50:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/16 20:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/02/16 20:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/16 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/16 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/16 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/02/16 20:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/16 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/14 15:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/08 16:36:08 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/08 16:35:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/08 16:35:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/08 16:35:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

========== Files - Modified Within 30 Days ==========

[2013/02/24 18:52:28 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/24 18:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/24 18:27:10 | 003,144,426 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Ari.bmp
[2013/02/24 18:03:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/24 18:02:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/02/24 12:29:58 | 000,546,135 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\MS007_twirly_lazysusan_web.pdf
[2013/02/23 11:41:04 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/02/23 11:39:50 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/23 11:31:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/23 11:31:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
[2013/02/23 11:30:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
[2013/02/23 11:30:40 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
[2013/02/23 11:29:52 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/23 11:29:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/23 11:29:35 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/23 11:29:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/02/22 11:50:48 | 000,983,094 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\new error.bmp
[2013/02/21 19:15:24 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PC Matic.lnk
[2013/02/20 12:50:43 | 000,000,325 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/02/20 12:50:43 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2013/02/20 12:50:41 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/02/19 21:45:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/19 21:03:04 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/02/19 20:01:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2013/02/18 22:35:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/18 16:27:00 | 000,035,476 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/02/18 16:22:55 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/18 15:43:05 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/17 10:07:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/02/16 20:17:53 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/02/16 20:15:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/14 15:47:46 | 000,443,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/14 15:47:46 | 000,072,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/08 16:35:45 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/08 16:35:40 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/08 16:35:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/08 16:35:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/08 16:35:40 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/08 16:35:39 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/08 16:35:39 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/07 22:38:45 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/07 22:38:45 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/04 21:42:25 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\New Internet Shortcut.url
[2013/01/30 10:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/01/26 03:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

========== Files Created - No Company Name ==========

[2013/02/24 18:25:28 | 003,144,426 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Ari.bmp
[2013/02/24 12:29:57 | 000,546,135 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\MS007_twirly_lazysusan_web.pdf
[2013/02/22 11:50:48 | 000,983,094 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\new error.bmp
[2013/02/21 19:15:24 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\PC Matic.lnk
[2013/02/19 21:19:57 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/16 20:28:39 | 000,035,476 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/02/16 20:17:53 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/02/16 20:15:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/16 20:15:56 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/02/04 21:42:17 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\New Internet Shortcut.url
[2012/02/15 07:44:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 13:55:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/08 12:49:22 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/01/25 21:23:48 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 20:13:06 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\setup_ldm.iss
[2009/03/12 14:21:35 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\HP_Owner\GoToAssistDownloadHelper.exe
[2006/08/13 20:52:53 | 000,013,192 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2006/04/11 05:49:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:167A825D
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello haloburn

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hello Gringo :wave:
Thanks for the quick reply, please find below the steps you asked me to complete, listed in order. Just as an update I am still getting the ads from 'Giant savings extension plug in' and the hyperlinked words

Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 25
Java™ 6 Update 35
Java 7 Update 13
Java™ 6 Update 7
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (20.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

# AdwCleaner v2.113 - Logfile created 02/25/2013 at 19:47:43
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - BERETTA
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\searchplugins\delta.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Delta
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\5ffdd8db03dee41
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\5ffdd8db03dee41
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=493d412000000000000000173135b392 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\prefs.js

C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp13738.13738.InstallationTime", 1353061678);
Deleted : user_pref("extensions.crossriderapp13738.13738.active", true);
Deleted : user_pref("extensions.crossriderapp13738.13738.addressbar", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.backgroundjs", "\n\n/********************************[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.backgroundver", 30);
Deleted : user_pref("extensions.crossriderapp13738.13738.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp13738.13738.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp13738.13738.cookie.mspCollapsed.expiration", "Fri Feb 01 2030 00:[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.cookie.mspCollapsed.value", "false");
Deleted : user_pref("extensions.crossriderapp13738.13738.description", "mySupermarket Shopping Companion is a [...]
Deleted : user_pref("extensions.crossriderapp13738.13738.domain", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp13738.13738.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.group", 0);
Deleted : user_pref("extensions.crossriderapp13738.13738.homepage", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.iframe", false);
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_appVer.value", "95");
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_lastVersion.value", "1449");
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_meta.value", "%7B%22images/asda_[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_nextCheck.expiration", "Tue Feb [...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90037.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90037.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90038.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90038.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90039.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90039.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90040.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90040.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90041.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90041.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90042.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90042.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90043.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90043.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90044.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90044.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90045.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90045.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90046.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90046.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90047.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90047.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90048.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90048.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90049.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90049.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90050.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90050.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90051.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90051.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90052.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90052.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90053.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90053.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90054.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90054.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90055.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90055.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90056.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90056.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90057.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90057.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90058.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90058.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90059.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90059.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90060.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90060.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90061.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90061.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90062.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90062.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90063.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90063.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90064.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90064.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90065.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90065.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90066.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90066.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90067.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90067.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90068.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90068.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90069.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90069.value", "%22data%[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90071.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90071.value", "%22//%20[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90072.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90072.value", "%22//%20[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90073.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90073.value", "%22%28fu[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90074.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90074.value", "%22%28fu[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90075.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90075.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90076.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90076.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90077.expiration", "Sun[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90077.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90078.expiration", "Sun[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90078.value", "%22appAP[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90079.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90079.value", "%22funct[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90081.expiration", "Sun[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90081.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90082.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90082.value", "%22funct[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90083.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90083.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90084.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90084.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90085.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90085.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90086.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90086.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90087.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90087.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90088.expiration", "Sun[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90088.value", "%22funct[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90090.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90090.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90091.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90091.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90092.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90092.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90093.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90093.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90094.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90094.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90095.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90095.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90097.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90097.value", "%22/*rul[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90098.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90098.value", "%22%23Ms[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90099.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90099.value", "%22%23Ms[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90100.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90100.value", "%22%23Ms[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90102.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90102.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90103.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90103.value", "%22var%2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90104.expiration", "Wed[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.internaldb.Resources_resource_90104.value", "%22funct[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.js", "\n\n /****************************************[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.name", "mySupermarket Companion");
Deleted : user_pref("extensions.crossriderapp13738.13738.newtab", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.opensearch", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_78.code", "(function(a){if(typeof a===[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins_lists.plugins_0", "17,14,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp13738.13738.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.pluginsversion", 11);
Deleted : user_pref("extensions.crossriderapp13738.13738.publisher", "mySupermarket Ltd");
Deleted : user_pref("extensions.crossriderapp13738.13738.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp13738.13738.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp13738.13738.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp13738.13738.thankyou", "hxxp://www.mysupermarket.co.uk/cleanconte[...]
Deleted : user_pref("extensions.crossriderapp13738.13738.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp13738.13738.ver", 95);
Deleted : user_pref("extensions.crossriderapp13738.apps", "13738");
Deleted : user_pref("extensions.crossriderapp13738.bic", "13b08c2ba02f8c7d125d6906bece9966");
Deleted : user_pref("extensions.crossriderapp13738.cid", 13738);
Deleted : user_pref("extensions.crossriderapp13738.firstrun", false);
Deleted : user_pref("extensions.crossriderapp13738.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp13738.installationdate", 1353061678);
Deleted : user_pref("extensions.crossriderapp13738.lastcheck", 22697010);
Deleted : user_pref("extensions.crossriderapp13738.lastcheckitem", 22697026);
Deleted : user_pref("extensions.crossriderapp13738.modetype", "production");
Deleted : user_pref("extensions.crossriderapp13738.reportInstall", true);
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationTime", 1361304293);
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.active", true);
Deleted : user_pref("extensions.crossriderapp21810.21810.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21810.21810.backgroundver", 32);
Deleted : user_pref("extensions.crossriderapp21810.21810.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21810.21810.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.InstallationTime.value", "1361304293");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_aoi.value", "1361304293");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.expiration", "Mon Feb 25 2[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.expiration", "Mon Feb 25 2013 1[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.expiration", "Tue Feb 26 201[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_country_code.value", "%22GB%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_crr.value", "1361789617");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_currenttime.value", "%221361537267%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_installtime.value", "%221361292337%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_pc_20120828.value", "1361304691759");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_product_id.value", "%221171%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie._GPL_zoneid.value", "%22146094%22");
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.cookie.dbtest.value", "1361304559558");
Deleted : user_pref("extensions.crossriderapp21810.21810.description", "Save big with Giant Savings! Coupons d[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.domain", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.group", 0);
Deleted : user_pref("extensions.crossriderapp21810.21810.homepage", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.iframe", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_appVer.value", "48");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.expiration", "Tue Feb [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21810.21810.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.name", "Giant Savings Extension");
Deleted : user_pref("extensions.crossriderapp21810.21810.newtab", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_1000015.ver", 33);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21810.21810.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp21810.21810.pluginsversion", 42);
Deleted : user_pref("extensions.crossriderapp21810.21810.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp21810.21810.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21810.21810.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21810.21810.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21810.21810.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21810.21810.ver", 48);
Deleted : user_pref("extensions.crossriderapp21810.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp21810.apps", "21810");
Deleted : user_pref("extensions.crossriderapp21810.bic", "13b08c2ba02f8c7d125d6906bece9966");
Deleted : user_pref("extensions.crossriderapp21810.cid", 21810);
Deleted : user_pref("extensions.crossriderapp21810.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21810.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21810.installationdate", 1361304516);
Deleted : user_pref("extensions.crossriderapp21810.lastcheck", 22697010);
Deleted : user_pref("extensions.crossriderapp21810.lastcheckitem", 22697026);
Deleted : user_pref("extensions.crossriderapp21810.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21810.reportInstall", true);
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "orgnl");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.bbDpng", "21");
Deleted : user_pref("extensions.delta.cntry", "GB");
Deleted : user_pref("extensions.delta.dfltLng", "");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.hdrMd5", "4C1896DE6035DCE2BB265B68C127C343");
Deleted : user_pref("extensions.delta.id", "493d412000000000000000173135b392");
Deleted : user_pref("extensions.delta.instlDay", "15758");
Deleted : user_pref("extensions.delta.instlRef", "");
Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.10.020:06:18");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.sg", "azb");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.012:17:27");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("extensions.enabledAddons", "testpilot%40labs.mozilla.com:1.2.2,crossriderapp13738%40cross[...]
Deleted : user_pref("extensions.toolbar.mindspark._57Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

File : C:\Documents and Settings\Airadne&Roddi\Application Data\Mozilla\Firefox\Profiles\6xeipbuu.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\HP_Owner\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [49673 octets] - [25/02/2013 19:47:43]

########## EOF - C:\AdwCleaner[S1].txt - [49734 octets] ##########

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Owner [Admin rights]
Mode : Scan -- Date : 02/25/2013 19:56:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Hoolapp Android ("C:\DOCUME~1\HP_Owner\APPLIC~1\HOOLAP~1\Hoolapp.exe" /Minimized) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2916009576-3212890739-825859052-1008[...]\Run : Hoolapp Android ("C:\DOCUME~1\HP_Owner\APPLIC~1\HOOLAP~1\Hoolapp.exe" /Minimized) [x] -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[19] : NtAssignProcessToJobObject @ 0x805CCB02 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B0DA)
SSDT[37] : NtCreateFile @ 0x8056E3EE -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BCA6)
SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys @ 0xF255D670)
SSDT[62] : NtDeleteFile @ 0x8056BF8E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BEB8)
SSDT[63] : NtDeleteKey @ 0x8061B29E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F714)
SSDT[65] : NtDeleteValueKey @ 0x8061B46E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F756)
SSDT[98] : NtLoadKey @ 0x8061D026 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F8FA)
SSDT[116] : NtOpenFile @ 0x8056F50C -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BDCA)
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B282)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B482)
SSDT[137] : NtProtectVirtualMemory @ 0x805ADBC6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B5C2)
SSDT[177] : NtQueryValueKey @ 0x80619026 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F85E)
SSDT[192] : NtRenameKey @ 0x8061A824 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F7A8)
SSDT[193] : NtReplaceKey @ 0x8061CED6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F7EA)
SSDT[204] : NtRestoreKey @ 0x8061C7E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F824)
SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B068)
SSDT[224] : NtSetInformationFile @ 0x805703F6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BF6A)
SSDT[247] : NtSetValueKey @ 0x80619374 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F69C)
SSDT[254] : NtSuspendThread @ 0x805CAD9A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236AFE6)
SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236AEEE)
SSDT[258] : NtTerminateThread @ 0x805C88E4 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236AF46)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200827AS +++++
--- User ---
[MBR] fc85ec354d4335b70090d5569541b8c0
[BSP] e53f08a2547f8ceb7cedf0196039bc96 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 184920 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 378732375 | Size: 5851 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02252013_02d1956.txt >>
RKreport[1]_S_02252013_02d1956.txt


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Owner [Admin rights]
Mode : Remove -- Date : 02/25/2013 19:58:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Hoolapp Android ("C:\DOCUME~1\HP_Owner\APPLIC~1\HOOLAP~1\Hoolapp.exe" /Minimized) [x] -> DELETED
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[19] : NtAssignProcessToJobObject @ 0x805CCB02 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B0DA)
SSDT[37] : NtCreateFile @ 0x8056E3EE -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BCA6)
SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (\??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys @ 0xF255D670)
SSDT[62] : NtDeleteFile @ 0x8056BF8E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BEB8)
SSDT[63] : NtDeleteKey @ 0x8061B29E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F714)
SSDT[65] : NtDeleteValueKey @ 0x8061B46E -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F756)
SSDT[98] : NtLoadKey @ 0x8061D026 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F8FA)
SSDT[116] : NtOpenFile @ 0x8056F50C -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BDCA)
SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B282)
SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B482)
SSDT[137] : NtProtectVirtualMemory @ 0x805ADBC6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B5C2)
SSDT[177] : NtQueryValueKey @ 0x80619026 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F85E)
SSDT[192] : NtRenameKey @ 0x8061A824 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F7A8)
SSDT[193] : NtReplaceKey @ 0x8061CED6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F7EA)
SSDT[204] : NtRestoreKey @ 0x8061C7E2 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F824)
SSDT[213] : NtSetContextThread @ 0x805C9036 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236B068)
SSDT[224] : NtSetInformationFile @ 0x805703F6 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236BF6A)
SSDT[247] : NtSetValueKey @ 0x80619374 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236F69C)
SSDT[254] : NtSuspendThread @ 0x805CAD9A -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236AFE6)
SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236AEEE)
SSDT[258] : NtTerminateThread @ 0x805C88E4 -> HOOKED (\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys @ 0xF236AF46)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200827AS +++++
--- User ---
[MBR] fc85ec354d4335b70090d5569541b8c0
[BSP] e53f08a2547f8ceb7cedf0196039bc96 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 184920 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 378732375 | Size: 5851 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02252013_02d1958.txt >>
RKreport[1]_S_02252013_02d1956.txt ; RKreport[2]_D_02252013_02d1958.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello haloburn

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hello Gringo

Please find below report by ComboFix.. pages are now loading quicker and is smoother running, however I am still getting ads on every site from Giant ads extension file, any ideas how to rid my PC of this? :confused: Thanks very much :)

ComboFix 13-02-24.01 - HP_Owner 26/02/2013 14:11:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.581 [GMT 0:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.BERETTA\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc26.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc2B.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc6.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccE.tmp
c:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccF.tmp
c:\documents and settings\HP_Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wt
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpi.jar
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wtDRM\DRM0302.dll
c:\windows\wt\wtDRM\DRM0302Java.jar
c:\windows\wt\wtDRM\jDRM0302.dll
c:\windows\wt\wtDRM\rDRM0302.dll
c:\windows\wt\wtupdates\wtdmmp\files\3.0.2.000\wtdmmp.dll
c:\windows\wt\wtupdates\wtdmmp\files\3.0.2.000\wtdmmpi.jar
c:\windows\wt\wtupdates\wtdmmp\files\3.0.2.000\wtdmmpv.dll
c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))
.
.
2013-02-25 14:04 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7F1F3B98-A7C5-4EF1-A1A6-692DB1D1C0F7}\mpengine.dll
2013-02-24 11:28 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-19 20:06 . 2013-02-19 20:06 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Updater21810
2013-02-19 20:04 . 2013-02-19 20:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HoolappForAndroid
2013-02-18 21:08 . 2013-02-18 21:08 -------- d-----w- c:\windows\DfuDrivers
2013-02-18 15:50 . 2013-02-18 15:53 -------- dc-h--w- c:\windows\ie8
2013-02-16 20:16 . 2013-02-16 20:16 -------- d-----w- c:\program files\iPod
2013-02-16 20:16 . 2013-02-16 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-16 20:16 . 2013-02-16 20:17 -------- d-----w- c:\program files\iTunes
2013-02-16 20:15 . 2013-02-16 20:15 -------- d-----w- c:\program files\Apple Software Update
2013-02-16 20:15 . 2013-02-16 20:15 -------- d-----w- c:\program files\Bonjour
2013-02-16 20:14 . 2013-02-16 20:16 -------- d-----w- c:\program files\Common Files\Apple
2013-02-08 20:30 . 2013-02-08 20:30 -------- d-----w- c:\documents and settings\Airadne&Roddi\Application Data\RealNetworks
2013-02-08 16:35 . 2013-02-08 16:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-06 18:20 . 2013-02-06 18:20 -------- d-----w- c:\documents and settings\Airadne&Roddi\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 16:35 . 2012-02-25 21:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-08 16:35 . 2012-06-24 11:24 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-08 16:35 . 2010-12-17 14:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-07 22:38 . 2012-04-14 07:49 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-07 22:38 . 2011-05-21 10:08 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2012-09-08 18:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 04:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 15:59 . 2012-03-20 19:44 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2004-08-04 04:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-04 04:00 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 14:33 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-04 14:33 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-01-04 01:20 . 2004-08-04 04:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 04:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 04:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-09-13 13:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-24 11:23 . 2013-02-24 11:22 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"kdx"="c:\windows\kdx\KHost.exe" [2006-08-07 2236416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-04 295072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-08-22 26816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator.BERETTA\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-06 17:49 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PCPitstop\\PC Matic\\PCMatic.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21944:TCP"= 21944:TCP:BitComet 21944 TCP
"21944:UDP"= 21944:UDP:BitComet 21944 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/10/2009 10:07 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2012 16:29 65848]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 15:40 390528]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [30/10/2012 14:04 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2012 16:29 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2012 16:29 166840]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [14/09/2011 21:06 169624]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [21/02/2013 19:15 86216]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14/12/2012 17:29 76544]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [14/12/2012 17:30 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [14/12/2012 17:30 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14/12/2012 17:30 95616]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14/12/2012 17:30 67584]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14/12/2012 17:31 27520]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [20/12/2011 02:46 21504]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [17/04/2012 00:26 21520]
S4 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2012 16:29 976728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 22:38]
.
2012-07-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BERETTA-HP_Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16 15:43]
.
2013-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 10:17]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 10:17]
.
2013-02-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 11:11]
.
2013-02-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-02-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-02-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: motive.com\pbttbc.bt
Trusted Zone: pofssavecredit.co.uk\www
Trusted Zone: postoffice.co.uk\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {B947BD34-91CC-4590-9BA0-6F0F0D2028E8} - hxxp://www.productsandservices.bt.com/consumer/consumerProducts/js/BTEmailConfig.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-19 20:06; [email protected]; c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-09-02 12:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MobileBroadband - c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
AddRemove-RealPlayer 16.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-26 14:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(6540)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-02-26 14:39:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-26 14:39
.
Pre-Run: 155,520,020,480 bytes free
Post-Run: 156,659,167,232 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C07136FCCF763F843103B679F6F00FE7
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello haloburn

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#7
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi Gringo

Update as of 27/2/13 I found a plug in firefox that was causing the irritating ads, even though I had already removed from programmes, so all back to normal now. :yeah:

Here's the OTL report Thanks

OTL logfile created on: 26/02/2013 19:18:49 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.48 Mb Total Physical Memory | 503.49 Mb Available Physical Memory | 52.53% Memory free
2.26 Gb Paging File | 1.16 Gb Available in Paging File | 51.40% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.59 Gb Total Space | 146.07 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
Drive D: | 5.70 Gb Total Space | 0.47 Gb Free Space | 8.21% Space Free | Partition Type: FAT32

Computer Name: BERETTA | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
PRC - C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LvApi11\LvApi11.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\phonon4.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
MOD - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (KService) -- C:\Program Files\KService\KService.exe (Kontiki Inc.)
SRV - (CLSched) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (ftsata2) -- system32\DRIVERS\ftsata2.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (RapportCerberus_43926) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ()
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (huawei_cdcacm) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcecm) -- C:\WINDOWS\system32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_ext_ctrl) -- C:\WINDOWS\system32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (RapportBuka) -- C:\WINDOWS\system32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (winusb) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (alcan5wn) -- C:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 81 F9 EE 7B 58 CA 01 [binary data]
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\SearchScopes\{CCEA7375-E472-4108-9508-BBE69C5FD396}: "URL" = http://www.google.co...ie7&rlz=1I7HPEA
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: extension21810%40extension21810.com:0.88.42
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/04 14:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/04 14:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/24 11:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/24 11:22:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

[2011/01/09 12:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2013/02/26 19:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions
[2011/01/11 13:17:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/28 15:29:00 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013/02/25 10:53:25 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
[2013/02/26 19:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged
[2013/02/25 10:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\chrome
[2013/02/25 10:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\defaults
[2013/02/25 10:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\locale
[2013/02/25 10:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\skin
[2013/02/25 10:53:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]\chrome\content\extensionCode
[2013/02/26 19:13:44 | 000,000,000 | ---D | M] ("Giant Savings Extension") -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]
[2013/02/26 19:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\chrome
[2013/02/26 19:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\defaults
[2013/02/26 19:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\locale
[2013/02/26 19:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\skin
[2013/02/26 19:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\staged\[email protected]\chrome\content\extensionCode
[2012/09/14 18:58:00 | 000,621,521 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\extensions\[email protected]
[2013/02/24 11:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/24 11:22:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/24 11:22:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/24 11:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/02/24 11:23:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/04 14:33:54 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/02/10 10:54:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/10 10:54:10 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2013/02/26 14:26:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.BERETTA\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..Trusted Domains: motive.com ([pbttbc.bt] https in Trusted sites)
O15 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..Trusted Domains: pofssavecredit.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..Trusted Domains: postoffice.co.uk ([www] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.bti...lcontrol013.cab (mailhelper Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B947BD34-91CC-4590-9BA0-6F0F0D2028E8} http://www.productsa...EmailConfig.cab (EmailClientUtil Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab (webhelper Class)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C79DFE-6A25-48C0-B0C4-B8881E914877}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68F0273A-E8B7-466C-94E9-C2D002C63E70}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 () - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 16:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 14:09:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/02/26 14:05:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/26 14:05:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/26 14:05:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/26 14:05:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/26 14:05:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/26 14:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/26 13:57:26 | 005,034,894 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2013/02/25 19:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\RK_Quarantine
[2013/02/24 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/21 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Pitstop
[2013/02/19 20:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Updater21810
[2013/02/19 20:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\HoolappForAndroid
[2013/02/18 21:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\DfuDrivers
[2013/02/18 15:50:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/16 20:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/02/16 20:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/16 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/16 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/16 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/02/16 20:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/16 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/08 16:36:08 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/08 16:35:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/08 16:35:59 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/08 16:35:59 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

========== Files - Modified Within 30 Days ==========

[2013/02/26 19:10:55 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/02/26 19:09:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
[2013/02/26 19:08:58 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/26 19:08:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
[2013/02/26 19:08:52 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
[2013/02/26 19:08:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/26 19:01:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/26 18:51:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/26 18:51:12 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 18:50:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/02/26 18:50:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/02/26 15:37:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/26 14:51:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/26 14:26:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/26 14:09:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/26 13:58:27 | 005,034,894 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
[2013/02/25 14:22:44 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/24 18:27:10 | 003,144,426 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Ari.bmp
[2013/02/24 18:03:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/24 12:29:58 | 000,546,135 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\MS007_twirly_lazysusan_web.pdf
[2013/02/22 11:50:48 | 000,983,094 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\new error.bmp
[2013/02/21 19:15:24 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\PC Matic.lnk
[2013/02/20 12:50:43 | 000,000,325 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/02/20 12:50:43 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2013/02/20 12:50:41 | 000,000,014 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/02/19 21:45:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/19 21:03:04 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/02/19 20:01:14 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2013/02/18 22:35:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/18 16:27:00 | 000,035,476 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/02/18 16:22:55 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/18 15:43:05 | 000,199,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/16 20:17:53 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/02/16 20:15:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/14 15:47:46 | 000,443,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/14 15:47:46 | 000,072,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/08 16:35:45 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/08 16:35:40 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/08 16:35:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/08 16:35:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/08 16:35:40 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/08 16:35:39 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/08 16:35:39 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/07 22:38:45 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/07 22:38:45 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/04 21:42:25 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\New Internet Shortcut.url
[2013/01/30 10:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013/02/26 14:05:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/26 14:05:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/26 14:05:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/26 14:05:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/26 14:05:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/24 18:25:28 | 003,144,426 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Ari.bmp
[2013/02/24 12:29:57 | 000,546,135 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\MS007_twirly_lazysusan_web.pdf
[2013/02/22 11:50:48 | 000,983,094 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\new error.bmp
[2013/02/21 19:15:24 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\PC Matic.lnk
[2013/02/19 21:19:57 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/16 20:28:39 | 000,035,476 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/02/16 20:17:53 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/02/16 20:15:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/02/16 20:15:56 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/02/04 21:42:17 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\New Internet Shortcut.url
[2012/02/15 07:44:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 13:55:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/08/08 12:49:22 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/01/25 21:23:48 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 20:13:06 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\setup_ldm.iss
[2006/08/13 20:52:53 | 000,013,192 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat

========== ZeroAccess Check ==========

[2006/04/11 05:49:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Edited by haloburn, 27 February 2013 - 05:55 AM.

  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello haloburn


I found a plug in firefox that was causing the irritating ads, - which one was it?

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    IE - HKU\S-1-5-21-2916009576-3212890739-825859052-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#9
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
hello again Gringo

here is the report you asked for, it didn't pop up but with your info was easy to find Thanks Oh it was Giant Savings extension plug in, sorry nearly forgot. PC is running smoother now and at least no ads everywhere :thumbsup:

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2916009576-3212890739-825859052-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Owner\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: Administrator.BERETTA

User: Airadne&Roddi
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: HP_Owner
->Java cache emptied: 3751 bytes

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.BERETTA

User: Airadne&Roddi
->Flash cache emptied: 85095 bytes

User: All Users

User: Default User
->Flash cache emptied: 56504 bytes

User: HP_Owner
->Flash cache emptied: 75864 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272013_213633
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


Had a feeling that was going to be it when I was looking thru the reports



At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

Advertisements


#11
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Gringo
I ran ComboFix, copied the report, got sidetracked copied and pasted something else, and so lost the report :blush: ... where can I find it, what will it be called?? Thank you
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello haloburn

I would like to see the report so lets see if we can find the report this way.

Extra Combofix Report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok
  • copy and paste the report into this topic for me to review

Gringo
  • 0

#13
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hi there Gringo

Here it is thanks;

ComboFix 13-02-26.01 - HP_Owner 28/02/2013 13:26:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.958.583 [GMT 0:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-27 21:50 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9636478D-41C5-4CD3-8D8F-FF1D98574C00}\mpengine.dll
2013-02-27 12:07 . 2013-02-27 12:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-26 15:25 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-19 20:06 . 2013-02-19 20:06 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Updater21810
2013-02-19 20:04 . 2013-02-19 20:08 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HoolappForAndroid
2013-02-18 21:08 . 2013-02-18 21:08 -------- d-----w- c:\windows\DfuDrivers
2013-02-18 15:50 . 2013-02-18 15:53 -------- dc-h--w- c:\windows\ie8
2013-02-16 20:16 . 2013-02-16 20:16 -------- d-----w- c:\program files\iPod
2013-02-16 20:16 . 2013-02-16 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-16 20:16 . 2013-02-16 20:17 -------- d-----w- c:\program files\iTunes
2013-02-16 20:15 . 2013-02-16 20:15 -------- d-----w- c:\program files\Apple Software Update
2013-02-16 20:15 . 2013-02-16 20:15 -------- d-----w- c:\program files\Bonjour
2013-02-16 20:14 . 2013-02-16 20:16 -------- d-----w- c:\program files\Common Files\Apple
2013-02-08 20:30 . 2013-02-08 20:30 -------- d-----w- c:\documents and settings\Airadne&Roddi\Application Data\RealNetworks
2013-02-06 18:20 . 2013-02-06 18:20 -------- d-----w- c:\documents and settings\Airadne&Roddi\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 13:13 . 2012-04-14 07:49 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 13:13 . 2011-05-21 10:08 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 12:07 . 2012-02-25 21:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-27 12:07 . 2012-06-24 11:24 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-27 12:07 . 2010-12-17 14:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2012-09-08 18:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 04:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 15:59 . 2012-03-20 19:44 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2004-08-04 04:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-04 04:00 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 14:33 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-04 14:33 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-01-04 01:20 . 2004-08-04 04:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 04:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 04:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-04 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-09-13 13:16 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-24 11:23 . 2013-02-24 11:22 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"kdx"="c:\windows\kdx\KHost.exe" [2006-08-07 2236416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-01-04 295072]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2012-08-22 26816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator.BERETTA\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-4-11 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-10-06 17:49 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PCPitstop\\PC Matic\\PCMatic.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21944:TCP"= 21944:TCP:BitComet 21944 TCP
"21944:UDP"= 21944:UDP:BitComet 21944 UDP
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/10/2009 10:07 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2012 16:29 65848]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 15:40 390528]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [30/10/2012 14:04 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2012 16:29 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2012 16:29 166840]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [14/09/2011 21:06 169624]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [21/02/2013 19:15 86216]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [14/12/2012 17:29 76544]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [14/12/2012 17:30 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [14/12/2012 17:30 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [14/12/2012 17:30 95616]
S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [14/12/2012 17:30 67584]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [14/12/2012 17:31 27520]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [20/12/2011 02:46 21504]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [17/04/2012 00:26 21520]
S4 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2012 16:29 976728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:13]
.
2012-07-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BERETTA-HP_Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16 15:43]
.
2013-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 10:17]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 10:17]
.
2013-02-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 11:11]
.
2013-02-28 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-02-28 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-02-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2013-01-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2916009576-3212890739-825859052-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
Trusted Zone: motive.com\pbttbc.bt
Trusted Zone: pofssavecredit.co.uk\www
Trusted Zone: postoffice.co.uk\www
TCP: DhcpNameServer = 192.168.1.254
DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} - hxxps://register.btinternet.com/templates/btmailcontrol013.cab
DPF: {B947BD34-91CC-4590-9BA0-6F0F0D2028E8} - hxxp://www.productsandservices.bt.com/consumer/consumerProducts/js/BTEmailConfig.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\wxb4qim3.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-02 12:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-28 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(6464)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-02-28 13:50:18 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-28 13:50
ComboFix2.txt 2013-02-26 14:39
.
Pre-Run: 156,749,991,936 bytes free
Post-Run: 156,733,378,560 bytes free
.
- - End Of File - - E67E947C850B1CF95C95280E448D6514
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello haloburn

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#15
haloburn

haloburn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
hi there here is the report Gringo

Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 10
Adobe Reader X (10.1.4)
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI-SV92PP Soft Modem
Amazing Adventures The Lost Tomb 1.0.0.5
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI Control Panel
ATI Display Driver
Bejeweled Twist 1.0
Bonjour
BT Broadband Support Tools
BTHomeHub
BufferChm
Byki
Canon MP460 User Registration
Canon MP495 series MP Drivers
Coupon Printer for Windows
Customer Experience Enhancement
DeviceDiscovery
DeviceManagementQFolder
dj_sf_software
Dowmload'n'Burner
Dynomite 2.56s
Dynomite Deluxe 2.71
Easy-WebPrint
Elements 10 Organizer
erLT
FileHippo.com Update Checker
Free Opener
Garmin Communicator Plugin
GearDrvs
Google Update Helper
GoToAssist Corporate
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954708)
HP Boot Optimizer
HP DVD Play 1.0
HP Image Zone Express
HP Imaging Device Functions 9.0
HP Photo Creations
HP Product Detection
HP Software Update
HP Update
HPDiagnosticAlert
HpSdpAppCoreApp
Internet Services
iTunes
J2SE Runtime Environment 5.0 Update 5
Java 7 Update 15
Java Auto Updater
Java™ 6 Update 25
Java™ 6 Update 35
Java™ 6 Update 7
Juniper Networks Cache Cleaner 5.5.0
Juniper Networks Cache Cleaner 6.0.0
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Standard)
LightScribe 1.4.62.1
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.70.0.1100
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
Microsoft Works
Mozilla Firefox 20.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
Mystery P.I. - The Vegas Heist 1.0.0.3
PanoStandAlone
PC Matic 1.1.0.50
PC Pitstop Info Center 1.0.0.16
Plants vs. Zombies
PowerCinema
PS2
PSE10 STI Installer
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quick Letter Writer v10.05.2009
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealUpgrade 1.1
Samsung PC Studio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Segoe UI
Skype™ 5.3
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Status
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB961503)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Easy Transfer
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP