Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/AGENT.7153.A with redirects [Solved]

Started by Steviep , Mar 02 2013 01:19 PM

  • This topic is locked This topic is locked

#1
Steviep
Posted 02 March 2013 - 01:19 PM

Steviep

    Member

  • Member
  • PipPipPip
  • 338 posts
Hi,

My Avira anti virus showed a detection of the above this afternoon and although I clicked to remove it I still seem to be infected with it, could anyone assist?

OTL logfile created on: 02/03/2013 18:21:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stevie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 33.13% Memory free
3.85 Gb Paging File | 2.48 Gb Available in Paging File | 64.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 37.37 Gb Free Space | 50.21% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.48 Gb Total Space | 780.55 Gb Free Space | 83.80% Space Free | Partition Type: NTFS

Computer Name: DELL360 | User Name: Stevie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/02 18:20:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/07 19:26:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/09/07 19:26:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/09/07 19:26:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/09/07 19:26:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/03 09:40:46 | 001,260,440 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 12\Nero Vision\NeroVision.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/01/14 23:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/06/07 11:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/20 12:45:01 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\cbe2539f3b89cf53465ffc4b710e93e2\System.Management.ni.dll
MOD - [2013/01/20 12:42:39 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b0355440ebeea832830f4b654ce4829f\System.EnterpriseServices.ni.dll
MOD - [2013/01/20 12:42:39 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b0355440ebeea832830f4b654ce4829f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/20 12:42:37 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\f711a3947215ce03c71314d0fd35c171\System.Transactions.ni.dll
MOD - [2013/01/20 12:42:22 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\ed2945a66fcc5d59b77e986b485e2e97\Microsoft.VisualC.ni.dll
MOD - [2013/01/20 12:41:46 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\acf3c1c09598ff28c926aaeb9fcf5b4e\System.Xaml.ni.dll
MOD - [2013/01/20 12:34:42 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\72897fe2c7ab10621e90526863a3a492\PresentationFramework.ni.dll
MOD - [2013/01/20 12:34:21 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a0e2726fc2be626fad953d1a3ec49051\PresentationCore.ni.dll
MOD - [2013/01/20 12:34:06 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\97318300be8453ef8a4b934f5f79b9ac\WindowsBase.ni.dll
MOD - [2013/01/20 12:30:52 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\a5abe2f70b67e025cccd8e5007d7efa5\System.Configuration.ni.dll
MOD - [2013/01/20 12:30:36 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\4e2cac0827fc76ba1caa25443cc4ca61\System.Xml.ni.dll
MOD - [2013/01/20 12:30:34 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\6843b8d870b86b04ff939822a282f7cc\System.Data.ni.dll
MOD - [2013/01/20 12:30:22 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ffea95c32cab6d4e56ff8027c1b8de21\System.Core.ni.dll
MOD - [2013/01/20 12:29:43 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\da100161503047a994c55c9832d72ce7\System.ni.dll
MOD - [2013/01/20 12:29:32 | 014,413,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/09/07 19:26:20 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/08/03 09:40:44 | 000,134,552 | ---- | M] () -- C:\Program Files\Nero\Nero 12\Nero Vision\EditingProxy.dll
MOD - [2012/07/19 18:06:48 | 000,090,920 | ---- | M] () -- C:\Program Files\Nero\Nero 12\Nero Vision\Nero3D\lib3ds-1.3.dll
MOD - [2012/07/19 18:06:48 | 000,071,064 | ---- | M] () -- C:\Program Files\Nero\Nero 12\Nero Vision\Nero3D\zlib1.dll
MOD - [2010/11/02 07:33:58 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
MOD - [2008/10/28 11:44:00 | 002,514,944 | ---- | M] () -- C:\Program Files\Power Video Converter\ffdshow.ax
MOD - [2008/04/14 12:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 12:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2013/01/08 20:54:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/07 19:26:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/07 19:26:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/01/14 23:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/06/11 13:58:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/06/07 11:46:24 | 000,942,080 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Unknown (0) | On_Demand | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/07 23:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/09/07 19:26:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/07 19:26:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/07 19:26:23 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/26 12:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/11/10 03:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/10/27 01:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/10/27 01:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/01/14 23:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 23:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 23:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/04 19:36:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/04 08:34:20 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/06/19 17:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/04/13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/07 00:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/03/20 10:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BF6ECD4B-F767-45E8-8E28-2628ABD50234}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {BF6ECD4B-F767-45E8-8E28-2628ABD50234}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = http://www.google.co...1I7ADFA_enGB493
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/12 22:10:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/05 20:35:58 | 000,000,000 | ---D | M]

[2012/11/08 20:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions
[2012/11/08 20:32:57 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://uk.yahoo.com?fr=fpc-comodo
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/05/11 15:53:11 | 000,434,052 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14941 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky...censefinder.cab (Kaspersky License Finder)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1350221284562 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.bti...bcontrol028.cab (webhelper Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A1732D-8D17-4CCA-B27F-9F22AC0E7875}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Stevie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/21 22:02:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/02 18:14:20 | 000,000,082 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 18:20:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2013/03/02 14:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/02 14:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/02 14:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/02 14:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/03/02 14:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/02/11 14:49:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stevie\Recent
[2013/02/05 21:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Desktop\brians books

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2013/03/02 18:20:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2013/03/02 18:09:43 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/02 17:24:46 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
[2013/03/02 14:45:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/02 14:44:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/02 14:04:39 | 000,005,018 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2013/03/02 14:03:30 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/02/17 19:07:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/17 03:03:56 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/17 03:03:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
[2013/02/16 16:50:50 | 000,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/16 16:48:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 19:32:52 | 000,612,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 19:32:52 | 000,124,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/11 12:41:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\
[2013/03/02 14:03:30 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/02 14:01:48 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2013/02/17 19:07:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:03:38 | 000,388,658 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/13 11:04:25 | 000,289,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/22 18:50:11 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2012/10/22 18:50:10 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2012/10/22 17:57:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012/02/19 14:53:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 16:05:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/11/12 16:05:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/05/02 20:46:31 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Stevie\.asadminpass
[2011/04/13 21:50:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/03 12:22:49 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPod Access v4 Prefs
[2011/01/03 12:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccessv4_OwnerName
[2011/01/03 12:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\iPodAccessv4_OwnerName
[2011/01/03 12:19:41 | 000,000,009 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccess_Time
[2010/11/03 16:51:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/09/30 21:37:43 | 001,014,870 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\[j0012]-[p01].bmp
[2010/08/25 13:56:53 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E8FEA67A3C.sys
[2010/08/25 13:56:52 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/04 22:41:26 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Stevie\.recently-used.xbel
[2010/02/02 19:23:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\$_hpcst$.hpc
[2009/10/04 08:44:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/02 09:29:56 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Stevie\default.pls
[2009/05/01 15:42:20 | 000,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/22 17:49:15 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/01/10 23:01:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB53386$\1533309969\L
[2012/01/10 23:02:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB53386$\1533309969\U
[2009/06/11 15:03:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 23:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/02 14:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/01/03 10:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2010/03/02 22:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/11 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/08/25 13:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/05/02 09:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/08/11 16:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/04/22 17:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/09/28 17:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/01/12 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/08/15 15:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/11 05:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2011/11/12 15:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/05/01 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/08/25 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/08/17 19:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/23 16:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/15 15:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/25 13:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/17 20:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2011/08/29 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/24 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/19 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/28 19:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/19 18:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\ALK Technologies
[2012/05/07 19:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Audacity
[2013/01/18 22:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\avidemux
[2009/04/23 21:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/03/02 14:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\BitTorrent
[2011/01/03 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\BSD
[2012/11/08 20:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\calibre
[2010/12/10 03:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/19 15:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\DMCache
[2010/03/04 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\gtk-2.0
[2009/04/22 17:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Leadertech
[2010/08/10 05:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\MAGIX
[2010/04/22 21:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Nokia
[2012/02/26 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Oracle
[2010/09/28 17:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\PC Suite
[2010/08/15 15:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\proDAD
[2010/08/17 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Publish Providers
[2011/11/12 16:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Samsung
[2009/06/11 15:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Skinux
[2009/05/21 21:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\SlySoft
[2010/08/19 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Sony
[2011/11/12 15:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Temp
[2012/12/24 12:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ulead Systems
[2011/05/12 06:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\updatetool
[2012/12/10 21:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\uTorrent
[2009/04/24 05:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Windows Desktop Search
[2009/05/04 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Windows Search
[2010/03/02 23:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\WindSolutions
[2010/03/09 17:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zoner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:D59F9C6CB5E098C5
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >
OTL Extras logfile created on: 02/03/2013 18:21:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stevie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 33.13% Memory free
3.85 Gb Paging File | 2.48 Gb Available in Paging File | 64.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 37.37 Gb Free Space | 50.21% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.48 Gb Total Space | 780.55 Gb Free Space | 83.80% Space Free | Partition Type: NTFS

Computer Name: DELL360 | User Name: Stevie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Stevie\Local Settings\temp\java_ee_sdk-6u2-jdk-windows.exe2\jdk\jre\bin\javaw.exe" = C:\Documents and Settings\Stevie\Local Settings\temp\java_ee_sdk-6u2-jdk-windows.exe2\jdk\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\glassfish3\jdk\bin\java.exe" = C:\glassfish3\jdk\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Stevie\Local Settings\temp\java_ee_sdk-6u2-jdk-windows.exe3\jdk\jre\bin\javaw.exe" = C:\Documents and Settings\Stevie\Local Settings\temp\java_ee_sdk-6u2-jdk-windows.exe3\jdk\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent
"C:\Documents and Settings\Stevie\Desktop\BitTorrent.exe" = C:\Documents and Settings\Stevie\Desktop\BitTorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Nero\KM\KwikMedia.exe" = C:\Program Files\Nero\KM\KwikMedia.exe:*:Enabled:Nero Kwik Media -- (Nero AG)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}" = Nero Video Transitions 1
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D25D881-7183-462F-95C8-990CA1944E0B}" = Nero PiP Effects 1
"{4E7AC009-5212-499F-942F-A5AA42AE359E}" = Nero 12 Content Pack
"{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}" = Nero Holiday and Sports Themes
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5FE917F6-88DB-82FC-AC44-EDF00C57EF21}" = BBC iPlayer Desktop
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}" = Nero Football (Soccer) Themes
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{82931CCC-65F4-5A50-57AD-AE6DF6B10929}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}" = Nero Retro Film Themes
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}" = Nero Platinum Effects 12
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955BF340-C379-4375-AA2F-F3BCB2A498AB}" = Nero Family and Events Themes
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2393794-69B8-CD96-80CB-746DD220C15B}" = AMD Catalyst Install Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C05B5E9B-FE9D-48C7-9D7C-35DA238A9DE8}" = WD Software Upgrader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE675FBD-75C3-45F1-B6AF-8D250861D536}" = Nero Disc Menus 3
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6B79F07-62D1-46C9-A225-625ACC748144}" = Diskeeper Professional Premier Edition
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EEBF1676-AF87-4266-93D8-0C14A34C4217}" = Nero Disc Menus 1
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F4163F-6A2D-48BA-BC36-23C33B0ECDB5}" = calibre
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}" = Nero Disc Menus 2
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"AC3ACM" = AC-3 ACM Codec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PowerISO" = PowerISO
"TVEpaDrv" = Roxio Video Capture USB Driver
"VLC media player" = VLC media player 2.0.5
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/02/2013 17:40:54 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = 816: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 25/02/2013 17:44:45 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 25/02/2013 17:44:45 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = 800: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 25/02/2013 18:02:04 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 25/02/2013 18:02:04 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 26/02/2013 13:07:39 | Computer Name = DELL360 | Source = Application Error | ID = 1000
Description = Faulting application TFService.exe, version 4.10.1.14, faulting module
msvcr80.dll, version 8.0.50727.6195, fault address 0x00014884.

Error - 01/03/2013 14:02:45 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 01/03/2013 14:02:45 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = 820: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 01/03/2013 14:02:46 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 01/03/2013 14:02:46 | Computer Name = DELL360 | Source = Bonjour Service | ID = 100
Description = 820: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 02/03/2013 10:42:43 | Computer Name = DELL360 | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{aff0bbaa-3025-11de-9726-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070020.

[ OSession Events ]
Error - 04/05/2009 18:17:06 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24911
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 11/06/2009 14:50:15 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8749
seconds with 540 seconds of active time. This session ended with a crash.

Error - 29/11/2009 04:44:56 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/05/2010 17:52:24 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 70
seconds with 60 seconds of active time. This session ended with a crash.

Error - 18/10/2010 13:36:35 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6215.1000. This session lasted 193
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/01/2011 15:50:38 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6215.1000. This session lasted 234
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/04/2012 12:06:42 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 124
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/04/2012 12:08:42 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/02/2013 17:48:33 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 25/02/2013 17:48:55 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 25/02/2013 17:49:55 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 25/02/2013 17:56:24 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7034
Description = The WDFMEService service terminated unexpectedly. It has done this
1 time(s).

Error - 25/02/2013 17:56:28 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7034
Description = The WDRulesService service terminated unexpectedly. It has done this
1 time(s).

Error - 25/02/2013 17:56:34 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7034
Description = The WDDMService service terminated unexpectedly. It has done this
1 time(s).

Error - 25/02/2013 18:03:06 | Computer Name = DELL360 | Source = DCOM | ID = 10010
Description = The server {6812639B-FD61-4329-9901-22CFDBD690FE} did not register
with DCOM within the required timeout.

Error - 26/02/2013 13:08:06 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7034
Description = The ThreatFire service terminated unexpectedly. It has done this
1 time(s).

Error - 02/03/2013 09:48:55 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 02/03/2013 09:49:55 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1058


< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 03 March 2013 - 08:27 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Steviep

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Steviep
Posted 03 March 2013 - 09:35 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi thanks for helping, here are the logs

Results of screen317's Security Check version 0.99.60
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
ThreatFire
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.0.3
Java™ 6 Update 30
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9
Adobe Reader XI
Google Chrome 24.0.1312.57
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ThreatFire TFService.exe
Comodo Firewall cmdagent.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````


# AdwCleaner v2.113 - Logfile created 03/03/2013 at 15:24:21
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Stevie - DELL360
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Stevie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1321 octets] - [03/03/2013 15:24:21]

########## EOF - C:\AdwCleaner[S2].txt - [1381 octets] ##########


RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Stevie [Admin rights]
Mode : Scan -- Date : 03/03/2013 15:31:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7AD435C)
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0xF7AD4316)
SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7AD4366)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7AD430C)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0xF7AD431B)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0xF7AD4325)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7AD4357)
SSDT[98] : NtLoadKey @ 0x80626384 -> HOOKED (Unknown @ 0xF7AD432A)
SSDT[119] : NtOpenKey @ 0x8062553E -> HOOKED (TfSysMon.sys @ 0xF719390C)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7AD42F8)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7AD42FD)
SSDT[177] : NtQueryValueKey @ 0x80622384 -> HOOKED (Unknown @ 0xF7AD437F)
SSDT[193] : NtReplaceKey @ 0x80626234 -> HOOKED (Unknown @ 0xF7AD4334)
SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7AD4370)
SSDT[204] : NtRestoreKey @ 0x80625B40 -> HOOKED (Unknown @ 0xF7AD432F)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7AD436B)
SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7AD4375)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0xF7AD4320)
SSDT[255] : NtSystemDebugControl @ 0x80618134 -> HOOKED (Unknown @ 0xF7AD437A)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xF7AD4307)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7AD438E)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7AD4393)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380815AS +++++
--- User ---
[MBR] 6624f4d222a39ecb4cb8c63f7ad67f4e
[BSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 76206 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03032013_02d1531.txt >>
RKreport[1]_S_03032013_02d1531.txt
  • 0

#4
gringo_pr
Posted 03 March 2013 - 10:58 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Steviep

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
Steviep
Posted 03 March 2013 - 01:47 PM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi I've tried running Combofix twice now, each tine it says it has to reboot the system as its found Rootkit activity then its runs the autoscan and after it says complete 50 the system crashes with a blue screnn which says Bad-Pool-Header at the top.
  • 0

#6
gringo_pr
Posted 03 March 2013 - 03:16 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Steviep

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
  • 0

#7
Steviep
Posted 03 March 2013 - 04:52 PM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
ComboFix 13-03-02.01 - Stevie 03/03/2013 22:34:13.7.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1756 [GMT 0:00]
Running from: c:\documents and settings\Stevie\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\E8FEA67A3C.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\muzapp.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 )))))))))))))))))))))))))))))))
.
.
2013-03-02 14:02 . 2013-03-02 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-02 14:02 . 2013-03-02 14:03 -------- d-----w- c:\program files\iTunes
2013-03-02 14:01 . 2013-03-02 14:01 -------- d-----w- c:\program files\Apple Software Update
2013-03-02 14:01 . 2012-12-13 13:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-03-02 14:01 . 2012-12-13 13:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-03-02 14:01 . 2013-03-02 14:01 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 14:04 . 2010-08-25 13:56 5018 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-08 20:54 . 2012-07-22 19:00 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:54 . 2012-03-18 19:31 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54 . 2012-09-24 15:54 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-07 01:19 . 2008-04-14 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-14 12:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 12:00 148992 ------w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 12:00 1292288 ------w- c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2010-11-03 22:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stevie^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Stevie\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stevie^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Stevie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stevie^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Stevie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-12-20 21:58 6750448 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 13:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-04 19:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-09-07 19:26 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2012-11-07 23:37 6756048 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-03-26 07:34 306688 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 16:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-07-07 09:56 150040 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-02 16:51 928656 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-11-02 16:52 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-02 16:51 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-07 09:56 141848 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 14:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-05-17 16:03 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-11-09 21:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-14 23:08 378128 ----a-w- c:\program files\ThreatFire\TFTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\glassfish3\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Nero\\KM\\KwikMedia.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [20/05/2011 18:27 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/11/2009 19:36 721904]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [14/01/2010 22:45 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [14/01/2010 22:46 59664]
S0 cerc6;cerc6; [x]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/09/2012 19:30 36000]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [02/05/2011 19:36 497952]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/05/2011 19:36 32640]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11:03 169312]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/09/2012 19:30 86224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [12/11/2011 16:05 238952]
S2 gupdate1c9c4557151c6be;Google Update Service (gupdate1c9c4557151c6be);c:\program files\Google\Update\GoogleUpdate.exe [23/04/2009 20:52 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [14/10/2012 14:37 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/11/2010 22:31 682344]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [13/07/2012 16:27 769432]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 02:18 360224]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [01/08/2011 09:11 263056]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [01/08/2011 09:11 1592208]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [01/08/2011 09:11 1091984]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [14/10/2012 14:41 103040]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/11/2011 15:25 78136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/11/2011 16:05 36608]
S3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [21/04/2009 22:21 176640]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [04/05/2009 16:06 28672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/11/2010 22:31 21104]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/11/2011 15:25 181432]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [14/01/2010 22:46 33552]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 15:06 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 17:02 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 20:54]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 20:52]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 20:52]
.
2013-03-03 c:\windows\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
Trusted Zone: o2.co.uk\*.broadband
TCP: DhcpNameServer = 192.168.0.1
DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-V Stuff Backup - c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-03 22:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,2f,c7,12,09,b9,1a,44,85,6f,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,2f,c7,12,09,b9,1a,44,85,6f,bd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2013-03-03 22:48:23
ComboFix-quarantined-files.txt 2013-03-03 22:48
.
Pre-Run: 44,811,042,816 bytes free
Post-Run: 44,838,580,224 bytes free
.
- - End Of File - - 6E7F696D9CECB35B4AFD95B602DFA600
  • 0

#8
gringo_pr
Posted 03 March 2013 - 08:19 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Steviep

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#9
Steviep
Posted 04 March 2013 - 02:27 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Hi had to run in safe mode again and Combofix said system was infected by zero access? Also when I connect to the internet after a reboot I get a message to say that Internet Explrer is not my default browser do I want to make it that - had this the last few restarts

here is the log

ComboFix 13-03-02.01 - Stevie 04/03/2013 8:08.9.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1757 [GMT 0:00]
Running from: c:\documents and settings\Stevie\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stevie\Desktop\CFScript.txt.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2013-02-04 to 2013-03-04 )))))))))))))))))))))))))))))))
.
.
2013-03-02 14:02 . 2013-03-02 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-03-02 14:02 . 2013-03-02 14:03 -------- d-----w- c:\program files\iTunes
2013-03-02 14:01 . 2013-03-02 14:01 -------- d-----w- c:\program files\Apple Software Update
2013-03-02 14:01 . 2012-12-13 13:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-03-02 14:01 . 2012-12-13 13:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-03-02 14:01 . 2013-03-02 14:01 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 14:04 . 2010-08-25 13:56 5018 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-08 20:54 . 2012-07-22 19:00 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:54 . 2012-03-18 19:31 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:54 . 2012-09-24 15:54 15739912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-07 01:19 . 2008-04-14 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2008-04-14 00:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-04-14 12:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 12:00 148992 ------w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 12:00 1292288 ------w- c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2010-11-03 22:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stevie^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Stevie\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stevie^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Stevie\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Stevie^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Stevie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-12-20 21:58 6750448 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 13:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-07-04 19:13 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-09-07 19:26 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2012-11-07 23:37 6756048 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-03-26 07:34 306688 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 16:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-07-07 09:56 150040 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-02 16:51 928656 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-11-02 16:52 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-02 16:51 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-07 09:56 141848 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 14:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2007-08-07 00:05 200704 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-05-17 16:03 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-11-09 21:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-14 23:08 378128 ----a-w- c:\program files\ThreatFire\TFTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\glassfish3\\jdk\\bin\\java.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Nero\\KM\\KwikMedia.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [20/05/2011 18:27 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/11/2009 19:36 721904]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [14/01/2010 22:45 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [14/01/2010 22:46 59664]
S0 cerc6;cerc6; [x]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/09/2012 19:30 36000]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [02/05/2011 19:36 497952]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/05/2011 19:36 32640]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 11:03 169312]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/09/2012 19:30 86224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [12/11/2011 16:05 238952]
S2 gupdate1c9c4557151c6be;Google Update Service (gupdate1c9c4557151c6be);c:\program files\Google\Update\GoogleUpdate.exe [23/04/2009 20:52 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [14/10/2012 14:37 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [03/11/2010 22:31 682344]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [13/07/2012 16:27 769432]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 02:18 360224]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [01/08/2011 09:11 263056]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [01/08/2011 09:11 1592208]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [01/08/2011 09:11 1091984]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [14/10/2012 14:41 103040]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [12/11/2011 15:25 78136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/11/2011 16:05 36608]
S3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [21/04/2009 22:21 176640]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [04/05/2009 16:06 28672]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/11/2010 22:31 21104]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [12/11/2011 15:25 181432]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [14/01/2010 22:46 33552]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 15:06 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 17:02 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 20:54]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 20:52]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-23 20:52]
.
2013-03-03 c:\windows\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
Trusted Zone: o2.co.uk\*.broadband
TCP: DhcpNameServer = 192.168.0.1
DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-04 08:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,2f,c7,12,09,b9,1a,44,85,6f,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,2f,c7,12,09,b9,1a,44,85,6f,bd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1040)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2013-03-04 08:22:02
ComboFix-quarantined-files.txt 2013-03-04 08:22
ComboFix2.txt 2013-03-03 22:48
.
Pre-Run: 44,706,648,064 bytes free
Post-Run: 44,718,776,320 bytes free
.
- - End Of File - - C8E71C62AF4FF06821AB554C0FDDE0AA

Edited by Steviep, 04 March 2013 - 02:30 AM.

  • 0

#10
gringo_pr
Posted 04 March 2013 - 02:30 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Steviep

I have seen that happen on XP computers once Zerro acces was removed

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

Advertisements

#11
Steviep
Posted 04 March 2013 - 02:32 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
32 Bit HP CIO Components Installer
AC-3 ACM Codec
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 7.0
Adobe Reader 9.3.4
Adobe Reader XI (11.0.01)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
BBC iPlayer Desktop
Bonjour
Broadcom Gigabit NetLink Controller
BufferChm
C4600
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
ccc-utility
CCC Help English
CCScore
CloneDVD2
CloneDVDmobile
COMODO Internet Security
Contents
Corel VideoStudio Pro X3
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Destinations
DeviceDiscovery
DeviceIO
DirectX 9 Runtime
Diskeeper Professional Premier Edition
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FileHippo.com Update Checker
Free FLAC to MP3 Converter 1.0
Google Chrome
Google Earth
Google Earth Pro
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
HP Print Projects 1.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
ICA
Intel® Graphics Media Accelerator Driver
IPM_VS_Pro
iTunes
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 30
JavaFX 2.0.3
K-Lite Codec Pack 4.7.5 (Full)
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 2.0
Microsoft WSE 3.0
MLE
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 12
Nero 12 Content Pack
Nero Abstract Themes
Nero Audio Pack 1
Nero BackItUp
Nero BackItUp Help (CHM)
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero Cliparts
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus 1
Nero Disc Menus 2
Nero Disc Menus 3
Nero Disc Menus Basic
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Family and Events Themes
Nero Football (Soccer) Themes
Nero Holiday and Sports Themes
Nero Image Samples
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero PiP Effects 1
Nero PiP Effects Basic
Nero Platinum Effects 12
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero Retro Film Themes
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
Nero Video Samples
Nero Video Transitions 1
neroxml
netbrdg
OfotoXMI
OGA Notifier 2.0.0048.0
PMB
PowerISO
Prerequisite installer
PS_AIO_05_C4600_Software_Min
PureHD
Roxio Central
Roxio Video Capture USB Driver
Samsung Kies
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SES Driver
Setup
SFR
Share
SHASTA
skin0001
SKINXSDK
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
staticcr
Status
The Lord of the Rings FREE Trial
ThreatFire
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VIO
VLC media player 2.0.5
VPRINTOL
VSClassic
VSPro
WD SmartWare
WD Software Upgrader
WebFldrs XP
WebReg
Welcome App (Start-up experience)
WinAVI MP4 Converter
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR 4.20 (32-bit)
WIRELESS
Xvid 1.2.2 final uninstall
Zoner Photo Studio 12
  • 0

#12
gringo_pr
Posted 04 March 2013 - 02:39 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.4
Java 7 Update 9
Java™ 6 Update 30
JavaFX 2.0.3

 [/list]

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#13
Steviep
Posted 04 March 2013 - 03:26 AM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.04.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Stevie :: DELL360 [administrator]

04/03/2013 09:05:27
mbam-log-2013-03-04 (09-05-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240647
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:21:25, on 04/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...t/PCPitStop.CAB
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} (Kaspersky License Finder) - http://www.kaspersky...censefinder.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.suppor...FixItClient.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1240353057735
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1350221284562
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.bti...bcontrol028.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9c4557151c6be) (gupdate1c9c4557151c6be) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

--
End of file - 11706 bytes

Edited by Steviep, 04 March 2013 - 08:02 AM.

  • 0

#14
gringo_pr
Posted 04 March 2013 - 12:01 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#15
Steviep
Posted 04 March 2013 - 02:50 PM

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Common Files\Nero\Patch.exe a variant of Win32/HackTool.Patcher.AD application
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP