Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

16 bit ms-dos subsystem error


  • Please log in to reply

#16
Whit3436

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi crooleeck

Find attached the Silent Runners Log. I had to reinstate the Relcon Auto Copy on startup as it is an important part of my backup routine.

Once again many thanks for your help.

Whit3436

Attached Files


  • 0

Advertisements


#17
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Whit3436, looks good, but I want to check other area before I say 'all clear' :).

Step 1:
Eset Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 / 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    Posted Image
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 2:
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Before you finished, on Completing the Malwarebytes Anti-Malware Setup Wizard tab untick Enable free trial of Malwarebytes Anti-Malware PRO

Posted Image

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Keep in mind to post logs ;)
  • 0

#18
Whit3436

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi crooleeck
Logs as requested:
C:\Users\JBW\Downloads\sdfix.exe Win32/PrcView application
C:\Documents and Settings\JBW\Downloads\sdfix.exe Win32/PrcView application deleted - quarantined
C:\Downloads\Adaware_Installer.exe Win32/OpenCandy application deleted - quarantined
C:\Work Tasks\Freecom USB 3 Files\PC\Software\Nero BackItUp\setup.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.23.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
JBW :: SERVER [administrator]

23/04/13 06:29:45
mbam-log-2013-04-23 (06-29-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289854
Time elapsed: 9 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Many thanks

Whit3436
  • 0

#19
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Please do following updates to increase security:

Step 1:
Download and install Internet Explorer 10
Note:
If english is not your system language, please type Internet Explorer 10 in google and download from Microsoft site proper version.

Step 2:
Security upadtes:
Please go to Start Menu -> Control Panel -> Programs and Features and remove following programs:
  • Java 7 Update 17
  • Adobe Flash Player 11 ActiveX
  • Adobe Reader X (10.1.6)


Be adviced that security experts recommends to turn off Java. However if you decide you must use Java, download and install new version from Java.com

Warning.
Remember to install only software that you need. Adobe installators often install another software by default. Always check what you are installing. Unckeck optional software install:

Posted Image

Step 3:
Download and install Adobe Flash Player 11.

Adobe Flash description:
Active X version is for Internet Explorer. Plug-in for others.
32/64 bit: In most cases 32-bit version is the best choice. 64-bit Adobe Flash will work in 64-bit browswers. For now 32-bit Adobe Flash version with 32-bit browser on 64-bit OS is still good choice.

Step 4:
PDF Reader. You have installed Adobe Reader 10. Please install new version or try alternative:

I like first one.

Step 5:
Posted ImageOTL Quick Scan

Run OTL again:

Posted Image

and hit Quick Scan button:

Posted Image

This scan won't take long. Please post log in next replay.

In your next post I want to see:
  • OTL Quick Scan log.

Do you think something is wrong?
  • 0

#20
Whit3436

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Crooleeck

OTL Log:
OTL logfile created on: 24/04/13 08:22:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Computer Fix
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

3.24 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 63.51% Memory free
6.48 Gb Paging File | 5.17 Gb Available in Paging File | 79.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 833.75 Gb Total Space | 747.55 Gb Free Space | 89.66% Space Free | Partition Type: NTFS
Drive G: | 97.66 Gb Total Space | 92.60 Gb Free Space | 94.82% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: JBW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Computer Fix\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe (Microsoft)
PRC - C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
PRC - C:\Postcode\AFDService.exe (AFD Computers)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - c:\Programs\Focus\ocp\OCPClient.exe (Ocuco Ltd.)
PRC - C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe (Gemalto)
PRC - C:\Reltem\OCPDaemon.exe (Ocuco Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8512de7f67e0dedb9389e0cd471af0e7\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3f84870783e405d3c07cc8d8846f0750\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
MOD - C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()


========== Services (SafeList) ==========

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (Sage AutoUpdate Manager Service) -- C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe (Microsoft)
SRV - (afdReg) -- C:\Postcode\AFDService.exe (AFD Computers)
SRV - (OCPService) -- c:\programs\focus\ocp\OCPClient.EXE (Ocuco Ltd.)
SRV - (GslShmSrvc) -- C:\Program Files\Gemalto\Classic Client\BIN\GslShmSrvc.exe (Gemalto)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (OCPDaemon) -- C:\Reltem\OCPDaemon.exe (Ocuco Ltd.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (BCUService) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcfXAudioService) -- C:\Windows\System32\ACFXAU32.dll (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (MSICDSetup) -- D:\CDriver.sys File not found
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® 2000 DDK provider)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (acfva) -- C:\Windows\System32\drivers\ACFVA32.sys (Conexant Systems Inc.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (GPinPad) -- C:\Windows\System32\drivers\GPinPad.sys (Gemalto)
DRV - (dgcfltr) -- C:\Windows\System32\drivers\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\ACFXAU32.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (FLASHSYS) -- C:\Program Files\MSI\Live Update 4\LU4\FlashSys.sys ()
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\ACFSDK32.sys (Conexant)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.whitakersopticians.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{21D5B1CD-5E87-4579-8B85-9790EDDD6F57}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{4BF3FC2F-59FA-41d2-AC43-959597B7DF34}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...GGHP_en-GBGB430
IE - HKCU\..\SearchScopes\{8B134EB3-3F34-4e55-AFF6-FF59BD311EA5}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@gemalto.com/eSigner4x: C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/10/27 11:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.whitakersopticians.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Classic eSigner Plug-in for Mozilla (Enabled) = C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\JBW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\JBW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JBW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\JBW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\JBW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\JBW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/25 09:20:45 | 000,446,020 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15316 more lines...
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RegTool] C:\Program Files\Gemalto\Classic Client\BIN\RegTool.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\JBW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Relcon Auto Copy.exe (Relcon)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O12 - Plugin for: .csd - C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
O12 - Plugin for: .esd - C:\Program Files\Gemalto\eSigner4\plugin\NXPlugIn.dll (Gemalto)
O12 - Plugin for: .i4t - C:\Program Files\Gemalto\eSigner4\plugin\npClassicESigner.dll (Gemalto)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: bacs.co.uk ([paymentservices] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([ams] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([ibank1.bib] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.com ([www.iceb] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclays.net ([cashmanagement] https in Trusted sites)
O15 - HKLM\..Trusted Domains: barclayswealth.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: fpsdca.co.uk ([paymentservices] https in Trusted sites)
O15 - HKLM\..Trusted Domains: tradeonlineservices.com ([europe] https in Trusted sites)
O15 - HKLM\..Trusted Domains: voca.com ([iplservices] https in Trusted sites)
O15 - HKCU\..Trusted Domains: nhs.net ([web] https in Trusted sites)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.120.234.26 62.6.40.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B86EAF7-9FBE-42CE-9B30-FEA7D2C6E2EF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A016AF20-47C2-4FC4-B1C4-EDAEB88EBE5A}: DhcpNameServer = 213.120.234.26 62.6.40.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C096A644-6631-41CA-A896-2536B8FFED1B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/19 08:14:11 | 000,000,000 | ---D | C] -- C:\Computer Fix
[2013/04/19 08:10:45 | 000,073,728 | ---- | C] (Relcon) -- C:\Users\JBW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Relcon Auto Copy.exe
[2013/04/10 13:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/04/10 13:03:26 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/04/10 08:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 08:20:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/09 08:20:20 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/09 08:08:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/08 08:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/25 18:36:22 | 000,000,000 | ---D | C] -- C:\Users\JBW\AppData\Local\PSU

========== Files - Modified Within 30 Days ==========

[2013/04/24 08:20:04 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/24 08:05:20 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 08:05:20 | 000,015,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 08:02:44 | 000,631,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/24 08:02:44 | 000,111,480 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/24 07:58:27 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/24 07:57:49 | 000,012,004 | ---- | M] () -- C:\Windows\postcode.ini
[2013/04/24 07:57:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/24 07:57:31 | 2610,470,912 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/23 16:45:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 14:39:39 | 000,005,270 | ---- | M] () -- C:\ DRS Appointments.rtf
[2013/04/23 11:45:53 | 001,019,858 | ---- | M] () -- C:\Users\JBW\Desktop\Franking Machine Company.jpg
[2013/04/23 06:28:11 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/16 14:55:56 | 000,017,980 | ---- | M] () -- C:\Windows\Sage.ini
[2013/04/16 14:53:10 | 000,001,268 | ---- | M] () -- C:\Windows\System32\SGLCH32.USR
[2013/04/15 10:38:07 | 000,000,000 | ---- | M] () -- C:\Windows\map.ini
[2013/04/15 09:57:26 | 000,000,728 | ---- | M] () -- C:\Windows\SGREP32.INI
[2013/04/10 15:02:23 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/10 14:50:43 | 000,001,137 | ---- | M] () -- C:\Users\JBW\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/04/10 13:20:21 | 000,412,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/10 08:40:09 | 000,002,227 | ---- | M] () -- C:\Users\JBW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 08:16:57 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 08:32:35 | 421,174,379 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 10:05:50 | 000,018,636 | ---- | M] () -- C:\ 1st Retinal Invoice.rtf
[2013/04/02 12:01:56 | 000,000,034 | RHS- | M] () -- C:\Windows\afdpc.flg
[2013/03/25 18:19:57 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url
[2013/03/25 15:47:04 | 000,000,530 | ---- | M] () -- C:\SAL2503.CSV
[2013/03/25 09:20:45 | 000,446,020 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2013/04/24 08:20:04 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/24 08:20:03 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/23 11:45:53 | 001,019,858 | ---- | C] () -- C:\Users\JBW\Desktop\Franking Machine Company.jpg
[2013/04/10 15:02:23 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/10 08:16:57 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/10 08:16:57 | 000,002,227 | ---- | C] () -- C:\Users\JBW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:19:01 | 000,005,270 | ---- | C] () -- C:\ DRS Appointments.rtf
[2013/03/25 15:47:04 | 000,000,530 | ---- | C] () -- C:\SAL2503.CSV
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2012/11/03 10:09:51 | 000,000,493 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/01 22:36:12 | 000,263,318 | ---- | C] () -- C:\Users\JBW\AppData\Local\census.cache
[2012/11/01 22:35:34 | 000,129,136 | ---- | C] () -- C:\Users\JBW\AppData\Local\ars.cache
[2012/11/01 21:57:44 | 000,000,036 | ---- | C] () -- C:\Users\JBW\AppData\Local\housecall.guid.cache
[2012/09/14 15:34:06 | 000,368,640 | ---- | C] () -- C:\Windows\System32\SGCDlg32.dll
[2012/09/14 15:34:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGStat32.dll
[2012/09/14 15:33:50 | 000,372,736 | ---- | C] () -- C:\Windows\System32\SGList32.dll
[2012/09/14 15:33:34 | 000,303,104 | ---- | C] () -- C:\Windows\System32\SGTool32.dll
[2012/09/14 15:33:28 | 000,012,288 | ---- | C] ( ) -- C:\Windows\System32\Interop.SGSTDREGLib.dll
[2012/09/14 15:33:14 | 000,122,880 | ---- | C] () -- C:\Windows\System32\SGSchemeXP.dll
[2012/09/14 15:33:08 | 000,290,816 | ---- | C] () -- C:\Windows\System32\SGSchemeXML.dll
[2012/09/14 15:32:56 | 000,176,128 | ---- | C] () -- C:\Windows\System32\SGSchemeDefault.dll
[2012/09/14 15:32:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\SGSTDREG.dll
[2012/09/14 15:32:32 | 000,294,912 | ---- | C] () -- C:\Windows\System32\SGTBar32.dll
[2012/09/14 15:32:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\SGIntl32.dll
[2012/09/14 15:32:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SGAppBar.dll
[2012/09/14 15:32:20 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\Interop.SGREGISTERLib.dll
[2012/09/14 15:31:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SGRegister.dll
[2012/09/14 15:31:48 | 000,253,952 | ---- | C] () -- C:\Windows\System32\SGWebBrowser.dll
[2012/09/14 15:31:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SGLogo32.dll
[2012/09/14 15:31:42 | 000,249,856 | ---- | C] () -- C:\Windows\System32\SGJPEG32.dll
[2012/09/14 15:31:40 | 000,262,144 | ---- | C] () -- C:\Windows\System32\SGHelp32.dll
[2012/09/14 15:31:34 | 000,237,568 | ---- | C] () -- C:\Windows\System32\SGSchemeManager.dll
[2012/09/14 15:31:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\SG3D32.dll
[2012/09/14 15:31:06 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SageFolderBrowser.dll
[2012/09/14 15:30:46 | 000,114,688 | ---- | C] () -- C:\Windows\System32\SGCom32.dll
[2012/04/13 08:38:00 | 000,058,944 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2012/02/24 09:24:43 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012/01/24 11:09:54 | 000,245,760 | ---- | C] () -- C:\Windows\System32\SageEventHandler.exe
[2011/12/17 12:56:36 | 000,007,606 | ---- | C] () -- C:\Users\JBW\AppData\Local\Resmon.ResmonCfg
[2011/12/09 16:02:45 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011/12/09 16:02:45 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/12/09 16:02:45 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011/12/09 16:02:45 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011/12/08 12:57:00 | 000,000,062 | ---- | C] () -- C:\Windows\TmfLogo.INI
[2011/11/09 14:58:12 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/06/29 13:10:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/06/29 13:10:19 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/06/29 13:10:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/06/21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011/06/09 08:29:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/18 09:18:44 | 000,245,312 | ---- | C] () -- C:\Windows\System32\pcode32.dll
[2011/05/16 10:39:40 | 000,000,054 | ---- | C] () -- C:\Windows\Payroll.ini
[2011/05/13 09:41:35 | 000,000,000 | ---- | C] () -- C:\Windows\map.ini
[2011/05/13 09:39:33 | 000,000,029 | ---- | C] () -- C:\Windows\CHANGE.INI
[2011/05/13 09:39:19 | 000,012,004 | ---- | C] () -- C:\Windows\postcode.ini
[2011/05/13 09:39:18 | 000,066,332 | ---- | C] () -- C:\Windows\System32\zlib16.dll
[2011/05/13 09:39:17 | 000,651,328 | ---- | C] () -- C:\Windows\System32\change32.dll
[2011/05/13 09:39:17 | 000,165,376 | ---- | C] () -- C:\Windows\System32\postcode.dll
[2011/05/13 09:39:17 | 000,100,928 | ---- | C] () -- C:\Windows\System32\afdutl32.dll
[2011/05/13 09:39:17 | 000,077,568 | ---- | C] () -- C:\Windows\System32\afdutl16.dll
[2011/05/12 20:54:02 | 000,038,430 | ---- | C] () -- C:\Users\JBW\AppData\Roaming\Comma Separated Values (DOS).ADR
[2011/05/12 18:57:43 | 000,000,728 | ---- | C] () -- C:\Windows\SGREP32.INI
[2011/05/12 07:02:24 | 000,000,312 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/12 07:02:24 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/12 06:53:22 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/10 11:38:59 | 000,000,000 | ---- | C] () -- C:\Users\JBW\AppData\Local\{6729FD7D-2249-4C84-B932-94D56C532A02}
[2011/05/10 08:13:04 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/10 08:13:04 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7420.DAT
[2011/05/06 21:59:35 | 000,000,071 | ---- | C] () -- C:\Windows\System32\RelCPath.dll
[2011/05/05 17:04:47 | 000,032,256 | ---- | C] () -- C:\Windows\System32\_RegTLB.dll
[2011/05/05 16:40:56 | 000,000,365 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/05 16:12:38 | 000,000,585 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/05 07:28:32 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2011/05/05 07:28:32 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2011/05/05 07:08:24 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/05 07:05:20 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/05/15 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\1387BAB6-D4A0-47E6-88E2-04DE48B888E2
[2011/05/15 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\47C40ABB-3E53-466D-AD36-FC30B2F1A4F8
[2012/03/08 19:43:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\6D8A3940-41F5-4878-B752-62F645E62197
[2012/03/08 18:06:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\7CD02EB4-5780-4EAD-996C-C98F393E7A7C
[2011/06/13 08:48:45 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\8961EC84-40FC-4B46-B7EB-A3E89624DADB
[2011/10/08 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\90F8AAED-62B2-40B4-B165-A86818CFE75D
[2012/03/08 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\92B92703-1344-485F-A62A-B9E3E0690B1A
[2011/11/04 15:00:15 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Acronis
[2011/07/09 09:06:23 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\B05A9F4D-2DE1-4052-A78D-42AC35E689A6
[2012/03/08 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\B782AE1A-F024-4264-BA94-2E8F3F006AC3
[2012/02/25 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\BFFF3BBE-6BE4-4FCF-9BA1-8D5F016A4175
[2011/10/08 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\C6152BD8-A9F0-4666-A4BB-3A719D35CE58
[2011/06/30 07:39:07 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\ControlCenter4
[2012/02/25 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\DF6AC55D-4A3A-4B3B-B117-82F24CFA57E0
[2012/09/26 08:45:57 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\F4A5F31E-3E28-423C-8D5C-64734A7567EF
[2011/12/24 11:52:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\GetRightToGo
[2012/09/01 08:37:00 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\NTI
[2012/06/18 17:23:44 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\ntr
[2011/06/30 07:58:33 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Nuance
[2011/11/16 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Product_RM
[2012/03/15 15:03:10 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Sage
[2011/11/09 09:09:43 | 000,000,000 | ---D | M] -- C:\Users\JBW\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >

Everything seems to be working without any problem.

Many thanks again for your help.

Whit3436
  • 0

#21
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Good news: your system is clean now!

A good workman always cleans up after himself. Please let me remove my tools:

Step 1:
Uninstall OTL:
Run OTL again and hit CleanUp! button.

Step 2:
Please go to Start Menu -> Control Panel -> Programs and features and remove Eset Online Scanner. Then manually navigate and delete C:\Program Files\ESET folder.

Step 3: Start the System Configuration Utility
1.Click Start, click Run, type msconfig, and then click OK.
2.The System Configuration Utility dialog box is displayed.
3.In the System Configuration Utility dialog box, click the General tab, and then click Normal Startup and click OK.

Step 4:
Keep system updated:
Enable Windows Update is the most basic step to prevent from infections. The fastest way is open this site in Internet Explorer: http://windowsupdate.microsoft.com/

Step 5:
Keep your Internet Security software turned on and updated! Make sure that realtime antivirus protection and firewall module is working.

Step 6:
Keep software updated:
You should install software updates to Java, Flash Player, Silverlight, Adobe Reader etc... It's a lot of job, so you can improve this process by one of following programs:
FileHippo's Update Checker (UDC)
Software Update Monitor Lite (SUMo)

Step 7:
Backup your registry:

This article would be helpfull - http://www.geekstogo...ry-using-erunt/

Step 8:
Clean temp files in future:

Use TFC. Be sure to save any unsaved work before running TFC. Hit the Start button. Agreed for the restart.

Step 9:
Clear infected system restere points and create clear one:

http://www.geekstogo...restore-points/

Step 10:
Here is some advices for future:

  • Run MBAM scan one per a month.
  • Don't click any links that source you don't know.
  • Don't turn off antivirus active scan and firewall.
  • Turn off autorun removeavaible media - it's easy by Panda USB Vaccine
  • Monitor running processes.
  • Install AdBlock Plus and WOT (Web of Trust) Add-ones
  • Install only software that you really want. Often during install free software other adware programs are included default. It's good to choose advanced install method and check where and what you actually install.
  • Do not install "Go faster", "Optimize" or "Tweaking" - programs

  • 0

#22
Whit3436

Whit3436

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I have done everything recommended. Many thanks for your help - the PC is back to normal and with your advice I would expect it to stay that way.

Whit3436
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP