Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All downloads reportedly contain a vrius [Solved]

Started by edsmith323 , May 06 2013 06:22 AM

  • This topic is locked This topic is locked

#16
edsmith323
Posted 13 May 2013 - 03:50 PM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Shortcut Cleaner Log

Shortcut Cleaner 1.2.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows Vista ™ Business Service Pack 2
Program started at: 05/13/2013 10:29:25 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Ed\Desktop


0 bad shortcuts found.

Program finished at: 05/13/2013 10:29:33 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

aswMBR log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-13 22:30:44
-----------------------------
22:30:44.134 OS Version: Windows 6.0.6002 Service Pack 2
22:30:44.134 Number of processors: 2 586 0x6802
22:30:44.135 ComputerName: ED-PC UserName: Ed
22:30:46.191 Initialize success
22:34:42.899 AVAST engine defs: 13051301
22:34:56.482 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:34:56.484 Disk 0 Vendor: ST9160821AS 3.BHE Size: 152627MB BusType: 3
22:34:56.747 Disk 0 MBR read successfully
22:34:56.750 Disk 0 MBR scan
22:34:56.757 Disk 0 unknown MBR code
22:34:56.778 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143346 MB offset 63
22:34:56.812 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7687 MB offset 293574656
22:34:56.842 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1588 MB offset 309325824
22:34:56.867 Disk 0 scanning sectors +312578048
22:34:57.022 Disk 0 scanning C:\Windows\system32\drivers
22:35:19.715 Service scanning
22:35:46.668 Service SafeBoot C:\Windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
22:35:58.957 Modules scanning
22:36:27.673 Disk 0 trace - called modules:
22:36:27.704 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:36:27.710 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87970ac8]
22:36:27.716 3 CLASSPNP.SYS[8b5c58b3] -> nt!IofCallDriver -> [0x8786d310]
22:36:27.722 5 hpdskflt.sys[8b5a7f92] -> nt!IofCallDriver -> [0x86c7f668]
22:36:27.728 7 acpi.sys[83dd86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86c66030]
22:36:28.480 AVAST engine scan C:\Windows
22:36:34.174 AVAST engine scan C:\Windows\system32
22:44:30.935 AVAST engine scan C:\Windows\system32\drivers
22:44:56.499 AVAST engine scan C:\Users\Ed
22:45:37.272 File: C:\Users\Ed\AppData\Local\Apps\2.0\DVAZGCN1.LM6\MO28W6RA.J0Y\smar..tion_0000000000000000_0004.0000_b29c83e73ca7c9cf\Smartstim.Protocol.dll **INFECTED** MSIL:Downloader-KA [Trj]
22:45:40.862 File: C:\Users\Ed\AppData\Local\Apps\2.0\GMXLOZ3E.GYP\3XLHOC20.H2K\smar..tion_0000000000000000_0004.0000_b29c83e73ca7c9cf\Smartstim.Protocol.dll **INFECTED** MSIL:Downloader-KA [Trj]
22:48:00.136 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
22:48:00.145 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"
  • 0

Advertisements

#17
edsmith323
Posted 13 May 2013 - 04:02 PM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL Log

All processes killed
========== OTL ==========
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ed
->Temp folder emptied: 49094838 bytes
->Temporary Internet Files folder emptied: 106908748 bytes
->Java cache emptied: 2997569 bytes
->Google Chrome cache emptied: 8870457 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 40647 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55570 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 160.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05132013_225023

Files\Folders moved on Reboot...
C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#18
tom982
Posted 14 May 2013 - 09:00 AM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

aswMBR picked up two infected files which is great! How is your computer performing now?

OTL Scan

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    C:\Users\Ed\AppData\Local\Apps\2.0 /s

  • Click the Run Scan button.
  • Copy and paste the contents of the log that it produces into your next post.

Tom
  • 0

#19
edsmith323
Posted 14 May 2013 - 11:50 AM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

Log results.

OTL logfile created on: 14/05/2013 17:31:36 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ed\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 26.12% Memory free
5.61 Gb Paging File | 3.08 Gb Available in Paging File | 54.96% Paging File free
Paging file location(s): c:\pagefile.sys 2877 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.99 Gb Total Space | 23.34 Gb Free Space | 16.67% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.75 Gb Free Space | 10.01% Space Free | Partition Type: NTFS

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/13 10:41:04 | 000,358,456 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/01/18 06:06:06 | 000,078,592 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/07/19 22:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/06 15:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/12/20 14:36:50 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/05/23 12:24:44 | 000,085,672 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/05/23 12:19:18 | 000,192,168 | ---- | M] (Maxtor Corp) -- C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe
PRC - [2007/05/09 04:22:44 | 001,400,488 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe
PRC - [2007/03/29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/08 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/04/23 11:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/10 02:38:48 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2013/04/10 02:38:48 | 001,241,088 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/10 15:40:18 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\776fced3857dce33967e805879757d24\System.Security.ni.dll
MOD - [2013/01/10 15:39:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 15:35:10 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 15:34:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2008/02/16 00:34:15 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
MOD - [2007/03/29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/02 17:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/10/26 17:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 15:32:55 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/13 10:36:32 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/01/18 05:59:28 | 000,192,768 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2010/01/18 05:59:20 | 000,150,272 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 21:45:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/19 08:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 13:36:35 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2013/05/08 22:16:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/10/11 04:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/06 13:11:12 | 000,035,008 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/05 11:09:08 | 000,051,480 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/03/05 11:09:00 | 000,013,032 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/03/05 11:08:58 | 000,012,600 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/03/05 11:08:56 | 000,109,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/12 17:42:54 | 000,252,928 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/12/17 23:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:42:58 | 000,024,576 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/29 13:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/19 22:17:36 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/02/17 13:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 13:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/10 22:33:39 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/02 17:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/13 12:10:18 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2006/11/02 09:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/11/03 18:14:36 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/11/03 18:14:36 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus)
DRV - [2004/07/16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {8E02D41C-5924-4816-9490-33CCD28BEB72}
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9F536F17-19AC-43C6-AAE3-0D44B531B5BC}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/10 13:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/05 08:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/05/10 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]

[2010/03/18 19:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions
[2009/01/15 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/18 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/06 12:59:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cslconnect.com ([cslvpn] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70308F02-798D-4916-8232-B3B115A8F3D4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/13 22:50:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/13 22:29:12 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ed\Desktop\aswMBR.exe
[2013/05/13 22:29:12 | 000,404,896 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ed\Desktop\sc-cleaner.exe
[2013/05/12 11:59:21 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\OTL fix
[2013/05/09 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/09 21:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/09 20:54:54 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{75B79B04-1CC2-48E2-BDFE-607F99AFC55B}
[2013/05/09 07:23:05 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B3B5D0EF-6FBE-40CA-A4A7-65467DA14B0B}
[2013/05/08 22:15:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/08 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{5DBDC8C7-F1C4-4376-9275-4064F5BF7E34}
[2013/05/07 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\MicroVision Applications
[2013/05/07 19:45:41 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B1E17FE6-3F16-4E44-9C7D-0ACC8C4EFB00}
[2013/05/07 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Sony
[2013/05/07 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/07 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\Jess Wedding Music
[2013/05/07 16:46:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/05/07 16:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/05/07 16:03:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/07 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\vlc
[2013/05/07 15:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/07 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/07 07:45:30 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{12FC7E38-10B8-469F-BB79-62C948A82FC5}
[2013/05/06 21:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 13:14:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/06 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\temp
[2013/05/06 10:07:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/06 10:07:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/06 10:07:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/06 10:04:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/06 10:03:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/06 09:15:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{CB6AB4E8-DF70-4263-A83B-D1BBD563B3AF}
[2013/05/02 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{886EB09B-28FB-4D5A-80EA-52833FD269D5}
[2013/04/29 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Morley-IAS by Honeywell
[2013/04/29 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{D6BB5D0F-9149-4BE7-BFF9-1528D83F040E}
[2013/04/25 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
[2013/04/25 13:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\UVC
[2013/04/25 13:35:37 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC
[2013/04/25 13:32:18 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys
[2013/04/25 13:32:11 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax
[2013/04/25 13:32:11 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll
[2013/04/25 13:31:22 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll
[2013/04/25 13:31:18 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax
[2013/04/25 13:31:17 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax
[2013/04/25 13:31:16 | 000,252,928 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys
[2013/04/25 13:31:16 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax
[2013/04/25 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2013/04/25 12:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texecom
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Texecom
[2013/04/22 18:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Cisco
[2013/04/22 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/04/22 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013/04/22 18:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2013/04/18 15:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/15 14:04:23 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{18EBBA12-8CF0-49D7-A2D3-6843C8E357B7}
[2013/04/14 20:05:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/14 20:05:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/14 20:05:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/14 20:05:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/14 20:05:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/14 20:05:53 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/14 20:05:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/14 20:05:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/14 19:49:26 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/14 19:49:26 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/14 19:49:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/14 19:49:21 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/04/14 19:48:41 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2013/05/14 17:38:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/14 17:27:20 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/14 17:26:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/14 17:26:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 17:26:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 12:00:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2013/05/14 12:00:03 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Embedded Security Backup Schedule.job
[2013/05/13 22:58:59 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 22:55:29 | 3086,278,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/13 22:53:03 | 000,012,780 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/13 22:48:00 | 000,000,512 | ---- | M] () -- C:\Users\Ed\Desktop\MBR.dat
[2013/05/13 21:47:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ed\Desktop\aswMBR.exe
[2013/05/13 21:41:54 | 000,404,896 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ed\Desktop\sc-cleaner.exe
[2013/05/10 13:49:37 | 000,001,426 | ---- | M] () -- C:\Users\Ed\Desktop\DivX Movies.lnk
[2013/05/10 13:49:02 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/10 13:40:24 | 000,716,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/10 13:40:24 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/09 21:06:51 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/08 22:16:00 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/07 19:49:52 | 000,071,432 | ---- | M] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:35:38 | 000,002,396 | ---- | M] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | M] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 18:09:08 | 000,002,384 | ---- | M] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 17:54:23 | 000,072,272 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 005,867,520 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:54:12 | 000,000,032 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 15:41:30 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 12:59:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/06 10:20:36 | 000,000,566 | ---- | M] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/03 14:15:50 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/05/01 16:53:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 14:56:07 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/05/01 14:09:54 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/25 12:22:42 | 001,785,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/24 16:46:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | M] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/23 07:36:55 | 000,001,995 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | M] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/04/18 15:48:52 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/18 15:32:53 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/18 15:32:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/05/13 22:48:00 | 000,000,512 | ---- | C] () -- C:\Users\Ed\Desktop\MBR.dat
[2013/05/10 13:49:02 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | C] () -- C:\END
[2013/05/07 19:48:46 | 000,071,432 | ---- | C] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:27:52 | 000,002,396 | ---- | C] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | C] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 17:54:12 | 000,072,272 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 000,000,032 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 17:54:06 | 005,867,520 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:29:26 | 000,002,384 | ---- | C] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 16:48:36 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/07 15:41:30 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 10:20:36 | 000,000,566 | ---- | C] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/06 10:07:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/06 10:07:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/06 10:07:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/06 10:07:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/06 10:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/01 17:01:26 | 3086,278,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/29 17:43:18 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/29 17:40:28 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | C] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | C] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/04/18 15:34:45 | 000,001,995 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/18 15:34:45 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/12 13:52:10 | 000,000,680 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat
[2012/08/30 23:16:16 | 000,027,520 | ---- | C] () -- C:\Users\Ed\AppData\Local\dt.dat
[2011/10/11 13:23:25 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe
[2011/10/07 17:23:24 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/09/10 00:11:57 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\chrtmp
[2010/09/10 00:11:10 | 000,053,760 | --S- | C] () -- C:\Users\Ed\java_JRE_6_4_5_4.exe
[2010/07/23 00:11:17 | 000,000,459 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\plugins.xml
[2009/05/19 00:30:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG1
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG0
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.X02
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.DB
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG1
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG0
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.Y02
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.PX
[2008/09/23 09:21:34 | 000,000,777 | ---- | C] () -- C:\Users\Ed\Comms.VAL
[2008/02/16 00:08:33 | 000,105,984 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< C:\Users\Ed\AppData\Local\Apps\2.0 /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#20
edsmith323
Posted 14 May 2013 - 11:51 AM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Still unable to download files though.
  • 0

#21
tom982
Posted 14 May 2013 - 01:45 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Can you try resetting IE please: http://support.microsoft.com/kb/923737

Let me know if the problem persists after the reset.

Tom
  • 0

#22
edsmith323
Posted 14 May 2013 - 11:27 PM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

Still the same, after resetting internet explorer.

I take it all the malware has been removed now, and this is just the aftermath of it??
  • 0

#23
tom982
Posted 15 May 2013 - 04:05 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

The fact that the IE reset didn't fix the problem implies that it is an issue common to both browsers which suggests that it could either be malware blocking something, or AVG being over sensitive. As the scans have come back clean I suspect the latter and have posted a fix to my instructor and await his confirmation :) Will get back to you as soon as possible!

Tom
  • 0

#24
edsmith323
Posted 16 May 2013 - 12:51 AM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
In an effort to fix the issue myself before logging in to this forum I removed AVG and all remenants of previous installations as suggested on a microsoft forums somewhere and with AVG uninstalled the problem was still there.

Look forward to your fix in due course.

Ed
  • 0

#25
tom982
Posted 16 May 2013 - 08:25 AM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

I would like to try one last scan, just to be sure:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

I would also like you to run a SFC scan to check the integrity of Windows files:

SFC Scan

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.


Are these files being shown in the AVG detection logs?

Tom
  • 0

Advertisements

#26
edsmith323
Posted 16 May 2013 - 05:47 PM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

I have checked the AVG logs and Virus Vault and theres nothing in there at all that would suggest a virus/malware on the system. I'm downloading the Kaspersky scanner and will run in the morning and post results accordingly
  • 0

#27
edsmith323
Posted 18 May 2013 - 06:00 AM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
1st log file - detected threats

Status: Deleted (events: 3)
17/05/2013 21:15:45 Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Ed\java_JRE_6_4_5_4.exe High
17/05/2013 22:05:58 Deleted Trojan program Trojan-Spy.HTML.Paylap.cf C:\Documents and Settings\Ed\AppData\Local\Microsoft\Windows Live Mail\Hotmail (ed 26e\Inbox\08205032-00000200.eml High
18/05/2013 08:15:44 Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Ed\Application Data\JAVAUpdate9\AdobeAir\1.0.0.0\Installation Files\freecom.exe High
Status: Will be deleted when the computer is restarted (events: 2)
18/05/2013 08:15:51 Will be deleted when the computer is restarted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Ed\AppData\Roaming\JAVAUpdate9\AdobeAir\1.0.0.0\Installation Files\freecom.exe High
18/05/2013 08:16:09 Will be deleted when the computer is restarted Trojan program HEUR:Trojan.Win32.Generic C:\Users\Ed\Application Data\JAVAUpdate9\AdobeAir\1.0.0.0\Installation Files\freecom.exe High
  • 0

#28
edsmith323
Posted 18 May 2013 - 09:09 AM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
2nd log files attached

Attached Files


  • 0

#29
edsmith323
Posted 18 May 2013 - 10:00 AM

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

the SCANNOW keeps failing when I scan, it get to 96% and gives the error message "windows resource protection could not complete the requested operation"

I have tried to attach the log file but it's too big (17mb) for an attachment and wont copy and paste into the replay box either??

What would you suggest???
  • 0

#30
tom982
Posted 18 May 2013 - 04:50 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Thanks for the logs. I will review them and get a fix back to you as soon as possible. In the mean time, if you could upload your CBS log to SendSpace and send me the link, that would be great!

Tom
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP