Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirect in IE and security center goes off [Solved]


  • This topic is locked This topic is locked

#16
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
aswMBR txt:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-05 10:25:08
-----------------------------
10:25:08.656 OS Version: Windows 5.1.2600 Service Pack 3
10:25:08.656 Number of processors: 2 586 0x170A
10:25:08.656 ComputerName: PV-OFFICE UserName: IP
10:25:09.515 Initialize success
10:25:09.625 AVAST engine defs: 13060401
10:25:17.375 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:25:17.375 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 3
10:25:17.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:25:17.375 Disk 1 Vendor: ST2000DM001-9YN164 CC4C Size: 1907729MB BusType: 3
10:25:17.375 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-18
10:25:17.375 Disk 2 Vendor: WDC_WD2000JB-00KFA0 08.05J08 Size: 190782MB BusType: 3
10:25:17.453 Disk 2 MBR read successfully
10:25:17.453 Disk 2 MBR scan
10:25:17.453 Disk 2 Windows 7 default MBR code
10:25:17.453 Disk 2 Partition 1 80 (A) 07 HPFS/NTFS NTFS 85776 MB offset 63
10:25:17.453 Disk 2 Partition - 00 0F Extended LBA 105002 MB offset 175670775
10:25:17.468 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 105002 MB offset 175670838
10:25:17.468 Disk 2 scanning sectors +390716865
10:25:17.531 Disk 2 scanning C:\WINDOWS\system32\drivers
10:25:25.328 Service scanning
10:25:38.187 Modules scanning
10:25:42.796 Disk 2 trace - called modules:
10:25:42.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll ATAPI.SYS pciide.sys PCIIDEX.SYS
10:25:42.812 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x8b3efab8]
10:25:42.812 3 CLASSPNP.SYS[b9908fd7] -> nt!IofCallDriver -> \Device\00000085[0x8b4bd9e8]
10:25:42.812 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8b475940]
10:25:43.140 AVAST engine scan C:\WINDOWS
10:26:03.156 AVAST engine scan C:\WINDOWS\system32
10:29:12.968 AVAST engine scan C:\WINDOWS\system32\drivers
10:29:28.625 AVAST engine scan C:\Documents and Settings\IP
10:35:23.875 AVAST engine scan C:\Documents and Settings\All Users
10:36:37.453 Scan finished successfully
10:51:58.578 Disk 2 MBR has been saved successfully to "C:\Documents and Settings\IP\Desktop\MBR.dat"
10:51:58.578 The log file has been saved successfully to "C:\Documents and Settings\IP\Desktop\aswMBR.txt"
  • 0

Advertisements


#17
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\SearchScopes,DefaultScope = {C27CA259-4CFE-462C-8119-96F7F9500B02}
IE - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\SearchScopes\{C27CA259-4CFE-462C-8119-96F7F9500B02}: "URL" = http://www.google.co...rchTerms}&meta=
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O3 - HKU\S-1-5-21-2081799394-527439964-4044738135-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" File not found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
[2013/05/23 08:33:10 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\gnxz.job
[2013/05/23 08:33:08 | 000,212,992 | RHS- | C] () -- C:\WINDOWS\System32\iuengine4.dll

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

:Commands
[resethosts]
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.
  • 0

#18
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Here is the log after RunFix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_USERS\S-1-5-21-2081799394-527439964-4044738135-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2081799394-527439964-4044738135-1006\Software\Microsoft\Internet Explorer\SearchScopes\{C27CA259-4CFE-462C-8119-96F7F9500B02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CA259-4CFE-462C-8119-96F7F9500B02}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2081799394-527439964-4044738135-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UfSeAgnt.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmbp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}\ deleted successfully.
File {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmpx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}\ deleted successfully.
File {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tmtbim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10}\ deleted successfully.
File {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found not found.
C:\WINDOWS\tasks\gnxz.job moved successfully.
C:\WINDOWS\system32\iuengine4.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: IP
->Temp folder emptied: 2637369 bytes
->Temporary Internet Files folder emptied: 62222890 bytes
->Java cache emptied: 2350462 bytes
->Google Chrome cache emptied: 38028783 bytes
->Flash cache emptied: 5051 bytes

User: IP.IP-160A114526D9
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 884870 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 2829 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3441491 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 66944 bytes
Windows Temp folder emptied: 6906960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 111.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06062013_091203

Files\Folders moved on Reboot...
C:\Documents and Settings\IP\Local Settings\Temporary Internet Files\Content.IE5\PE4OXSM3\request_ad[1].htm moved successfully.
C:\Documents and Settings\IP\Local Settings\Temporary Internet Files\Content.IE5\4S3QJOC5\page__st__15[1].htm moved successfully.
C:\Documents and Settings\IP\Local Settings\Temporary Internet Files\Content.IE5\4S3QJOC5\si[3].htm moved successfully.
C:\Documents and Settings\IP\Local Settings\Temporary Internet Files\Content.IE5\1TB1L0RW\si[1].htm moved successfully.
C:\Documents and Settings\IP\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#19
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
That's the log after scan:

OTL logfile created on: 6/06/2013 9:32:18 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\IP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.22 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 77.56% Memory free
6.27 Gb Paging File | 5.72 Gb Available in Paging File | 91.23% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 83.77 Gb Total Space | 32.98 Gb Free Space | 39.37% Space Free | Partition Type: NTFS
Drive E: | 102.54 Gb Total Space | 14.28 Gb Free Space | 13.93% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1426.47 Gb Free Space | 76.57% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 35.35 Gb Free Space | 3.79% Space Free | Partition Type: NTFS

Computer Name: PV-OFFICE | User Name: IP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 09:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IP\Desktop\OTL.exe
PRC - [2013/05/09 16:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/31 22:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2009/05/14 18:09:24 | 000,069,632 | ---- | M] (LionMax Software) -- C:\Program Files\Everyday Auto Backup\AutoBackup.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/27 15:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2007/11/27 13:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/11/27 13:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2007/11/27 13:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2007/07/23 09:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/07/19 16:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) -- C:\WINDOWS\system32\nisvcloc.exe
PRC - [2007/03/08 17:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\nipalsm.exe
PRC - [2005/08/25 19:41:58 | 000,266,240 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\Tray900.exe
PRC - [2005/08/25 19:41:44 | 000,155,648 | ---- | M] (Philips) -- C:\WINDOWS\system32\drivers\PhiBtn.exe
PRC - [2005/03/08 03:33:28 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/01/07 17:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/09/10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfBAgS.exe
PRC - [2004/07/07 12:17:02 | 000,200,769 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
PRC - [2002/08/12 03:01:00 | 000,118,784 | ---- | M] (SaverNow) -- C:\Program Files\SaverNow\SaverNow.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/06 04:11:59 | 002,087,424 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13060502\algo.dll
MOD - [2013/05/16 15:26:08 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/01/10 08:14:04 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 08:13:49 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2007/01/17 17:36:38 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/31 22:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2008/07/23 11:49:33 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/11/27 15:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007/11/27 13:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007/11/27 13:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2007/11/27 13:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2007/07/23 09:29:14 | 000,609,384 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/07/19 16:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\WINDOWS\system32\nisvcloc.exe -- (niSvcLoc)
SRV - [2007/05/09 15:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2007/03/08 17:29:26 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2007/02/16 11:21:20 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\nipalsm.exe -- (nipxirmu)
SRV - [2007/01/29 15:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License manager)
SRV - [2004/09/10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\system32\BrmfBAgS.exe -- (brmfbags)
SRV - [2004/07/07 12:17:02 | 000,200,769 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\DRIVERS\IOPORT.SYS -- (IOPort)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- System32\Drivers\hwinterface.sys -- (hwinterface)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/05/09 16:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 16:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 16:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 16:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 16:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 16:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 16:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/05/09 16:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/15 11:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/04/28 14:20:49 | 000,005,152 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\io.sys -- (io.sys)
DRV - [2009/12/08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2009/11/11 10:06:04 | 000,021,480 | ---- | M] (Orion) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssagload.sys -- (SSAGBASE)
DRV - [2009/09/18 11:31:38 | 000,010,588 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mpfilt.sys -- (mpfilt)
DRV - [2009/06/29 19:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/25 14:07:44 | 005,095,936 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/06/25 14:07:40 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/25 14:07:40 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 02:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/10/23 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2007/07/19 11:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2007/07/19 11:56:44 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2007/07/19 11:48:36 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2007/07/18 21:12:02 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2007/07/18 21:11:38 | 000,580,184 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipalk.sys -- (NIPALK)
DRV - [2007/07/18 21:11:02 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2007/07/12 18:18:14 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nidimkl.sys -- (nidimk)
DRV - [2007/07/12 18:08:54 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimxdfkl.sys -- (nimxdfk)
DRV - [2007/07/12 17:41:52 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nimdbgkl.sys -- (nimdbgk)
DRV - [2007/07/12 17:31:08 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\niorbkl.sys -- (niorbk)
DRV - [2007/07/10 20:08:14 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2007/05/25 13:26:12 | 000,022,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1065k.sys -- (ni1065k)
DRV - [2007/02/22 12:45:16 | 000,020,768 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nipxigpk.sys -- (nipxigpk)
DRV - [2007/02/22 12:43:52 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1045kl.sys -- (ni1045k)
DRV - [2007/02/22 12:40:18 | 000,025,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ni1006k.sys -- (ni1006k)
DRV - [2007/02/22 12:18:50 | 000,011,552 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nipxirmkl.sys -- (nipxirmk)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/08/25 18:28:00 | 001,240,576 | ---- | M] (Philips Consumer Electronics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv41.sys -- (camvid40)
DRV - [2005/07/26 17:03:22 | 003,644,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/06/23 14:12:44 | 000,133,688 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S7oppilx.sys -- (S7oppilx)
DRV - [2005/06/23 14:12:38 | 000,494,135 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s7otranx.sys -- (s7otranx)
DRV - [2005/06/23 14:11:54 | 000,076,343 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s7oppitx.sys -- (s7oppitx)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004/08/27 16:18:50 | 000,097,920 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2004/08/13 10:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2004/07/20 00:41:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2004/05/28 18:21:58 | 000,172,032 | ---- | M] (Siemens AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SNTIE.SYS -- (SNTIE)
DRV - [2004/05/20 17:35:16 | 000,010,240 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/03/14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 22:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 13:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2000/07/30 15:43:04 | 000,022,848 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaudio.sys -- (nuvaudio)
DRV - [2000/07/16 12:52:42 | 000,135,424 | ---- | M] (Nogatech Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NUVision.sys -- (NUVision)
DRV - [2000/06/29 17:24:14 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DLPORTIO.SYS -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\IP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\IP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\IP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/06 09:12:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PhiBtn] C:\WINDOWS\system32\drivers\PhiBtn.exe (Philips)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [Traymin900] C:\WINDOWS\system32\drivers\Tray900.exe (Philips)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [Everyday Auto Backup] C:\Program Files\Everyday Auto Backup\AutoBackup.exe (LionMax Software)
O4 - HKCU..\Run: [SaverNow] C:\Program Files\SaverNow\SaverNow.exe (SaverNow)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1369893817312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1183101355484 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{104CB341-8DAA-40CF-A34F-F38448728D77}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A840101-0372-4689-8350-0C7D346D95E8}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\IP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\IP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/14 10:45:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/04/01 16:37:12 | 000,000,000 | ---D | M] - E:\AutoSketch -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 12:48:26 | 000,000,000 | R--D | M] - S:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/06 09:12:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/05 10:24:49 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\IP\Desktop\aswMBR.exe
[2013/06/05 10:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\RK_Quarantine
[2013/05/31 10:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\RogueKiller
[2013/05/31 10:35:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/31 09:43:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\IP\Desktop\OTL.exe
[2013/05/30 14:44:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/30 14:32:17 | 009,159,136 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\IP\Desktop\HitmanPro.exe
[2013/05/30 14:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/30 14:12:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/05/30 13:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\JavaRa
[2013/05/30 09:07:01 | 005,075,099 | R--- | C] (Swearware) -- C:\Documents and Settings\IP\Desktop\ComboFix.exe
[2013/05/30 08:49:03 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/05/30 08:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\log
[2013/05/30 08:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\TMRBLog
[2013/05/30 08:40:02 | 025,707,760 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\IP\Desktop\SUPERAntiSpyware.exe
[2013/05/30 08:39:55 | 009,950,232 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\IP\Desktop\RootkitBusterV5.0-1129.exe
[2013/05/29 15:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/29 15:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/05/29 14:24:40 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\IP\Desktop\tdsskiller.exe
[2013/05/29 09:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/05/28 10:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Local Settings\Application Data\Privatefirewall
[2013/05/28 10:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2013/05/28 10:19:18 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2013/05/28 10:16:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 10:16:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 10:16:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 10:16:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 10:16:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 10:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/27 11:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\Old_photos_from_dziadek
[2013/05/27 09:24:41 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/27 09:13:44 | 000,368,944 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/27 09:13:44 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/27 09:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/05/27 09:13:42 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/27 09:13:41 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/27 09:13:41 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/27 09:13:27 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/05/27 09:13:27 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/24 14:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Application Data\Curiolab
[2013/05/24 12:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013/05/24 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/24 11:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/24 08:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IP\Desktop\Can not start Windows XP Home Security Center
[2013/05/23 12:23:09 | 001,761,408 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\IP\Desktop\rkill.com
[2003/06/19 11:05:04 | 000,431,888 | --S- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\riched20.dll

========== Files - Modified Within 30 Days ==========

[2013/06/06 09:24:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/06 09:14:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\pxisys.ini
[2013/06/06 09:14:33 | 000,000,030 | ---- | M] () -- C:\WINDOWS\pxiesys.ini
[2013/06/06 09:14:22 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/06/06 09:14:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 09:14:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/06 09:14:04 | 3452,424,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/06 09:12:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/06 08:56:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/06 08:49:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/05 10:51:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\MBR.dat
[2013/06/05 10:25:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\IP\Desktop\aswMBR.exe
[2013/06/01 09:47:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IP\Desktop\OTL.exe
[2013/05/31 10:26:42 | 000,116,763 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\Avast-URL-Blocked.JPG
[2013/05/30 14:33:08 | 009,159,136 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\IP\Desktop\HitmanPro.exe
[2013/05/30 14:32:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\IP\Desktop\tdsskiller.exe
[2013/05/30 14:15:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/30 13:58:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\IP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/30 11:58:25 | 005,075,099 | R--- | M] (Swearware) -- C:\Documents and Settings\IP\Desktop\ComboFix.exe
[2013/05/30 08:49:02 | 000,256,904 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2013/05/29 22:36:06 | 009,950,232 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\IP\Desktop\RootkitBusterV5.0-1129.exe
[2013/05/29 20:56:00 | 025,707,760 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\IP\Desktop\SUPERAntiSpyware.exe
[2013/05/29 14:08:57 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/05/28 10:19:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/05/27 11:26:56 | 000,898,850 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.mp4
[2013/05/27 11:25:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/05/27 11:25:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/05/27 11:23:24 | 000,545,758 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.MOV
[2013/05/27 09:24:41 | 000,002,717 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/27 09:13:44 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/05/27 09:12:13 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/05/24 10:18:53 | 000,003,658 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\wscsvc.reg
[2013/05/24 08:58:13 | 000,011,606 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\securitycenterrestore.reg
[2013/05/23 12:43:07 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/05/23 09:32:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/05/17 10:51:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\IP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/05/17 10:48:45 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 15:26:40 | 000,569,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 15:26:40 | 000,112,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/10 12:17:52 | 005,296,663 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077.JPG
[2013/05/10 12:07:46 | 000,588,486 | ---- | M] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077_res15.jpg
[2013/05/09 16:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/05/09 16:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/05/09 16:59:10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/09 16:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/05/09 16:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/09 16:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/05/09 16:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/05/09 16:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/05/09 16:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/05/09 16:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/06/05 10:51:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\MBR.dat
[2013/05/31 10:26:42 | 000,116,763 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\Avast-URL-Blocked.JPG
[2013/05/28 10:19:24 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2013/05/28 10:19:21 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2013/05/28 10:16:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 10:16:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 10:16:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 10:16:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 10:16:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/27 11:26:55 | 000,898,850 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.mp4
[2013/05/27 11:25:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/05/27 11:25:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2013/05/27 11:23:24 | 000,545,758 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\IMG_2435.MOV
[2013/05/27 09:24:41 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/27 09:24:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/27 09:24:41 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/05/27 09:13:44 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/05/24 14:55:48 | 3452,424,192 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/24 10:18:53 | 000,003,658 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\wscsvc.reg
[2013/05/24 08:58:12 | 000,011,606 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\securitycenterrestore.reg
[2013/05/23 12:43:07 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/05/10 12:07:46 | 000,588,486 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077_res15.jpg
[2013/05/10 12:06:14 | 005,296,663 | ---- | C] () -- C:\Documents and Settings\IP\Desktop\2013-May-10_Solar-Eclipse_Perth_DSCF4077.JPG
[2013/04/03 09:49:30 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\fpxlib.dll
[2013/04/03 09:49:30 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\jpeglib.dll
[2013/01/30 11:54:02 | 000,001,830 | ---- | C] () -- C:\WINDOWS\iris.ini
[2012/09/17 12:44:14 | 000,010,588 | ---- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2012/07/18 10:48:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\IP\Local Settings\Application Data\housecall.guid.cache
[2012/06/01 12:12:47 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\IP\pixinsight-license
[2012/05/15 12:36:29 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\ssaguninstall.dll
[2012/05/15 12:36:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ssaginstall.dll
[2012/05/07 11:15:08 | 000,000,483 | ---- | C] () -- C:\WINDOWS\MRU.ini
[2012/05/07 11:09:27 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ESTIMATE-SETTING.INI
[2012/05/07 11:09:27 | 000,000,159 | ---- | C] () -- C:\WINDOWS\ALIGN-SETTING.INI
[2012/05/07 11:09:27 | 000,000,106 | ---- | C] () -- C:\WINDOWS\LIMIT-SETTING.INI
[2012/03/30 10:54:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/02/17 08:17:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/03 13:31:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/20 15:37:48 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2011/08/24 08:59:46 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\IP\RADIX.DAT
[2011/08/24 08:59:46 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\IP\DEFAULT.WSP
[2011/08/24 08:59:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\IP\WATCH.DAT
[2010/09/01 11:38:45 | 002,281,922 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2081799394-527439964-4044738135-1006-0.dat
[2010/09/01 11:38:44 | 000,308,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/04/08 14:54:24 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/04/08 14:46:37 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/03/15 10:49:03 | 000,038,440 | ---- | C] () -- C:\Documents and Settings\IP\Application Data\Comma Separated Values (Windows).ADR
[2009/04/21 15:21:06 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\IP\Local Settings\Application Data\fusioncache.dat
[2006/11/20 11:39:04 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\IP\ViewMate.cfg
[2006/07/08 11:58:29 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\IP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/04/21 15:20:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/18 13:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/04/08 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2013/05/30 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GetRight
[2013/05/24 12:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/09/08 09:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/10/19 09:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2006/11/20 10:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McCAD
[2012/04/12 11:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2010/03/25 09:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/04/08 14:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/12/15 09:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/08/24 12:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2013/05/28 10:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2008/07/21 11:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/05/29 09:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/07/29 10:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2011/12/14 09:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zoom Player
[2012/09/17 11:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{837CB0A9-9884-466D-9635-5A01DF8FDF87}
[2011/04/20 11:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\adma
[2012/10/18 10:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\asoftech
[2010/08/09 16:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Broad Intelligence
[2011/02/24 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\CadSoft
[2013/05/24 14:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Curiolab
[2011/08/01 10:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\DVDFab
[2012/05/02 10:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Erz
[2009/06/23 11:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\foobar2000
[2013/05/30 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\GetRight
[2008/07/24 14:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\GetRightToGo
[2011/02/18 12:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\IN-MEDIAKG
[2013/02/06 08:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Inyhm
[2012/07/18 14:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Luag
[2010/04/22 11:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\MCS Electronics
[2011/02/21 08:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\mresreg
[2012/04/12 11:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\MyHeritage
[2010/03/25 09:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\National Instruments
[2008/03/14 14:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\NCH Swift Sound
[2011/10/25 15:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\oald8
[2011/10/25 15:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\olt1
[2011/04/13 15:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Orbit
[2012/06/01 12:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Pleiades
[2011/04/13 15:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\ProgSense
[2010/03/31 10:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\ScanSoft
[2009/10/19 09:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Simple Star
[2011/11/02 14:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Softland
[2012/01/09 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Stellarium
[2012/11/21 13:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\TeamViewer
[2013/02/05 13:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IP\Application Data\Xope

========== Purity Check ==========



< End of report >

Edited by trickydicky, 05 June 2013 - 07:36 PM.

  • 0

#20
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
How is you computer running now?
  • 0

#21
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Jasmyne,

So far - so good. I'm trying to search for things on Google, and so far it hasn't re-directed me to those stupid places.
Also the Security Center stays ON.

If everything continues that way, do you think I can go back to Microsoft Security Esentials, or should I stay with AVAST.
It looks like with AVAST the machine is a touch slower ...

THNX,
:cheers:
  • 0

#22
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Microsoft Security Essentials and Avast are both good products, so which ever you prefer is okay. If you wish to switch make sure you download Microsoft Security Essentials first (here), then uninstall avast, then immediately install Microsoft Security Essentials. If for some reason you have issues uninstalling Avast you can also download this tool for removing Avast. Switching this way prevents you from being on the internet without an antivirus. I will be back with instructions tomorrow on final scans to make sure everything is gone. :)

Jasmyne
  • 0

#23
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK. Thanks ...
:thumbsup:
  • 0

#24
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
BTW...
When I open Control Panel there is an icon called:

Run PC-cillin Internet Security.
How to remove it from there?
  • 0

#25
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
That is apart of Trend Micro. Here is their page, there you can choose which version you had on your computer and download a tool that should remove it for you.
  • 0

Advertisements


#26
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
So it did, thanks ...
:thumbsup:
  • 0

#27
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Now we need to make sure everything is gone. :)

Step 1 - MalwareBytes Scan

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2 - ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

Step 3 - Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. MalwareBytes Log
2. ESET Online Scan Log
3. Secuity Check Log (checkup.txt)
4. How is your computer running?
  • 0

#28
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.06.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
IP :: PV-OFFICE [administrator]

7/06/2013 9:50:17 AM
mbam-log-2013-06-07 (09-50-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 290448
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


:thumbsup:
  • 0

#29
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ESET log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8671c6b6c9379e428d74a2e9ac48c615
# engine=13899
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-24 04:38:01
# local_time=2013-05-24 12:38:01 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5892 16777213 88 94 0 37122829 0 0
# scanned=88988
# found=0
# cleaned=0
# scan_time=1249
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8671c6b6c9379e428d74a2e9ac48c615
# engine=14015
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-07 06:55:01
# local_time=2013-06-07 02:55:01 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 91 134974 147297973 0 0
# scanned=273447
# found=4
# cleaned=4
# scan_time=16856
sh=2DB8EBAFC6694D8C0C8FE3EFE6B88052B106B306 ft=1 fh=df513262d0efc58b vn="a variant of Win32/Ponmocup.GN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{4C8E28E7-973C-4635-B581-078B9D4545F6}\RP1\A0000291.dll"
sh=C32B0B7C4BD1223B85753A0301E3B801AF735D56 ft=1 fh=7980e224ea0618a3 vn="probably a variant of Win32/1AntiVirus application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{4C8E28E7-973C-4635-B581-078B9D4545F6}\RP3\A0000825.exe"
sh=92733DC36DCD68FDC157E8AB4D90A13FF42D8582 ft=1 fh=9ccfadf79569b772 vn="probably a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined)" ac=C fn="C:\TDSSKiller_Quarantine\30.05.2013_14.42.22\tdlfs0000\tsk0004.dta"
sh=2DB8EBAFC6694D8C0C8FE3EFE6B88052B106B306 ft=1 fh=df513262d0efc58b vn="a variant of Win32/Ponmocup.GN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06062013_091203\C_WINDOWS\system32\iuengine4.dll"
  • 0

#30
trickydicky

trickydicky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Security Check:

Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 45
Java version out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP