Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't open email attachments, can't download files, can't


  • This topic is locked This topic is locked

#1
starwindows

starwindows

    Member

  • Member
  • PipPip
  • 19 posts
Hi Guys/Gals

Sorry in advance if I haven't posted this in the correct forum.
I am having a few issues with the following:
- Can't open email attachments, I forwarded them to my gmail account where I can't download but can view and print.
- Can't download any programs, error message on bottom.... (red shield with white cross) "filename" contains a virus and was deleted
- Can't open MSE through normal method to scan computer, error message... Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

I looked to uninstall and re-install MSE through Control Panel, error message.... You do not have sufficient access to uninstall Microsoft Security Essentials. Please contact your system administrator.

I read the Malware and Spyware cleaning guide thread, I downloaded OTL (on another computer and dragged it to my desktop)
It gave me 2 logs, see below:

OTL logfile created on: 14/06/2013 10:28:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reception\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.87% Memory free
5.87 Gb Paging File | 4.40 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 925.46 Gb Total Space | 855.31 Gb Free Space | 92.42% Space Free | Partition Type: NTFS

Computer Name: RECEPTION-PC | User Name: Reception | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 10:25:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reception\Desktop\OTL.exe
PRC - [2013/05/29 15:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2013/01/19 00:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/19 00:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/20 19:51:54 | 001,422,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2012/09/20 11:19:28 | 020,383,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
PRC - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2012/04/30 19:56:50 | 000,836,480 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2012/01/18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/04/29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/17 07:59:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/05/28 16:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe


========== Modules (No Company Name) ==========

MOD - [2013/05/29 15:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/29 15:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/29 15:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013/05/29 15:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013/05/29 15:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/05/16 16:02:20 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7a89b81a9a5c4a57d2b1b152beb9b481\PresentationFramework.ni.dll
MOD - [2013/05/16 16:02:10 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\69236ea8029652460eff6fc27bfc742c\PresentationCore.ni.dll
MOD - [2013/05/16 16:02:05 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll
MOD - [2013/05/16 16:02:02 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\45c1597cf0c989dbbfdc5e3cb067306f\WindowsBase.ni.dll
MOD - [2013/01/15 08:16:24 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7ade41f2c08fe2654323fddba67eee1d\System.Management.ni.dll
MOD - [2013/01/15 07:33:44 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\d141e2e8320dd31940696a69766fdc00\System.Runtime.Remoting.ni.dll
MOD - [2013/01/15 07:33:39 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013/01/14 15:11:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013/01/14 15:11:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9471a54aa2b06e04f33b3e5dc9dc412a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/14 15:11:15 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2011/09/20 07:29:36 | 000,055,816 | ---- | M] () -- C:\Users\Reception\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
MOD - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/27 10:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/08/17 16:21:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/17 07:59:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/28 16:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\epiclhof.sys -- (epiclhof)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/20 14:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/12/03 10:00:46 | 000,086,392 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2010/12/03 09:59:50 | 000,049,016 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/28 16:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/25 17:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 17:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/05/25 17:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/04/06 02:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 8C 5C 16 D8 67 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/06/23 11:45:12 | 000,000,849 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [LanguageShortcut] c:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E975E9E1-5970-440E-8A4A-810801364BF6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b95fcabc-a9a0-11df-accd-7071bc0bd453}\Shell - "" = AutoRun
O33 - MountPoints2\{b95fcabc-a9a0-11df-accd-7071bc0bd453}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 10:27:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Reception\Desktop\OTL.exe
[2013/06/13 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Reception\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

========== Files - Modified Within 30 Days ==========

[2013/06/14 10:25:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reception\Desktop\OTL.exe
[2013/06/14 09:46:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/14 07:54:55 | 000,103,432 | ---- | M] () -- C:\Users\Reception\Desktop\FAXAlspec.rtf
[2013/06/14 07:46:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/14 07:38:27 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 07:38:27 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/14 07:35:36 | 000,628,414 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/14 07:35:36 | 000,110,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/14 07:31:22 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\DriverCure Startup.job
[2013/06/14 07:31:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/14 07:31:13 | 2363,543,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/13 11:11:38 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/12 15:28:20 | 000,641,771 | ---- | M] () -- C:\Users\Reception\Documents\inv28646.pdf
[2013/06/12 09:06:54 | 000,002,293 | ---- | M] () -- C:\Users\Reception\Desktop\Andy - Shortcut.lnk
[2013/06/11 15:39:13 | 000,090,922 | ---- | M] () -- C:\Users\Reception\Desktop\FAXCapral.rtf
[2013/06/11 08:10:06 | 000,150,504 | ---- | M] () -- C:\Users\Reception\Desktop\Viridian.pdf
[2013/06/07 15:03:21 | 000,085,979 | ---- | M] () -- C:\Users\Reception\Desktop\FAXViridian.rtf
[2013/06/07 07:47:35 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/31 15:58:01 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/05/31 13:47:56 | 000,028,851 | ---- | M] () -- C:\Users\Reception\Documents\MoruyaHospital.pdf
[2013/05/30 14:42:58 | 000,088,363 | ---- | M] () -- C:\Users\Reception\Desktop\FAX.rtf
[2013/05/30 11:24:15 | 000,083,733 | ---- | M] () -- C:\Users\Reception\Desktop\FAXSteve.rtf
[2013/05/30 08:01:54 | 000,572,271 | ---- | M] () -- C:\Users\Reception\Documents\inv41815.pdf
[2013/05/30 08:01:38 | 000,573,903 | ---- | M] () -- C:\Users\Reception\Documents\inv41814.pdf
[2013/05/29 10:15:24 | 001,330,320 | ---- | M] () -- C:\Users\Reception\Documents\stewart_Q0227.pdf
[2013/05/29 10:11:53 | 000,599,774 | ---- | M] () -- C:\Users\Reception\Documents\CCF29052013_00001.pdf
[2013/05/29 10:11:38 | 000,731,516 | ---- | M] () -- C:\Users\Reception\Documents\CCF29052013_00000.pdf
[2013/05/24 15:43:27 | 000,530,919 | ---- | M] () -- C:\Users\Reception\Documents\CCF24052013_00001.pdf
[2013/05/24 15:09:08 | 000,742,682 | ---- | M] () -- C:\Users\Reception\Documents\CCF24052013_00000.pdf
[2013/05/24 10:47:50 | 000,088,656 | ---- | M] () -- C:\Users\Reception\Desktop\DIAS.rtf
[2013/05/23 12:10:32 | 000,734,766 | ---- | M] () -- C:\Users\Reception\Documents\inv4679.pdf
[2013/05/23 12:10:16 | 000,548,360 | ---- | M] () -- C:\Users\Reception\Documents\inv28636.pdf
[2013/05/22 13:40:11 | 000,000,060 | ---- | M] () -- C:\Windows\BRPFX04A.INI
[2013/05/21 11:42:44 | 000,568,849 | ---- | M] () -- C:\Users\Reception\Documents\inv41801.pdf
[2013/05/20 13:13:55 | 000,010,433 | ---- | M] () -- C:\Users\Reception\Documents\Martin_compliance.pdf
[2013/05/17 07:29:46 | 000,414,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 11:33:08 | 005,864,043 | ---- | M] () -- C:\Users\Reception\Documents\bowman_kilfeacle.pdf
[2013/05/15 11:32:19 | 000,604,587 | ---- | M] () -- C:\Users\Reception\Documents\bowman08.pdf
[2013/05/15 11:26:22 | 000,658,363 | ---- | M] () -- C:\Users\Reception\Documents\bowman09.pdf
[2013/05/15 11:25:46 | 000,655,551 | ---- | M] () -- C:\Users\Reception\Documents\bowman07.pdf
[2013/05/15 11:25:31 | 000,662,273 | ---- | M] () -- C:\Users\Reception\Documents\bowman06.pdf
[2013/05/15 11:25:18 | 000,642,609 | ---- | M] () -- C:\Users\Reception\Documents\bowman05.pdf
[2013/05/15 11:25:01 | 000,656,743 | ---- | M] () -- C:\Users\Reception\Documents\bowman04.pdf
[2013/05/15 11:24:28 | 000,664,674 | ---- | M] () -- C:\Users\Reception\Documents\bowman03.pdf
[2013/05/15 11:24:09 | 000,672,434 | ---- | M] () -- C:\Users\Reception\Documents\bowman02.pdf
[2013/05/15 11:23:51 | 000,669,964 | ---- | M] () -- C:\Users\Reception\Documents\bowman01.pdf
[2013/05/15 11:10:51 | 000,703,041 | ---- | M] () -- C:\Users\Reception\Documents\brownp.pdf

========== Files Created - No Company Name ==========

[2013/06/13 11:11:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/13 11:11:38 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/12 15:28:20 | 000,641,771 | ---- | C] () -- C:\Users\Reception\Documents\inv28646.pdf
[2013/06/12 09:06:54 | 000,002,293 | ---- | C] () -- C:\Users\Reception\Desktop\Andy - Shortcut.lnk
[2013/06/11 08:10:08 | 000,150,504 | ---- | C] () -- C:\Users\Reception\Desktop\Viridian.pdf
[2013/05/31 15:58:01 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/05/31 13:47:56 | 000,028,851 | ---- | C] () -- C:\Users\Reception\Documents\MoruyaHospital.pdf
[2013/05/30 08:01:54 | 000,572,271 | ---- | C] () -- C:\Users\Reception\Documents\inv41815.pdf
[2013/05/30 08:01:38 | 000,573,903 | ---- | C] () -- C:\Users\Reception\Documents\inv41814.pdf
[2013/05/29 10:11:53 | 000,599,774 | ---- | C] () -- C:\Users\Reception\Documents\CCF29052013_00001.pdf
[2013/05/29 10:11:38 | 000,731,516 | ---- | C] () -- C:\Users\Reception\Documents\CCF29052013_00000.pdf
[2013/05/24 15:10:14 | 001,330,320 | ---- | C] () -- C:\Users\Reception\Documents\stewart_Q0227.pdf
[2013/05/24 15:09:20 | 000,530,919 | ---- | C] () -- C:\Users\Reception\Documents\CCF24052013_00001.pdf
[2013/05/24 15:09:08 | 000,742,682 | ---- | C] () -- C:\Users\Reception\Documents\CCF24052013_00000.pdf
[2013/05/23 12:10:32 | 000,734,766 | ---- | C] () -- C:\Users\Reception\Documents\inv4679.pdf
[2013/05/23 12:10:16 | 000,548,360 | ---- | C] () -- C:\Users\Reception\Documents\inv28636.pdf
[2013/05/22 13:40:11 | 000,000,060 | ---- | C] () -- C:\Windows\BRPFX04A.INI
[2013/05/21 11:42:44 | 000,568,849 | ---- | C] () -- C:\Users\Reception\Documents\inv41801.pdf
[2013/05/20 13:13:55 | 000,010,433 | ---- | C] () -- C:\Users\Reception\Documents\Martin_compliance.pdf
[2013/05/15 11:28:42 | 005,864,043 | ---- | C] () -- C:\Users\Reception\Documents\bowman_kilfeacle.pdf
[2013/05/15 11:26:22 | 000,658,363 | ---- | C] () -- C:\Users\Reception\Documents\bowman09.pdf
[2013/05/15 11:26:04 | 000,604,587 | ---- | C] () -- C:\Users\Reception\Documents\bowman08.pdf
[2013/05/15 11:25:46 | 000,655,551 | ---- | C] () -- C:\Users\Reception\Documents\bowman07.pdf
[2013/05/15 11:25:31 | 000,662,273 | ---- | C] () -- C:\Users\Reception\Documents\bowman06.pdf
[2013/05/15 11:25:18 | 000,642,609 | ---- | C] () -- C:\Users\Reception\Documents\bowman05.pdf
[2013/05/15 11:25:01 | 000,656,743 | ---- | C] () -- C:\Users\Reception\Documents\bowman04.pdf
[2013/05/15 11:24:28 | 000,664,674 | ---- | C] () -- C:\Users\Reception\Documents\bowman03.pdf
[2013/05/15 11:24:09 | 000,672,434 | ---- | C] () -- C:\Users\Reception\Documents\bowman02.pdf
[2013/05/15 11:23:51 | 000,669,964 | ---- | C] () -- C:\Users\Reception\Documents\bowman01.pdf
[2013/05/15 11:10:51 | 000,703,041 | ---- | C] () -- C:\Users\Reception\Documents\brownp.pdf
[2012/05/01 13:23:59 | 000,000,375 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/19 08:31:42 | 000,000,326 | ---- | C] () -- C:\Windows\SWWATER.INI
[2012/03/23 07:51:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/09 10:24:39 | 001,355,899 | ---- | C] () -- C:\Windows\UnInstallNetCommADSL.dll
[2011/05/19 07:44:25 | 000,001,940 | ---- | C] () -- C:\Users\Reception\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== ZeroAccess Check ==========

[2013/06/12 14:17:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$c6ef56f5cc969443553e34f42a036664\L
[2013/06/12 14:17:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$c6ef56f5cc969443553e34f42a036664\U
[2010/10/27 08:02:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/28 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\Accellion
[2013/05/14 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\Alspec
[2013/06/13 11:13:25 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/09 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\DriverCure
[2012/06/13 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\FileOpen
[2011/05/24 07:45:02 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\Samsung
[2012/02/17 10:47:29 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\TeamViewer

========== Purity Check ==========



< End of report >





OTL Extras logfile created on: 14/06/2013 10:28:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reception\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.87% Memory free
5.87 Gb Paging File | 4.40 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 925.46 Gb Total Space | 855.31 Gb Free Space | 92.42% Space Free | Partition Type: NTFS

Computer Name: RECEPTION-PC | User Name: Reception | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{920D4475-FA16-4223-8ADE-F90A8BFFED13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FCB7E2DF-7DE8-4976-A724-8488B9E9F247}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{816C8D2D-2BE5-49AF-86E7-B843A35D498C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B3E3D597-C98E-4AFD-8C43-8BE8847FD10E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21F487E0-0A3E-45FC-9F0B-6EC510745FEC}" = Alspec CityScape Calculator
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D0743B7-5115-41CF-AA69-FC5F53182FF0}" = Alspec View-Max Calculator
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{567C9882-843D-4188-A181-00E2CC3E1033}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{60A75EBE-6694-4FCD-B1B9-054B4889F578}" = Alspec Commercial Sliding Door Calculator
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76A64A33-D197-4525-85EE-255D6E5F3604}" = FileOpen Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9967E6C3-A3A7-4291-9F20-022B818B8144}" = Alspec Hawkesbury Calculator
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8D5B39E-815D-44BC-AC52-657FE3D2E21D}" = SUNIX Multi-IO Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3B75CB4-BFEF-446A-AEEE-426F43818D9F}" = Alspec Hawkesbury Calculator
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA263EED-463E-11D6-819B-0050DA8A680C}" = Xerox WorkCentre Pro 420
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDB27C8B-8428-487F-9293-E73E2697AC96}" = sureanalysis version 3.18.2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{EA263EED-463E-11D6-819B-0050DA8A680C}" = Xerox WorkCentre Pro 420
"Kana Reminder_is1" = Kana Reminder 1.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WampServer 2_is1" = WampServer 2.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/06/2013 8:41:11 PM | Computer Name = Reception-PC | Source = ESENT | ID = 489
Description = DllHost (3208) WebCacheLocal: An attempt to open the file "C:\Users\Reception\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/06/2013 8:41:11 PM | Computer Name = Reception-PC | Source = ESENT | ID = 455
Description = DllHost (3208) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Reception\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error - 12/06/2013 8:41:21 PM | Computer Name = Reception-PC | Source = ESENT | ID = 489
Description = DllHost (3208) WebCacheLocal: An attempt to open the file "C:\Users\Reception\AppData\Local\Microsoft\Windows\WebCache\V01.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/06/2013 8:41:21 PM | Computer Name = Reception-PC | Source = ESENT | ID = 455
Description = DllHost (3208) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while
opening logfile C:\Users\Reception\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error - 12/06/2013 8:41:33 PM | Computer Name = Reception-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 12/06/2013 8:41:42 PM | Computer Name = Reception-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 12/06/2013 8:41:49 PM | Computer Name = Reception-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 12/06/2013 8:43:14 PM | Computer Name = Reception-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 13/06/2013 5:55:04 PM | Computer Name = Reception-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 13/06/2013 7:36:07 PM | Computer Name = Reception-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 12/06/2013 10:36:56 PM | Computer Name = Reception-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070002: Update for Windows 7 (KB2592687).

Error - 12/06/2013 10:36:56 PM | Computer Name = Reception-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0826: Update for Windows 7 (KB2709981).

Error - 12/06/2013 10:36:56 PM | Computer Name = Reception-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0826: Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1
x86 (KB2836943).

Error - 12/06/2013 10:36:56 PM | Computer Name = Reception-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800f0826: Update for Windows 7 (KB2574819).

Error - 12/06/2013 10:39:04 PM | Computer Name = Reception-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%5

Error - 12/06/2013 10:45:13 PM | Computer Name = Reception-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%5

Error - 13/06/2013 5:31:18 PM | Computer Name = Reception-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%5

Error - 13/06/2013 5:31:22 PM | Computer Name = Reception-PC | Source = Parvdm | ID = 458754
Description = Unable to get device object pointer for port object.

Error - 13/06/2013 5:33:26 PM | Computer Name = Reception-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 13/06/2013 5:33:26 PM | Computer Name = Reception-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >

This could stem from downloading an update to live player (I think) that didn't look right and since deleted.
Any help would be greatly appreciated.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello starwindows and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi maliprog :)

Thanks for your reply. It is Friday night where I am atm, and I won't be back to the affected computer until Monday morning.

I hope this doesn't cause you too much inconvenience.
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
It's OK. You have 3 days to respond so take your time and do all steps.
  • 0

#5
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thankyou. Will do.
  • 0

#6
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 17/06/2013 7:46:11 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Reception\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.93 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 75.01% Memory free
5.87 Gb Paging File | 5.09 Gb Available in Paging File | 86.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 925.46 Gb Total Space | 853.59 Gb Free Space | 92.23% Space Free | Partition Type: NTFS

Computer Name: RECEPTION-PC | User Name: Reception | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 10:25:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reception\Desktop\OTL.exe
PRC - [2013/05/08 03:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2013/01/19 00:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/19 00:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2012/04/30 19:56:50 | 000,836,480 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/04/29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/28 16:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 16:02:20 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7a89b81a9a5c4a57d2b1b152beb9b481\PresentationFramework.ni.dll
MOD - [2013/05/16 16:02:10 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\69236ea8029652460eff6fc27bfc742c\PresentationCore.ni.dll
MOD - [2013/05/16 16:02:05 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll
MOD - [2013/05/16 16:02:02 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\45c1597cf0c989dbbfdc5e3cb067306f\WindowsBase.ni.dll
MOD - [2013/01/15 08:16:24 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7ade41f2c08fe2654323fddba67eee1d\System.Management.ni.dll
MOD - [2013/01/15 07:33:44 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\d141e2e8320dd31940696a69766fdc00\System.Runtime.Remoting.ni.dll
MOD - [2013/01/15 07:33:39 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013/01/14 15:11:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013/01/14 15:11:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9471a54aa2b06e04f33b3e5dc9dc412a\PresentationFramework.Aero.ni.dll
MOD - [2013/01/14 15:11:15 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2011/09/20 07:29:36 | 000,055,816 | ---- | M] () -- C:\Users\Reception\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
MOD - [2011/04/29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe


========== Services (SafeList) ==========

SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/27 10:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 05:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/08/17 16:21:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/08/17 07:59:42 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/28 16:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\epiclhof.sys -- (epiclhof)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/01/20 14:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/12/03 10:00:46 | 000,086,392 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2010/12/03 09:59:50 | 000,049,016 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/28 16:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/05/25 17:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 17:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/05/25 17:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/04/06 02:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 8C 5C 16 D8 67 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Reception\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/06/23 11:45:12 | 000,000,849 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [LanguageShortcut] c:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E975E9E1-5970-440E-8A4A-810801364BF6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b95fcabc-a9a0-11df-accd-7071bc0bd453}\Shell - "" = AutoRun
O33 - MountPoints2\{b95fcabc-a9a0-11df-accd-7071bc0bd453}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 10:27:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Reception\Desktop\OTL.exe
[2013/06/13 11:13:25 | 000,000,000 | ---D | C] -- C:\Users\Reception\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

========== Files - Modified Within 30 Days ==========

[2013/06/17 07:46:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/17 07:46:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/17 07:38:19 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 07:38:19 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 07:35:30 | 000,628,414 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/17 07:35:30 | 000,110,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/17 07:31:21 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\DriverCure Startup.job
[2013/06/17 07:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/17 07:31:13 | 2363,543,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/14 15:01:16 | 000,102,496 | ---- | M] () -- C:\Users\Reception\Desktop\FAXAlspec.rtf
[2013/06/14 12:46:59 | 000,088,705 | ---- | M] () -- C:\Users\Reception\Desktop\DIAS.rtf
[2013/06/14 10:25:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Reception\Desktop\OTL.exe
[2013/06/13 11:11:38 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/12 15:28:20 | 000,641,771 | ---- | M] () -- C:\Users\Reception\Documents\inv28646.pdf
[2013/06/12 09:06:54 | 000,002,293 | ---- | M] () -- C:\Users\Reception\Desktop\Andy - Shortcut.lnk
[2013/06/11 15:39:13 | 000,090,922 | ---- | M] () -- C:\Users\Reception\Desktop\FAXCapral.rtf
[2013/06/11 08:10:06 | 000,150,504 | ---- | M] () -- C:\Users\Reception\Desktop\Viridian.pdf
[2013/06/07 15:03:21 | 000,085,979 | ---- | M] () -- C:\Users\Reception\Desktop\FAXViridian.rtf
[2013/06/07 07:47:35 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/31 15:58:01 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/05/31 13:47:56 | 000,028,851 | ---- | M] () -- C:\Users\Reception\Documents\MoruyaHospital.pdf
[2013/05/30 14:42:58 | 000,088,363 | ---- | M] () -- C:\Users\Reception\Desktop\FAX.rtf
[2013/05/30 11:24:15 | 000,083,733 | ---- | M] () -- C:\Users\Reception\Desktop\FAXSteve.rtf
[2013/05/30 08:01:54 | 000,572,271 | ---- | M] () -- C:\Users\Reception\Documents\inv41815.pdf
[2013/05/30 08:01:38 | 000,573,903 | ---- | M] () -- C:\Users\Reception\Documents\inv41814.pdf
[2013/05/29 10:15:24 | 001,330,320 | ---- | M] () -- C:\Users\Reception\Documents\stewart_Q0227.pdf
[2013/05/29 10:11:53 | 000,599,774 | ---- | M] () -- C:\Users\Reception\Documents\CCF29052013_00001.pdf
[2013/05/29 10:11:38 | 000,731,516 | ---- | M] () -- C:\Users\Reception\Documents\CCF29052013_00000.pdf
[2013/05/24 15:43:27 | 000,530,919 | ---- | M] () -- C:\Users\Reception\Documents\CCF24052013_00001.pdf
[2013/05/24 15:09:08 | 000,742,682 | ---- | M] () -- C:\Users\Reception\Documents\CCF24052013_00000.pdf
[2013/05/23 12:10:32 | 000,734,766 | ---- | M] () -- C:\Users\Reception\Documents\inv4679.pdf
[2013/05/23 12:10:16 | 000,548,360 | ---- | M] () -- C:\Users\Reception\Documents\inv28636.pdf
[2013/05/22 13:40:11 | 000,000,060 | ---- | M] () -- C:\Windows\BRPFX04A.INI
[2013/05/21 11:42:44 | 000,568,849 | ---- | M] () -- C:\Users\Reception\Documents\inv41801.pdf
[2013/05/20 13:13:55 | 000,010,433 | ---- | M] () -- C:\Users\Reception\Documents\Martin_compliance.pdf

========== Files Created - No Company Name ==========

[2013/06/13 11:11:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/13 11:11:38 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/12 15:28:20 | 000,641,771 | ---- | C] () -- C:\Users\Reception\Documents\inv28646.pdf
[2013/06/12 09:06:54 | 000,002,293 | ---- | C] () -- C:\Users\Reception\Desktop\Andy - Shortcut.lnk
[2013/06/11 08:10:08 | 000,150,504 | ---- | C] () -- C:\Users\Reception\Desktop\Viridian.pdf
[2013/05/31 15:58:01 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/05/31 13:47:56 | 000,028,851 | ---- | C] () -- C:\Users\Reception\Documents\MoruyaHospital.pdf
[2013/05/30 08:01:54 | 000,572,271 | ---- | C] () -- C:\Users\Reception\Documents\inv41815.pdf
[2013/05/30 08:01:38 | 000,573,903 | ---- | C] () -- C:\Users\Reception\Documents\inv41814.pdf
[2013/05/29 10:11:53 | 000,599,774 | ---- | C] () -- C:\Users\Reception\Documents\CCF29052013_00001.pdf
[2013/05/29 10:11:38 | 000,731,516 | ---- | C] () -- C:\Users\Reception\Documents\CCF29052013_00000.pdf
[2013/05/24 15:10:14 | 001,330,320 | ---- | C] () -- C:\Users\Reception\Documents\stewart_Q0227.pdf
[2013/05/24 15:09:20 | 000,530,919 | ---- | C] () -- C:\Users\Reception\Documents\CCF24052013_00001.pdf
[2013/05/24 15:09:08 | 000,742,682 | ---- | C] () -- C:\Users\Reception\Documents\CCF24052013_00000.pdf
[2013/05/23 12:10:32 | 000,734,766 | ---- | C] () -- C:\Users\Reception\Documents\inv4679.pdf
[2013/05/23 12:10:16 | 000,548,360 | ---- | C] () -- C:\Users\Reception\Documents\inv28636.pdf
[2013/05/22 13:40:11 | 000,000,060 | ---- | C] () -- C:\Windows\BRPFX04A.INI
[2013/05/21 11:42:44 | 000,568,849 | ---- | C] () -- C:\Users\Reception\Documents\inv41801.pdf
[2013/05/20 13:13:55 | 000,010,433 | ---- | C] () -- C:\Users\Reception\Documents\Martin_compliance.pdf
[2012/05/01 13:23:59 | 000,000,375 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/19 08:31:42 | 000,000,326 | ---- | C] () -- C:\Windows\SWWATER.INI
[2012/03/23 07:51:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/01/09 10:24:39 | 001,355,899 | ---- | C] () -- C:\Windows\UnInstallNetCommADSL.dll
[2011/05/19 07:44:25 | 000,001,940 | ---- | C] () -- C:\Users\Reception\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== ZeroAccess Check ==========

[2013/06/12 14:17:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$c6ef56f5cc969443553e34f42a036664\L
[2013/06/12 14:17:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$c6ef56f5cc969443553e34f42a036664\U
[2010/10/27 08:02:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/28 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\Accellion
[2013/05/14 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\Alspec
[2013/06/13 11:13:25 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/09 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\DriverCure
[2012/06/13 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\FileOpen
[2011/05/24 07:45:02 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\Samsung
[2012/02/17 10:47:29 | 000,000,000 | ---D | M] -- C:\Users\Reception\AppData\Roaming\TeamViewer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/11/03 11:06:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/11/03 11:06:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< dir C:\ /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is 78CF-E5A0
Directory of C:\
14/07/2009 02:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Microsoft Security Client
10/10/2012 09:52 AM <SYMLINKD> Backup [c:\windows\system32\config]
23/05/2012 09:25 AM <SYMLINK> DbgHelp.dll [c:\windows\system32\config]
27/02/2013 02:51 PM <SYMLINKD> Drivers [c:\windows\system32\config]
27/02/2013 02:51 PM <SYMLINKD> en-us [c:\windows\system32\config]
27/01/2013 01:37 PM <SYMLINK> EppManifest.dll [c:\windows\system32\config]
27/01/2013 11:25 AM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
27/01/2013 11:05 AM <SYMLINK> mpevmsg.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpOAv.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
12/09/2012 04:19 PM <SYMLINK> MSESysprep.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MsMpEng.exe [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
27/01/2013 10:08 AM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> msseces.exe [c:\windows\system32\config]
12/09/2012 04:19 PM <SYMLINK> msseoobe.exe [c:\windows\system32\config]
12/09/2012 04:19 PM <SYMLINK> msseooberes.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MsseWat.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> NisIpsPlugin.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> NisLog.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> NisSrv.exe [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> NisWFP.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> Setup.exe [c:\windows\system32\config]
27/01/2013 10:08 AM <SYMLINK> SetupRes.dll [c:\windows\system32\config]
27/01/2013 10:08 AM <SYMLINK> shellext.dll [c:\windows\system32\config]
08/02/2012 03:06 PM <SYMLINK> SqmApi.dll [c:\windows\system32\config]
23/05/2012 09:25 AM <SYMLINK> SymSrv.dll [c:\windows\system32\config]
06/04/2012 08:59 AM <SYMLINK> SymSrv.yes [c:\windows\system32\config]
29 File(s) 8,508,169 bytes
Directory of C:\Program Files\Windows Defender
14/07/2009 02:56 PM <SYMLINKD> en-US [c:\windows\system32\config]
14/07/2009 11:15 AM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
14/07/2009 11:15 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
14/07/2009 11:14 AM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
20/11/2010 10:19 PM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
14/07/2009 11:06 AM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
14/07/2009 11:15 AM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
14/07/2009 11:15 AM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
14/07/2009 11:15 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
14/07/2009 11:14 AM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
20/11/2010 10:19 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
14/07/2009 11:07 AM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
14/07/2009 11:15 AM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 2,930,176 bytes
Directory of C:\ProgramData
14/07/2009 02:53 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 02:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 02:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 02:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 02:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 02:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 02:53 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 02:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 02:53 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 02:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 02:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 02:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 02:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 02:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 02:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 02:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 02:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 02:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 02:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 02:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 02:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 02:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 02:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 02:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 02:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 02:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 02:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 02:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 02:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 02:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 02:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 02:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 02:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Reception
16/08/2010 04:44 PM <JUNCTION> Application Data [C:\Users\Reception\AppData\Roaming]
16/08/2010 04:44 PM <JUNCTION> Cookies [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Cookies]
16/08/2010 04:44 PM <JUNCTION> Local Settings [C:\Users\Reception\AppData\Local]
16/08/2010 04:44 PM <JUNCTION> My Documents [C:\Users\Reception\Documents]
16/08/2010 04:44 PM <JUNCTION> NetHood [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/08/2010 04:44 PM <JUNCTION> PrintHood [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/08/2010 04:44 PM <JUNCTION> Recent [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Recent]
16/08/2010 04:44 PM <JUNCTION> SendTo [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\SendTo]
16/08/2010 04:44 PM <JUNCTION> Start Menu [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Start Menu]
16/08/2010 04:44 PM <JUNCTION> Templates [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Reception\AppData\Local
16/08/2010 04:44 PM <JUNCTION> Application Data [C:\Users\Reception\AppData\Local]
16/08/2010 04:44 PM <JUNCTION> History [C:\Users\Reception\AppData\Local\Microsoft\Windows\History]
16/08/2010 04:44 PM <JUNCTION> Temporary Internet Files [C:\Users\Reception\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Reception\Documents
16/08/2010 04:44 PM <JUNCTION> My Music [C:\Users\Reception\Music]
16/08/2010 04:44 PM <JUNCTION> My Pictures [C:\Users\Reception\Pictures]
16/08/2010 04:44 PM <JUNCTION> My Videos [C:\Users\Reception\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
19/11/2012 02:58 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
19/11/2012 02:58 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
19/11/2012 02:58 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
19/11/2012 02:58 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
19/11/2012 02:58 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/11/2012 02:58 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/11/2012 02:58 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
19/11/2012 02:58 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
19/11/2012 02:58 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
19/11/2012 02:58 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
19/11/2012 02:58 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
19/11/2012 02:58 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
19/11/2012 02:58 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
19/11/2012 02:58 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
19/11/2012 02:58 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
19/11/2012 02:58 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Total Files Listed:
41 File(s) 11,438,345 bytes
70 Dir(s) 917,818,621,952 bytes free

< End of report >
  • 0

#7
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Only one notepad window was opened, I will wait for further instruction.
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi starwindows,

Let's begin with the fix.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

  • Click on the Start Posted Image button and in the search box, type Notepad and click on it
  • Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\en-US"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll" 
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Backup"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\DbgHelp.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Drivers"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\en-us"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\EppManifest.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpAsDesc.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpClient.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpCmdRun.exe"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpCommu.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\mpevmsg.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpOAv.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpRTP.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MpSvc.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MSESysprep.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpCom.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpEng.exe"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpLics.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsMpRes.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\msseces.exe"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\msseoobe.exe"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\msseooberes.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\MsseWat.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisLog.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisSrv.exe"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\NisWFP.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\Setup.exe"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SetupRes.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\shellext.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SqmApi.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SymSrv.dll"
    fsutil reparsepoint delete "C:\Program Files\Microsoft Security Client\SymSrv.yes"
    CD \
    DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
    START JunctionPoints.txt
    EXIT
    
    
  • Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
  • Locate fix.bat on your Desktop and right click then select Run as administrator

Post JunctionPoints.txt when finished.

Step 2

Download the ESET services repair tool, extract the file to your desktop.
  • Double-click ServicesRepair.exe.
  • If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
  • Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
  • A log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • JunctionPoints.txt log
  • ServicesRepair log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Step 1

An error box comes up saying

Windows cannot find 'JunctionPoint.txt'. Make sure you type the name correctly and try again.

Do you want me to keep going?

Edited by starwindows, 16 June 2013 - 11:31 PM.

  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you try and locate that log on your desktop. If you see it open it by double click and post the results. If you can't find it then continue with the next step.
  • 0

Advertisements


#11
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here it is

Volume in drive C is Windows
Volume Serial Number is 78CF-E5A0

Directory of C:\

14/07/2009 02:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes

Directory of C:\Program Files\Microsoft Security Client

10/10/2012 09:52 AM <SYMLINKD> Backup [c:\windows\system32\config]
23/05/2012 09:25 AM <SYMLINK> DbgHelp.dll [c:\windows\system32\config]
27/02/2013 02:51 PM <SYMLINKD> Drivers [c:\windows\system32\config]
27/02/2013 02:51 PM <SYMLINKD> en-us [c:\windows\system32\config]
27/01/2013 01:37 PM <SYMLINK> EppManifest.dll [c:\windows\system32\config]
27/01/2013 11:25 AM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpClient.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
27/01/2013 11:05 AM <SYMLINK> mpevmsg.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpOAv.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
12/09/2012 04:19 PM <SYMLINK> MSESysprep.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MsMpEng.exe [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
27/01/2013 10:08 AM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> msseces.exe [c:\windows\system32\config]
12/09/2012 04:19 PM <SYMLINK> msseoobe.exe [c:\windows\system32\config]
12/09/2012 04:19 PM <SYMLINK> msseooberes.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> MsseWat.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> NisIpsPlugin.dll [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> NisLog.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> NisSrv.exe [c:\windows\system32\config]
27/01/2013 10:12 AM <SYMLINK> NisWFP.dll [c:\windows\system32\config]
27/01/2013 10:11 AM <SYMLINK> Setup.exe [c:\windows\system32\config]
27/01/2013 10:08 AM <SYMLINK> SetupRes.dll [c:\windows\system32\config]
27/01/2013 10:08 AM <SYMLINK> shellext.dll [c:\windows\system32\config]
08/02/2012 03:06 PM <SYMLINK> SqmApi.dll [c:\windows\system32\config]
23/05/2012 09:25 AM <SYMLINK> SymSrv.dll [c:\windows\system32\config]
06/04/2012 08:59 AM <SYMLINK> SymSrv.yes [c:\windows\system32\config]
29 File(s) 8,508,169 bytes

Directory of C:\ProgramData

14/07/2009 02:53 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 02:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 02:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 02:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 02:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 02:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users

14/07/2009 02:53 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 02:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes

Directory of C:\Users\All Users

14/07/2009 02:53 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 02:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 02:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 02:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 02:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 02:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default

14/07/2009 02:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 02:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 02:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 02:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 02:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 02:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 02:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 02:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 02:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 02:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

14/07/2009 02:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 02:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 02:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

14/07/2009 02:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 02:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 02:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

14/07/2009 02:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 02:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 02:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Reception

16/08/2010 04:44 PM <JUNCTION> Application Data [C:\Users\Reception\AppData\Roaming]
16/08/2010 04:44 PM <JUNCTION> Cookies [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Cookies]
16/08/2010 04:44 PM <JUNCTION> Local Settings [C:\Users\Reception\AppData\Local]
16/08/2010 04:44 PM <JUNCTION> My Documents [C:\Users\Reception\Documents]
16/08/2010 04:44 PM <JUNCTION> NetHood [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/08/2010 04:44 PM <JUNCTION> PrintHood [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/08/2010 04:44 PM <JUNCTION> Recent [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Recent]
16/08/2010 04:44 PM <JUNCTION> SendTo [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\SendTo]
16/08/2010 04:44 PM <JUNCTION> Start Menu [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Start Menu]
16/08/2010 04:44 PM <JUNCTION> Templates [C:\Users\Reception\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Reception\AppData\Local

16/08/2010 04:44 PM <JUNCTION> Application Data [C:\Users\Reception\AppData\Local]
16/08/2010 04:44 PM <JUNCTION> History [C:\Users\Reception\AppData\Local\Microsoft\Windows\History]
16/08/2010 04:44 PM <JUNCTION> Temporary Internet Files [C:\Users\Reception\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Reception\Documents

16/08/2010 04:44 PM <JUNCTION> My Music [C:\Users\Reception\Music]
16/08/2010 04:44 PM <JUNCTION> My Pictures [C:\Users\Reception\Pictures]
16/08/2010 04:44 PM <JUNCTION> My Videos [C:\Users\Reception\Videos]
0 File(s) 0 bytes

Directory of C:\Users\UpdatusUser

19/11/2012 02:58 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
19/11/2012 02:58 PM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
19/11/2012 02:58 PM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
19/11/2012 02:58 PM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
19/11/2012 02:58 PM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/11/2012 02:58 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/11/2012 02:58 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
19/11/2012 02:58 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
19/11/2012 02:58 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
19/11/2012 02:58 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\UpdatusUser\AppData\Local

19/11/2012 02:58 PM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
19/11/2012 02:58 PM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
19/11/2012 02:58 PM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\UpdatusUser\Documents

19/11/2012 02:58 PM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
19/11/2012 02:58 PM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
19/11/2012 02:58 PM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes

Total Files Listed:
29 File(s) 8,508,169 bytes
69 Dir(s) 917,477,965,824 bytes free


onto step 2
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Please stop with the all steps because we need one more run of this scripts. I'll prepare it now...
  • 0

#13
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
step 2

Log Opened: 2013-06-17 @ 15:37:45
15:37:45 - -----------------
15:37:45 - | Begin Logging |
15:37:45 - -----------------
15:37:45 - Fix started on a WIN_7 X86 computer
15:37:45 - Prep in progress. Please Wait.
15:37:45 - Prep complete
15:37:45 - Repairing Services Now. Please wait...
15:37:45 - Services Repair Complete.
15:37:49 - Reboot Initiated


onto step 3
  • 0

#14
starwindows

starwindows

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok, just saw post
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you didn't start Step 3 please don't start it now. I have new scripts to run for you. Let me know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP