Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop is connected to the internet but won't open any pages [Solv

Started by alastair70 , Oct 10 2013 07:05 PM

  • This topic is locked This topic is locked

#1
alastair70
Posted 10 October 2013 - 07:05 PM

alastair70

    Member

  • Member
  • PipPip
  • 17 posts
Hi Guys, I'm sorry to say I have a much bigger problem with my laptop than my other post.

I turned it on yesterday morning and it wouldn't open any pages either in Firefox, Chrome IE or download any mail with outlook express. It again is running Win XP Pro SP3 and has run like a dream for the last 2 years, protected by Kasperky Internet Security.

So i ran a scan with Kasperky and it found nothing at all. I clicked Utorrent by mistake and was shocked to see that it was both uploading and downloading, so I knew that there wasn't a problem with my network card or wifi card. I then downloaded (on my son's Pc and transferred it with a usb memory stick)and ran Sophos virus removal tool, it couldn't update itself and it did find some trojans which it cleaned (log file attached).

I rebooted, still no access to browse the web, ran Sophos again and it said it was clean. I ran Malwarebytes and it did find stuff (log file attached). I cleaned the found items, rebooted and still had the same problem.

I've backed up all my data and was about to format and reinstall but haven't as I another problem with a fresh install here so hopefully you will be able to find me get my laptop going again.

OTL Log File

OTL logfile created on: 11/10/2013 01:40:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.91% Memory free
3.83 Gb Paging File | 3.10 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.85 Gb Total Space | 91.88 Gb Free Space | 61.73% Space Free | Partition Type: NTFS

Computer Name: ALASTAIR | User Name: Al | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/11 01:03:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTL.exe
PRC - [2013/10/11 00:05:42 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/01/15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/05 01:52:59 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Unknown (-1) | Unknown] -- -- (MBAMSwissArmy)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/11 00:05:42 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/09/12 13:41:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 17:50:09 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/11/07 19:45:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/11/07 10:44:06 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2001/08/09 03:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/11 00:56:28 | 000,048,728 | ---- | M] (MalwareBytes) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/10/11 00:06:05 | 000,593,504 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/10/11 00:06:05 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2013/10/11 00:06:05 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/10/11 00:06:05 | 000,024,160 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/06/19 13:16:11 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/24 11:41:09 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/12/29 21:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/09/28 21:50:21 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/06/27 15:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/03/02 09:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012/03/02 09:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012/03/02 09:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012/03/02 09:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/15 13:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/04/24 09:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 09:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 09:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus)
DRV - [2006/11/13 23:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 05:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2003/02/21 22:38:04 | 000,017,504 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{69BF8669-5ABC-42FB-9C7E-D96DCB2FE3D4}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Al\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/16 19:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/21 12:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/21 12:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/09 11:28:02 | 000,000,000 | ---D | M]

[2011/12/10 00:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Al\Application Data\Mozilla\Extensions
[2013/10/09 11:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\fozy00fj.default\extensions
[2013/10/09 11:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\fozy00fj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/10/09 11:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/09 11:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/01 17:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/10/01 17:26:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/21 12:39:54 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\11.10.24_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\11.10.25_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\12.1_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.1_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\9.10.22_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\9.10.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Rain Alarm Extension = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.12_0\
CHR - Extension: Rain Alarm Extension = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.13_0\

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\RunOnce: [ (A0)] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341578250281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68123792-B937-44B1-BA18-1C1C709F13B2}: NameServer = 194.74.65.69,194.74.69.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80005732-F0C3-4565-8D3B-7FFA66F2915D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80005732-F0C3-4565-8D3B-7FFA66F2915D}: NameServer = 194.74.65.69,194.74.66.78
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/26 13:12:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/11 01:36:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTL.exe
[2013/10/11 00:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/10/11 00:56:28 | 000,048,728 | ---- | C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/10/11 00:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\mbar
[2013/10/11 00:50:14 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/11 00:50:13 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Al\Desktop\mbar-1.07.0.1005.exe
[2013/10/10 23:30:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Al\Recent
[2013/10/10 23:16:52 | 026,388,552 | ---- | C] (EaseUS ) -- C:\Documents and Settings\Al\Desktop\epm.exe
[2013/10/10 20:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\To Move
[2013/10/09 22:53:03 | 136,167,712 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Al\Desktop\7200xdat.exe
[2013/10/09 22:53:03 | 010,029,088 | ---- | C] (McAfee Inc) -- C:\Documents and Settings\Al\Desktop\stinger32.exe
[2013/10/09 22:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/10/09 14:50:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/10/09 11:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/10/09 11:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Start Menu\Programs\Sophos
[2013/10/09 11:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/10/09 11:39:41 | 077,337,376 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.exe
[2013/10/09 11:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/09 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Start Menu\Programs\FilesFrog Update Checker
[2013/10/09 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\FilesFrog Update Checker
[2013/10/09 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2013/10/09 11:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/09 11:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013/10/09 10:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Old Firefox Data
[2013/10/07 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC(2)
[2013/10/07 12:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\mIRC
[2013/10/04 11:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\New Folder
[2013/10/02 14:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\IsolatedStorage
[2013/10/02 14:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\IsolatedStorage
[2013/10/02 14:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACT
[2013/10/02 14:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\NEWACT_1002131350
[2013/10/02 14:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ACT
[2013/10/02 14:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\ACT
[2013/10/02 14:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/10/02 14:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\ACT
[2013/10/02 13:45:56 | 000,000,000 | ---D | C] -- C:\contactik
[2013/09/26 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2013/09/26 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer
[2013/09/26 11:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
[2013/09/23 12:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover v3.1
[2013/09/23 12:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF Password Remover v3.1
[2013/09/16 01:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/09/16 01:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/09/16 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2013/09/16 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2013/09/15 02:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Al Pics
[2013/09/15 00:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Tom Phone Pics
[2013/09/14 22:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LG PC Suite IV
[2013/09/14 22:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\LG Electronics
[2013/09/14 22:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LGMobile Support Tool
[2013/09/14 17:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Cornwall 2013 Pics
[2013/09/14 10:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/12/15 14:09:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Al\Application Data\pcouffin.sys
[2011/12/14 12:42:31 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\SETUP.EXE

========== Files - Modified Within 30 Days ==========

[2013/10/11 01:50:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/11 01:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004UA.job
[2013/10/11 01:41:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/11 01:03:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTL.exe
[2013/10/11 00:56:28 | 000,048,728 | ---- | M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/10/11 00:52:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job
[2013/10/11 00:49:24 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Al\Desktop\mbar-1.07.0.1005.exe
[2013/10/11 00:48:04 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/11 00:46:18 | 000,231,390 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\RootkitRevealer.zip
[2013/10/11 00:06:05 | 000,593,504 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/10/11 00:06:05 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2013/10/11 00:06:05 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2013/10/11 00:06:05 | 000,024,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klkbdflt.sys
[2013/10/10 23:38:15 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1003UA.job
[2013/10/10 23:32:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/10 23:32:45 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/10 23:32:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/10 23:32:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/10 22:56:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job
[2013/10/10 22:19:37 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/10 21:32:22 | 026,388,552 | ---- | M] (EaseUS ) -- C:\Documents and Settings\Al\Desktop\epm.exe
[2013/10/10 20:43:52 | 000,010,848 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\ALASTAIR.speccy
[2013/10/10 20:23:59 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F92262F-335D-40B0-9F9A-BC107C447E49}.job
[2013/10/10 20:09:15 | 000,000,138 | RH-- | M] () -- C:\Documents and Settings\Al\Desktop\Stinger.opt
[2013/10/10 20:09:12 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Stinger_10102013_122556.html
[2013/10/09 14:56:03 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.lnk
[2013/10/09 11:29:18 | 006,113,096 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\sophos_scss_10_sfx.exe
[2013/10/09 11:28:24 | 077,337,376 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.exe
[2013/10/09 10:13:43 | 000,526,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/09 10:13:43 | 000,096,784 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/09 07:48:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004Core.job
[2013/10/08 17:52:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job
[2013/10/08 17:35:01 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1003Core.job
[2013/10/08 06:55:11 | 000,885,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/07 13:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/07 12:54:43 | 000,247,332 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/10/06 19:56:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job
[2013/10/04 20:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/03 16:39:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/09/30 00:49:06 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Al\Application Data\WBPU-TTL.DAT
[2013/09/26 11:57:39 | 000,000,031 | -H-- | M] () -- C:\WINDOWS\UKCpInfo.sys
[2013/09/23 12:05:15 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\PDF Password Remover v3.1.lnk
[2013/09/22 17:03:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/20 21:34:31 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2013/09/20 00:49:03 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\Al\Application Data\WB.CFG
[2013/09/17 15:06:34 | 136,167,712 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Al\Desktop\7200xdat.exe
[2013/09/17 14:58:10 | 010,029,088 | ---- | M] (McAfee Inc) -- C:\Documents and Settings\Al\Desktop\stinger32.exe
[2013/09/14 23:51:01 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2013/09/14 22:39:14 | 000,000,000 | ---- | M] () -- C:\END

========== Files Created - No Company Name ==========

[2013/10/11 00:50:14 | 000,231,390 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\RootkitRevealer.zip
[2013/10/10 20:43:52 | 000,010,848 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\ALASTAIR.speccy
[2013/10/10 20:09:15 | 000,000,138 | RH-- | C] () -- C:\Documents and Settings\Al\Desktop\Stinger.opt
[2013/10/10 12:25:56 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Stinger_10102013_122556.html
[2013/10/09 11:43:43 | 000,002,555 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.lnk
[2013/10/09 11:39:41 | 006,113,096 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\sophos_scss_10_sfx.exe
[2013/10/08 06:55:11 | 000,885,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/07 12:54:43 | 000,247,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/10/03 10:26:11 | 000,592,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1004-0.dat
[2013/10/02 15:15:16 | 000,592,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1003-0.dat
[2013/10/02 15:15:15 | 000,592,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/26 11:57:39 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2013/09/23 12:05:15 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\PDF Password Remover v3.1.lnk
[2013/09/15 00:49:01 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\WB.CFG
[2013/09/15 00:49:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\WBPU-TTL.DAT
[2013/09/14 22:39:14 | 000,000,000 | ---- | C] () -- C:\END
[2013/09/12 13:41:44 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/12 06:49:04 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/12 06:49:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/09/03 01:46:37 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Al\Settings.ini
[2013/09/03 01:00:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\recently-used.xbel
[2013/04/25 17:16:17 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Al\ntuser.pol
[2013/04/06 13:33:59 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/04/06 13:33:59 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/02/16 16:52:59 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\.backup.dm
[2012/12/15 14:09:16 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\inst.exe
[2012/12/15 14:09:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.cat
[2012/12/15 14:09:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.inf
[2012/09/28 22:10:31 | 000,000,381 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\burnaware.ini
[2012/09/24 13:31:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini
[2012/09/14 15:18:34 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/08/20 20:48:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/25 13:47:09 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2012/04/24 00:32:32 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2012/04/24 00:32:32 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2012/04/24 00:20:09 | 000,003,146 | ---- | C] () -- C:\WINDOWS\System32\vsort.com
[2012/04/20 07:21:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2012/04/20 06:44:15 | 000,000,129 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/10 11:03:57 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/03/20 01:59:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2012/03/20 01:59:32 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/02/17 16:34:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 16:19:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2012/01/15 16:19:57 | 000,017,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2012/01/06 14:41:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/12/14 12:42:31 | 005,617,579 | ---- | C] () -- C:\Documents and Settings\Al\PRJMDB.CAB
[2011/12/14 12:42:31 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Al\SETUP.LST
[2011/11/20 15:05:00 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 08:01:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ForgiveMe.exe
[2011/10/29 08:01:23 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\MKScannerSetting.ini
[2011/10/28 14:03:45 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/10/26 14:14:19 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\WebpageIcons.db
[2011/10/26 13:58:13 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/26 13:34:48 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/10/26 13:34:48 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2011/10/26 13:34:48 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2011/10/26 13:32:33 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2011/10/26 13:32:33 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2011/10/26 13:32:33 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2011/10/26 13:32:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2011/10/26 13:32:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2011/10/26 13:30:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/26 13:15:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 13:09:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/10/26 14:38:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/02 14:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ACT
[2011/12/14 13:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ActiveState
[2013/06/15 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/09/03 00:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\BitLord
[2013/09/10 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\CDXReader
[2012/09/28 21:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\DAEMON Tools Lite
[2013/04/04 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\DDMSettings
[2013/09/10 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\DSite
[2012/04/12 01:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\FileZilla
[2012/09/15 02:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\GrabPro
[2011/10/28 19:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\gtk-2.0
[2013/10/02 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\IsolatedStorage
[2013/09/10 20:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\LavFilters
[2011/12/02 12:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\LibreOffice
[2012/04/24 01:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Millennia
[2011/12/05 20:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\MusicBee
[2012/04/14 13:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\MyPhoneExplorer
[2011/12/17 06:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\MySQL
[2011/10/28 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\OpenOffice.org
[2012/10/17 13:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Orbit
[2012/09/24 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Party
[2012/03/30 01:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\pdfforge
[2012/04/15 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\PFStaticIP
[2011/12/14 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\PGO
[2012/09/15 02:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ProgSense
[2013/09/02 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Python-Eggs
[2011/12/29 15:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Shareaza
[2013/03/03 13:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Temp
[2011/12/15 21:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\TotalValidatorTool
[2011/12/13 12:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Trillian
[2013/10/09 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\uTorrent
[2012/12/15 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Vso
[2012/01/28 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Windows Desktop Search
[2011/11/12 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Windows Search
[2013/10/02 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2013/02/06 20:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/08/25 19:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/01/11 19:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2013/02/16 16:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/03/23 03:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/09/10 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/09/14 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2013/04/25 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2013/03/03 13:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintProjects
[2013/03/30 17:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftSafe
[2013/10/09 11:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/09/10 15:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SummerSoft
[2013/03/03 13:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/04/27 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSO
[2011/12/29 17:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/07/12 11:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
[2013/10/03 07:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\ACT
[2013/06/17 14:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/04/14 21:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\DDMSettings
[2013/10/03 07:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\IsolatedStorage
[2011/12/24 18:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\LibreOffice
[2011/12/05 20:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\MusicBee
[2011/10/28 11:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\OpenOffice.org
[2012/09/24 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\Party
[2012/12/23 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\uTorrent
[2012/01/28 20:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\Windows Desktop Search
[2012/11/04 18:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\YourFileDownloader
[2013/03/04 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2013/08/19 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\BBCiPlayerDesktop
[2013/08/08 11:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/10 09:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\DAEMON Tools Lite
[2013/04/20 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\DDMSettings
[2012/04/10 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\LibreOffice
[2013/06/01 11:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\Tibo Software
[2012/04/10 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\tixati
[2013/09/18 14:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\uTorrent
[2012/04/10 10:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\Windows Search

========== Purity Check ==========



< End of report >

Attached Files


Edited by alastair70, 10 October 2013 - 07:07 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 17 October 2013 - 09:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello alastair70,

Sorry for the delay.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
alastair70
Posted 18 October 2013 - 06:20 AM

alastair70

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi and thanks for getting back to me.

I think I have fixed my laptop. After reading several other posts I ran ADWCleaner and then RougeKiller. I did a combofix scan followed by Eset online Scanner. I have posted all the logs to show what they found. The first time I ran Eset scanner I unchecked remove threats and then reviewed the log and researched the viruses it had found. As most of them were in system restore files and all were safe to delete, I turned off system restore and reran Eset and deleted the found viruses.

After running ADWCleaner and Rouge Killer I was able to browse the internet and download email again. I am certain that I got infected after my son had been using Utorrent, this wil be uninstalled today and a bollocking has already been given along with a leacture as to why using it is dangerous.

I am very interested indeed in learning how to remove malware and viruses and would really appriecate it if you could give me any further help that you can. Sorry if you think this has been a waste of your time, but I didn't think anyone was going to reply to me.

Here are the logs. Looking at the FRST logs I have highlighted a couple of entries that i think could still be suspect!

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Al (administrator) on ALASTAIR on 18-10-2013 12:44:11
Running from C:\Documents and Settings\Al\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Eastman Kodak Company) C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVP] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
HKLM\...\Run: [EKStatusMonitor] - C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE [2750840 2013-01-15] (Eastman Kodak Company)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\fozy00fj.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Al\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome:
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Webpage Screenshot Capture) - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\11.10.24_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hoobijidemjaoohgggnlhkodhgnnlpob\8.8_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Rain Alarm Extension) - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.12_0
CHR Extension: (Gmail) - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR Extension: () - C:\DOCUME~1\Al\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\4.1.2_0
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd10.crx
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-11-07] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
S4 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [90112 2001-08-09] (SEIKO EPSON CORPORATION)
S4 Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [163840 2006-01-05] (Alex Feinman)
S4 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 CEWZNDV; C:\DOCUME~1\Al\LOCALS~1\Temp\CEWZNDV.exe [x]
S3 CNHJBMBP; C:\DOCUME~1\Al\LOCALS~1\Temp\CNHJBMBP.exe [x]
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2011-10-26] (Meetinghouse Data Communications)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2011-08-09] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [17504 2003-02-21] ( )
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-21] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [593504 2013-10-11] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24160 2013-10-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24672 2013-10-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 s125bus; C:\Windows\System32\DRIVERS\s125bus.sys [83336 2007-04-24] (MCCI Corporation)
S3 s125mdfl; C:\Windows\System32\DRIVERS\s125mdfl.sys [15112 2007-04-24] (MCCI Corporation)
S3 s125mdm; C:\Windows\System32\DRIVERS\s125mdm.sys [108680 2007-04-24] (MCCI Corporation)
S3 s125obex; C:\Windows\System32\DRIVERS\s125obex.sys [98696 2007-04-24] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-09-28] (Duplex Secure Ltd.)
S3 catchme; \??\C:\DOCUME~1\Al\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
S3 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-18 12:44 - 2013-10-18 12:44 - 00000000 ____D C:\FRST
2013-10-16 15:09 - 2012-09-15 03:47 - 00000667 _____ C:\Documents and Settings\Em\Desktop\IE8.lnk
2013-10-16 13:56 - 2013-10-16 13:56 - 00885496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-15 19:36 - 2013-10-15 19:36 - 00130250 _____ C:\WINDOWS\KB2847311.log
2013-10-15 19:36 - 2013-10-15 19:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-15 19:33 - 2013-10-15 19:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-15 19:31 - 2013-10-15 19:33 - 00132063 _____ C:\WINDOWS\KB2862335.log
2013-10-15 18:56 - 2013-10-15 18:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-15 18:55 - 2013-10-15 18:56 - 00010263 _____ C:\WINDOWS\KB2868038.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00040792 _____ C:\WINDOWS\iis6.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00037098 _____ C:\WINDOWS\FaxSetup.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00016926 _____ C:\WINDOWS\tsoc.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00012329 _____ C:\WINDOWS\comsetup.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00011548 _____ C:\WINDOWS\msmqinst.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00007470 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00006498 _____ C:\WINDOWS\netfxocm.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00003435 _____ C:\WINDOWS\updspapi.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00002550 _____ C:\WINDOWS\MedCtrOC.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00002052 _____ C:\WINDOWS\ocmsn.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00001866 _____ C:\WINDOWS\tabletoc.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-10-15 18:53 - 2013-10-15 19:36 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-15 18:53 - 2013-10-15 19:33 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-15 18:53 - 2013-10-15 18:54 - 00011581 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-15 18:52 - 2013-10-15 19:32 - 00011212 _____ C:\WINDOWS\setupapi.log
2013-10-15 18:45 - 2013-10-15 18:45 - 00014903 _____ C:\Documents and Settings\Al\Desktop\eset results.txt
2013-10-15 06:09 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-15 06:05 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-15 06:03 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-15 03:05 - 2013-10-15 13:11 - 00000000 ____D C:\Documents and Settings\Al\Desktop\Laptop Repair
2013-10-15 02:57 - 2013-10-15 02:57 - 00018951 _____ C:\ComboFix.txt
2013-10-15 02:41 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-15 02:41 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-15 02:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-15 02:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-15 02:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-15 02:41 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-15 02:41 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-15 02:41 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-15 02:41 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-15 02:40 - 2013-10-15 02:57 - 00000000 ____D C:\Qoobox
2013-10-15 02:40 - 2013-10-15 02:56 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-15 02:03 - 2013-10-15 03:19 - 00000000 ____D C:\AdwCleaner
2013-10-15 01:30 - 2013-10-15 01:43 - 00000000 ____D C:\Documents and Settings\Em\Local Settings\Application Data\NPE
2013-10-15 01:30 - 2013-10-15 01:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2013-10-15 01:30 - 2013-10-15 01:26 - 02986440 _____ (Symantec Corporation) C:\Documents and Settings\Em\Desktop\NPE.exe
2013-10-14 18:30 - 2013-10-14 18:30 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-14 18:01 - 2013-10-14 18:01 - 00000020 _____ C:\Documents and Settings\Al\defogger_reenable
2013-10-11 18:15 - 2013-10-11 18:15 - 00001864 _____ C:\WINDOWS\system32\RootkitReveal.txt
2013-10-11 16:59 - 2013-10-11 16:59 - 00000000 ____D C:\Documents and Settings\Al\My Documents\ProcAlyzer Dumps
2013-10-11 15:03 - 2013-10-18 07:59 - 00030568 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-11 14:27 - 2013-10-18 07:59 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-10-11 14:27 - 2013-10-11 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-11 14:27 - 2013-10-11 14:27 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2013-10-11 14:27 - 2013-10-11 14:27 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-11 14:27 - 2013-10-11 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2013-10-11 14:27 - 2009-01-25 12:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-10-11 00:58 - 2013-10-11 01:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-10 23:16 - 2013-10-10 21:32 - 26388552 _____ (EaseUS ) C:\Documents and Settings\Al\Desktop\epm.exe
2013-10-10 20:44 - 2013-10-15 03:09 - 00000000 ____D C:\Documents and Settings\Al\Desktop\My Stuff
2013-10-10 20:43 - 2013-10-10 20:43 - 00010848 _____ C:\Documents and Settings\Al\My Documents\ALASTAIR.speccy
2013-10-09 22:48 - 2013-10-10 20:09 - 00000000 ____D C:\Program Files\stinger
2013-10-09 14:50 - 2013-10-09 14:50 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-09 11:44 - 2013-10-09 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 ____D C:\Program Files\Sophos
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 ____D C:\Documents and Settings\Al\Start Menu\Programs\Sophos
2013-10-09 11:27 - 2013-10-09 11:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-09 11:13 - 2013-10-09 11:13 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-09 11:13 - 2013-10-09 11:13 - 00000000 ____D C:\Program Files\gs
2013-10-09 11:09 - 2013-10-09 11:09 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-10-09 11:08 - 2013-10-09 11:08 - 00000000 ___HD C:\WINDOWS\$NtUninstallWudf01000$
2013-10-07 12:54 - 2013-10-07 12:54 - 00247332 ____H C:\WINDOWS\system32\mlfcache.dat
2013-10-07 12:14 - 2013-10-09 11:13 - 00000000 ____D C:\Program Files\mIRC(2)
2013-10-07 12:14 - 2013-10-09 11:13 - 00000000 ____D C:\Documents and Settings\Al\Application Data\mIRC
2013-10-03 10:26 - 2013-10-03 10:26 - 00592394 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1004-0.dat
2013-10-03 07:18 - 2013-10-03 07:18 - 00000000 ____D C:\Documents and Settings\Em\Local Settings\Application Data\IsolatedStorage
2013-10-03 07:16 - 2013-10-03 07:16 - 00000000 ____D C:\Documents and Settings\Em\Application Data\IsolatedStorage
2013-10-03 07:16 - 2013-10-03 07:16 - 00000000 ____D C:\Documents and Settings\Em\Application Data\ACT
2013-10-02 15:15 - 2013-10-03 15:54 - 00592394 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-02 15:15 - 2013-10-02 15:15 - 00592394 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1003-0.dat
2013-10-02 14:37 - 2013-10-02 14:37 - 00000000 ____H C:\Documents and Settings\Al\Application Data\ActUpdate.log
2013-10-02 14:37 - 2013-10-02 14:37 - 00000000 ____D C:\Documents and Settings\Al\Local Settings\Application Data\IsolatedStorage
2013-10-02 14:37 - 2013-10-02 14:37 - 00000000 ____D C:\Documents and Settings\Al\Application Data\IsolatedStorage
2013-10-02 14:36 - 2013-10-02 14:44 - 00041985 _____ C:\Documents and Settings\Al\My Documents\HotFix.log
2013-10-02 14:34 - 2013-10-02 14:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ACT
2013-10-02 14:21 - 2013-10-02 14:32 - 00000000 ____D C:\Documents and Settings\All Users\Documents\ACT
2013-10-02 14:06 - 2013-10-09 11:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-10-02 14:06 - 2013-10-02 14:06 - 00000000 ____D C:\Program Files\ACT
2013-10-02 14:06 - 2013-10-02 14:06 - 00000000 ____D C:\Documents and Settings\Al\Application Data\ACT
2013-10-02 13:55 - 2013-10-09 11:25 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB942288-v3$
2013-10-02 13:45 - 2013-10-02 13:45 - 00000000 ____D C:\contactik
2013-09-27 11:18 - 2013-10-02 13:45 - 00018660 _____ C:\Documents and Settings\Al\Desktop\Monthly Bills.xlsx
2013-09-26 11:57 - 2013-10-09 11:13 - 00000000 ____D C:\Program Files\Coupon Printer
2013-09-26 11:57 - 2013-10-09 11:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
2013-09-26 11:57 - 2013-09-26 11:57 - 00000082 ____H C:\WINDOWS\WindowsShellUK.Manifest
2013-09-26 11:57 - 2013-09-26 11:57 - 00000031 ____H C:\WINDOWS\UKCpInfo.sys
2013-09-26 11:57 - 2013-09-26 11:57 - 00000000 ____D C:\WINDOWS\Cache
2013-09-23 12:05 - 2013-10-17 16:04 - 00000000 ____D C:\Program Files\PDF Password Remover v3.1
2013-09-23 12:05 - 2013-09-23 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDF Password Remover v3.1
2013-09-20 21:18 - 2013-09-20 21:18 - 00019231 _____ C:\Documents and Settings\Work\My Documents\Gray728.svg
2013-09-20 21:08 - 2013-09-22 18:27 - 00000000 ____D C:\Documents and Settings\Work\Local Settings\Application Data\Paint.NET

==================== One Month Modified Files and Folders =======

2013-10-18 12:44 - 2013-10-18 12:44 - 00000000 ____D C:\FRST
2013-10-18 12:41 - 2013-09-12 13:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-18 12:41 - 2013-02-05 01:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2013-10-18 12:30 - 2011-10-26 13:11 - 01657453 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-18 12:29 - 2013-08-08 13:19 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
2013-10-18 12:29 - 2013-05-06 18:58 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
2013-10-18 12:29 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-18 12:26 - 2012-01-15 16:23 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-18 12:26 - 2012-01-15 16:19 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-18 12:26 - 2011-10-26 13:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-18 07:59 - 2013-10-11 15:03 - 00030568 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-18 07:59 - 2013-10-11 14:27 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-10-18 07:59 - 2011-10-26 14:26 - 00000178 ___SH C:\Documents and Settings\Em\ntuser.ini
2013-10-18 07:59 - 2011-10-26 14:26 - 00000000 ____D C:\Documents and Settings\Em
2013-10-17 19:00 - 2011-10-26 13:19 - 00000178 ___SH C:\Documents and Settings\Al\ntuser.ini
2013-10-17 19:00 - 2011-10-26 13:19 - 00000000 ____D C:\Documents and Settings\Al
2013-10-17 18:52 - 2013-04-16 19:07 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job
2013-10-17 18:48 - 2013-03-28 09:20 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004UA.job
2013-10-17 18:03 - 2012-04-25 12:24 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-10-17 17:52 - 2013-04-16 19:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job
2013-10-17 16:04 - 2013-09-23 12:05 - 00000000 ____D C:\Program Files\PDF Password Remover v3.1
2013-10-17 14:46 - 2012-09-15 03:49 - 00000416 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F92262F-335D-40B0-9F9A-BC107C447E49}.job
2013-10-17 14:22 - 2011-10-26 14:38 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-17 14:04 - 2011-10-26 13:10 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-16 15:45 - 2012-04-10 09:41 - 00000178 ___SH C:\Documents and Settings\Work\ntuser.ini
2013-10-16 15:45 - 2012-04-10 09:41 - 00000000 ____D C:\Documents and Settings\Work
2013-10-16 15:24 - 2013-08-08 13:19 - 00000306 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
2013-10-16 13:56 - 2013-10-16 13:56 - 00885496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-16 13:56 - 2013-04-30 21:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-15 19:48 - 2011-12-15 00:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-15 19:44 - 2011-10-26 13:58 - 00659166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-15 19:36 - 2013-10-15 19:36 - 00130250 _____ C:\WINDOWS\KB2847311.log
2013-10-15 19:36 - 2013-10-15 19:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-15 19:36 - 2013-10-15 18:53 - 00040792 _____ C:\WINDOWS\iis6.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00037098 _____ C:\WINDOWS\FaxSetup.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00016926 _____ C:\WINDOWS\tsoc.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00012329 _____ C:\WINDOWS\comsetup.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00011548 _____ C:\WINDOWS\msmqinst.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00007470 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00006498 _____ C:\WINDOWS\netfxocm.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00003435 _____ C:\WINDOWS\updspapi.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00002550 _____ C:\WINDOWS\MedCtrOC.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00002052 _____ C:\WINDOWS\ocmsn.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00001866 _____ C:\WINDOWS\tabletoc.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-10-15 19:36 - 2013-10-15 18:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-15 19:33 - 2013-10-15 19:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-15 19:33 - 2013-10-15 19:31 - 00132063 _____ C:\WINDOWS\KB2862335.log
2013-10-15 19:33 - 2013-10-15 18:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-15 19:32 - 2013-10-15 18:52 - 00011212 _____ C:\WINDOWS\setupapi.log
2013-10-15 19:20 - 2013-08-15 14:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-15 19:03 - 2011-10-26 15:48 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-15 19:02 - 2013-04-30 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-15 18:56 - 2013-10-15 18:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-15 18:56 - 2013-10-15 18:55 - 00010263 _____ C:\WINDOWS\KB2868038.log
2013-10-15 18:54 - 2013-10-15 18:53 - 00011581 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-10-15 18:53 - 2013-10-15 18:53 - 00000000 _____ C:\WINDOWS\setupact.log
2013-10-15 18:53 - 2011-10-26 15:44 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-15 18:52 - 2011-10-26 13:16 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-15 18:45 - 2013-10-15 18:45 - 00014903 _____ C:\Documents and Settings\Al\Desktop\eset results.txt
2013-10-15 13:11 - 2013-10-15 03:05 - 00000000 ____D C:\Documents and Settings\Al\Desktop\Laptop Repair
2013-10-15 07:48 - 2013-03-28 09:20 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004Core.job
2013-10-15 03:19 - 2013-10-15 02:03 - 00000000 ____D C:\AdwCleaner
2013-10-15 03:09 - 2013-10-10 20:44 - 00000000 ____D C:\Documents and Settings\Al\Desktop\My Stuff
2013-10-15 02:57 - 2013-10-15 02:57 - 00018951 _____ C:\ComboFix.txt
2013-10-15 02:57 - 2013-10-15 02:40 - 00000000 ____D C:\Qoobox
2013-10-15 02:56 - 2013-10-15 02:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-15 02:55 - 2001-08-23 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-10-15 01:43 - 2013-10-15 01:30 - 00000000 ____D C:\Documents and Settings\Em\Local Settings\Application Data\NPE
2013-10-15 01:30 - 2013-10-15 01:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2013-10-15 01:26 - 2013-10-15 01:30 - 02986440 _____ (Symantec Corporation) C:\Documents and Settings\Em\Desktop\NPE.exe
2013-10-14 19:04 - 2011-10-26 16:07 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-10-14 18:30 - 2013-10-14 18:30 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-14 18:07 - 2011-10-26 13:56 - 00000239 ___SH C:\boot.ini
2013-10-14 18:07 - 2001-08-23 13:00 - 00000491 _____ C:\WINDOWS\win.ini
2013-10-14 18:01 - 2013-10-14 18:01 - 00000020 _____ C:\Documents and Settings\Al\defogger_reenable
2013-10-11 18:15 - 2013-10-11 18:15 - 00001864 _____ C:\WINDOWS\system32\RootkitReveal.txt
2013-10-11 18:15 - 2011-10-26 13:17 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-11 17:22 - 2012-01-06 14:41 - 00000091 _____ C:\WINDOWS\wininit.ini
2013-10-11 17:22 - 2011-12-15 00:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Protexis
2013-10-11 16:59 - 2013-10-11 16:59 - 00000000 ____D C:\Documents and Settings\Al\My Documents\ProcAlyzer Dumps
2013-10-11 14:36 - 2013-10-11 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-11 14:27 - 2013-10-11 14:27 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2013-10-11 14:27 - 2013-10-11 14:27 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-10-11 14:27 - 2013-10-11 14:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2013-10-11 01:31 - 2013-10-11 00:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-11 00:06 - 2013-02-05 01:35 - 00593504 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-10-11 00:06 - 2012-07-25 15:53 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2013-10-11 00:06 - 2012-06-19 18:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2013-10-11 00:06 - 2012-05-25 20:38 - 00024160 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2013-10-10 22:19 - 2011-11-20 15:05 - 00068096 _____ C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-10 21:59 - 2011-10-26 13:11 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-10-10 21:32 - 2013-10-10 23:16 - 26388552 _____ (EaseUS ) C:\Documents and Settings\Al\Desktop\epm.exe
2013-10-10 21:23 - 2011-10-29 04:15 - 00000000 ____D C:\Documents and Settings\Al\My Documents\My Letters
2013-10-10 20:43 - 2013-10-10 20:43 - 00010848 _____ C:\Documents and Settings\Al\My Documents\ALASTAIR.speccy
2013-10-10 20:43 - 2011-10-26 14:00 - 00000098 _____ C:\Documents and Settings\Al\My Documents\kas code.txt
2013-10-10 20:35 - 2013-04-25 16:52 - 00000000 ____D C:\Documents and Settings\Al\My Documents\EDF
2013-10-10 20:09 - 2013-10-09 22:48 - 00000000 ____D C:\Program Files\stinger
2013-10-09 22:42 - 2011-10-26 15:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2013-10-09 14:50 - 2013-10-09 14:50 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-09 14:43 - 2013-07-10 09:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-10-09 11:44 - 2013-10-09 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 ____D C:\Program Files\Sophos
2013-10-09 11:43 - 2013-10-09 11:43 - 00000000 ____D C:\Documents and Settings\Al\Start Menu\Programs\Sophos
2013-10-09 11:30 - 2012-03-22 23:04 - 00000000 ____D C:\Documents and Settings\postgres
2013-10-09 11:30 - 2012-01-21 04:20 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-09 11:30 - 2011-10-26 13:08 - 00000000 ____D C:\WINDOWS\Registration
2013-10-09 11:29 - 2012-03-16 13:05 - 00000000 ____D C:\Documents and Settings\Al\Application Data\uTorrent
2013-10-09 11:28 - 2013-10-09 11:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-09 11:27 - 2012-09-15 03:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 11:25 - 2013-10-02 14:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-10-09 11:25 - 2013-10-02 13:55 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB942288-v3$
2013-10-09 11:24 - 2013-09-03 17:51 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2013-10-09 11:13 - 2013-10-09 11:13 - 00000000 ____D C:\Program Files\VS Revo Group
2013-10-09 11:13 - 2013-10-09 11:13 - 00000000 ____D C:\Program Files\gs
2013-10-09 11:13 - 2013-10-07 12:14 - 00000000 ____D C:\Program Files\mIRC(2)
2013-10-09 11:13 - 2013-10-07 12:14 - 00000000 ____D C:\Documents and Settings\Al\Application Data\mIRC
2013-10-09 11:13 - 2013-09-26 11:57 - 00000000 ____D C:\Program Files\Coupon Printer
2013-10-09 11:13 - 2013-09-26 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
2013-10-09 11:13 - 2013-01-30 12:35 - 00000000 ____D C:\Program Files\Common Files\EPSON
2013-10-09 11:09 - 2013-10-09 11:09 - 00000000 ____D C:\Program Files\Microsoft SDKs
2013-10-09 11:09 - 2011-12-15 00:20 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-10-09 11:09 - 2011-10-26 13:58 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-09 11:08 - 2013-10-09 11:08 - 00000000 ___HD C:\WINDOWS\$NtUninstallWudf01000$
2013-10-09 10:23 - 2011-10-26 13:50 - 00000000 ____D C:\WINDOWS\system32\1033
2013-10-09 10:18 - 2011-10-28 15:06 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-10-08 07:52 - 2013-09-12 06:49 - 00000006 _____ C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
2013-10-07 18:27 - 2011-10-26 13:50 - 00000000 ____D C:\WINDOWS\Help
2013-10-07 14:32 - 2011-10-28 14:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Installed Software
2013-10-07 13:46 - 2011-10-29 04:15 - 00000000 ____D C:\Documents and Settings\Al\My Documents\My Photos
2013-10-07 13:19 - 2013-08-08 13:19 - 00000324 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
2013-10-07 12:54 - 2013-10-07 12:54 - 00247332 ____H C:\WINDOWS\system32\mlfcache.dat
2013-10-04 20:56 - 2013-05-06 18:58 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
2013-10-04 11:12 - 2011-10-26 15:04 - 00000000 ____D C:\WINDOWS\pss
2013-10-03 15:54 - 2013-10-02 15:15 - 00592394 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-03 10:26 - 2013-10-03 10:26 - 00592394 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1004-0.dat
2013-10-03 07:18 - 2013-10-03 07:18 - 00000000 ____D C:\Documents and Settings\Em\Local Settings\Application Data\IsolatedStorage
2013-10-03 07:16 - 2013-10-03 07:16 - 00000000 ____D C:\Documents and Settings\Em\Application Data\IsolatedStorage
2013-10-03 07:16 - 2013-10-03 07:16 - 00000000 ____D C:\Documents and Settings\Em\Application Data\ACT
2013-10-02 15:15 - 2013-10-02 15:15 - 00592394 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1003-0.dat
2013-10-02 14:44 - 2013-10-02 14:36 - 00041985 _____ C:\Documents and Settings\Al\My Documents\HotFix.log
2013-10-02 14:37 - 2013-10-02 14:37 - 00000000 ____H C:\Documents and Settings\Al\Application Data\ActUpdate.log
2013-10-02 14:37 - 2013-10-02 14:37 - 00000000 ____D C:\Documents and Settings\Al\Local Settings\Application Data\IsolatedStorage
2013-10-02 14:37 - 2013-10-02 14:37 - 00000000 ____D C:\Documents and Settings\Al\Application Data\IsolatedStorage
2013-10-02 14:35 - 2013-03-04 13:56 - 00270008 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-02 14:34 - 2013-10-02 14:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ACT
2013-10-02 14:32 - 2013-10-02 14:21 - 00000000 ____D C:\Documents and Settings\All Users\Documents\ACT
2013-10-02 14:30 - 2011-10-26 13:29 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-02 14:06 - 2013-10-02 14:06 - 00000000 ____D C:\Program Files\ACT
2013-10-02 14:06 - 2013-10-02 14:06 - 00000000 ____D C:\Documents and Settings\Al\Application Data\ACT
2013-10-02 13:55 - 2011-10-26 13:50 - 00000000 ____D C:\WINDOWS\system32\mui
2013-10-02 13:45 - 2013-10-02 13:45 - 00000000 ____D C:\contactik
2013-10-02 13:45 - 2013-09-27 11:18 - 00018660 _____ C:\Documents and Settings\Al\Desktop\Monthly Bills.xlsx
2013-09-30 00:49 - 2013-09-15 00:49 - 00000005 _____ C:\Documents and Settings\Al\Application Data\WBPU-TTL.DAT
2013-09-29 09:32 - 2013-09-12 06:49 - 00000112 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2013-09-26 11:57 - 2013-09-26 11:57 - 00000082 ____H C:\WINDOWS\WindowsShellUK.Manifest
2013-09-26 11:57 - 2013-09-26 11:57 - 00000031 ____H C:\WINDOWS\UKCpInfo.sys
2013-09-26 11:57 - 2013-09-26 11:57 - 00000000 ____D C:\WINDOWS\Cache
2013-09-23 23:36 - 2008-04-14 05:42 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 23:36 - 2008-04-14 05:42 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-09-23 19:33 - 2012-06-13 14:23 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-09-23 19:33 - 2011-10-26 15:29 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-09-23 19:33 - 2011-10-26 15:29 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-09-23 19:33 - 2011-10-26 15:29 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-09-23 19:33 - 2011-10-26 15:29 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-09-23 19:33 - 2011-10-26 15:29 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-09-23 19:33 - 2011-10-26 15:29 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-09-23 19:33 - 2011-10-26 13:10 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-09-23 19:33 - 2011-08-23 17:48 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-09-23 19:33 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-23 19:33 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-23 19:33 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-23 19:33 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 19:33 - 2008-04-14 05:42 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-09-23 19:33 - 2008-04-14 05:42 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-09-23 19:33 - 2008-04-14 05:42 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2013-09-23 19:33 - 2008-04-14 05:41 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2013-09-23 19:06 - 2008-04-14 00:07 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2013-09-23 12:05 - 2013-09-23 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PDF Password Remover v3.1
2013-09-23 12:03 - 2011-10-26 13:50 - 00000000 ____D C:\WINDOWS\Resources
2013-09-23 07:48 - 2011-10-28 11:08 - 00002261 _____ C:\Documents and Settings\Em\Desktop\Google Chrome.lnk
2013-09-22 18:27 - 2013-09-20 21:08 - 00000000 ____D C:\Documents and Settings\Work\Local Settings\Application Data\Paint.NET
2013-09-22 17:01 - 2013-03-03 13:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kodak
2013-09-22 16:58 - 2013-09-10 20:51 - 00000000 ____D C:\Program Files\DSP-worx
2013-09-21 03:13 - 2012-04-10 10:43 - 00002277 _____ C:\Documents and Settings\Work\Desktop\Google Chrome.lnk
2013-09-20 21:34 - 2011-11-18 18:26 - 00000818 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
2013-09-20 21:34 - 2011-11-18 18:26 - 00000812 _____ C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
2013-09-20 21:34 - 2011-11-18 18:25 - 00000000 ____D C:\Program Files\Paint.NET
2013-09-20 21:18 - 2013-09-20 21:18 - 00019231 _____ C:\Documents and Settings\Work\My Documents\Gray728.svg
2013-09-20 00:49 - 2013-09-15 00:49 - 00000091 _____ C:\Documents and Settings\Al\Application Data\WB.CFG
2013-09-18 14:06 - 2012-04-10 11:18 - 00000000 ____D C:\Documents and Settings\Work\Application Data\uTorrent

Files to move or delete:
====================
C:\Documents and Settings\Al\SETUP.EXE


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


FRST Additions Log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Al at 2013-10-18 12:46:01
Running from C:\Documents and Settings\Al\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.29438)
7-Zip 9.20
AC3File 0.7b (Version: 0.7b)
AC3Filter 2.5b (Version: 2.5b)
Active@ ISO Burner (Version: 2.5.1)
Adobe AIR (Version: 3.8.0.1430)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) (Version: 11.0.04)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
aioscnnr (Version: 7.6.13.10)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Ares 2.2.4 (Version: 2.2.4-Build#3048)
BBC iPlayer Desktop (Version: 3.2.15)
BearPaw 1200CU Plus v1.1
BearPaw 1200CU Plus v1.2 (Version: 1.2)
Belarc Advisor 8.2 (Version: 8.2.6.0)
Brother's Keeper 6.5
C4USelfUpdater (Version: 1.00.0000)
CCleaner (Version: 4.04)
center (Version: 7.7.2.0)
Corel Graphics - Windows Shell Extension (Version: 15.0.0.487)
Corel Graphics - Windows Shell Extension (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0)
CorelDRAW Graphics Suite X5 - EN (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0)
CorelDRAW Graphics Suite X5 - WT (Version: 15.0)
CorelDRAW Graphics Suite X5 (Version: 15.0)
CorelDRAW® Graphics Suite X5 (Version: 15.0.0.486)
Coupon Printer (Version: 2.2.0.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.15)
DivX Setup (Version: 2.6.1.9)
Envisioneer Express 7 (Version: 7.0)
EPSON Printer Software
essentials (Version: 7.7.2.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileHippo.com Update Checker
Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64)
Google Chrome (HKCU Version: 29.0.1547.62)
Google Earth (Version: 7.1.1.1888)
HTML-Kit (Version: 1.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
ISO Recorder (Version: 2.0.0)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK AiO Software (Version: 7.7.6.0)
LG Bluetooth Drivers (Version: 1.1)
LG PC Suite IV (Version: 4.3.80.20121017)
LG United Mobile Driver (Version: 3.10.1.0)
LibreOffice 3.5 (Version: 3.5.2.202)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Motorola SM56 Data Fax Modem
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
MusicBee (Version: 1.3.4334)
MWSnap 3 (Version: 3.0.0.74)
MyPhoneExplorer (Version: 1.8.0)
ocr (Version: 6.2.3.50)
OpenSource Flash Video Splitter 1.0.0.5 (Version: 1.0.0.5)
Paint.NET v3.5.11 (Version: 3.61.0)
PartyPoker
PDF Password Remover v3.1
PDFCreator (Version: 1.3.2)
PreReq (Version: 6.2.4.0)
PrintProjects (Version: 1.0.0.9282)
QuickTime (Version: 7.74.80.86)
Ralink Wireless LAN Card (Version: 1.00.01)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.02.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5324)
RealUpgrade 1.1 (Version: 1.1.0)
Revo Uninstaller Pro 2.5.7 (Version: 2.5.7)
Skype™ 5.10 (Version: 5.10.116)
Sophos Virus Removal Tool (Version: 2.4)
Speccy (Version: 1.13)
SpeedFan (remove only)
Spell Checker For OE 2.1
Spybot - Search & Destroy (Version: 2.0.12)
SUPERAntiSpyware (Version: 5.5.1012)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Manager (Version: 4.60)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VIO Player version 1.0.1 (Version: 1.0.1)
Visual Basic for Applications ® Core - English (Version: 6.4.99.69)
Visual Basic for Applications ® Core (Version: 6.4.99.69)
VSO ConvertXToDVD (Version: 5.0.0.30)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xvid Video Codec (Version: 1.3.2)

==================== Restore Points =========================

17-10-2013 13:04:41 System Checkpoint

==================== Hosts content: ==========================

2001-08-23 13:00 - 2013-10-15 02:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004Core.job => C:\Documents and Settings\Em\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004UA.job => C:\Documents and Settings\Em\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job => C:\Documents and Settings\Work\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job => C:\Documents and Settings\Work\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F92262F-335D-40B0-9F9A-BC107C447E49}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-08-17 22:39 - 2013-02-05 01:52 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-10-11 14:27 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-11 14:27 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-11 14:27 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-11 14:27 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-11 14:27 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\Em\My Documents\Emailing_ sims castaway help_txt.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR322 => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2013 07:32:39 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8000ffff

Error: (10/16/2013 07:32:28 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8000ffff

Error: (10/16/2013 03:05:16 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (10/16/2013 01:59:18 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/15/2013 07:44:23 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21196, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (10/15/2013 07:44:21 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (10/15/2013 07:44:21 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21196, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (10/15/2013 07:44:15 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.

Error: (10/15/2013 07:44:15 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21196, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (10/15/2013 07:23:13 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The
Error code is the first DWORD in Data section.


System errors:
=============
Error: (10/18/2013 00:26:42 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (10/18/2013 00:26:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (10/18/2013 07:54:41 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (10/18/2013 07:54:41 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (10/17/2013 06:04:40 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (10/17/2013 06:04:40 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (10/17/2013 02:01:47 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (10/17/2013 02:01:47 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (10/16/2013 07:16:12 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (10/16/2013 07:16:12 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.


Microsoft Office Sessions:
=========================
Error: (10/16/2013 07:32:39 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8000ffff
System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (10/16/2013 07:32:28 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x8000ffff
System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (10/16/2013 03:05:16 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (10/16/2013 01:59:18 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/15/2013 07:44:23 PM) (Source: LoadPerf)(User: )
Description: 21196

Error: (10/15/2013 07:44:21 PM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (10/15/2013 07:44:21 PM) (Source: LoadPerf)(User: )
Description: 21196

Error: (10/15/2013 07:44:15 PM) (Source: LoadPerf)(User: )
Description: ASP.NET_2.0.50727ASP.NET_2.0.50727

Error: (10/15/2013 07:44:15 PM) (Source: LoadPerf)(User: )
Description: 21196

Error: (10/15/2013 07:23:13 PM) (Source: LoadPerf)(User: )
Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.0


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 2038.11 MB
Available physical RAM: 1288.56 MB
Total Pagefile: 3918.06 MB
Available Pagefile: 3253.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.85 GB) (Free:106.73 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 6E5813F6)

Partition: GPT Partition TypePartition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================


ADWCleaner Log

# AdwCleaner v3.007 - Report created 15/10/2013 at 02:07:10
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Al - ALASTAIR
# Running from : F:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Al\LocAl Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Al\Application Data\BitLord
Folder Deleted : C:\Documents and Settings\Em\Application Data\yourfiledownloader
Folder Deleted : C:\Documents and Settings\Em\Application Data\Mozilla\Firefox\Profiles\h0in13jh.default\Extensions\[email protected]
[!] Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
[!] Folder Deleted : C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
[!] Folder Deleted : C:\Documents and Settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
[!] Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\Work\Application Data\Mozilla\Firefox\Profiles\1qj6nm97.default\Extensions\[email protected]
File Deleted : C:\Documents and Settings\Em\Application Data\Mozilla\Firefox\Profiles\h0in13jh.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Em\Application Data\Mozilla\Firefox\Profiles\h0in13jh.default\user.js
File Deleted : C:\Documents and Settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Documents and Settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\5t6i5aux.default\prefs.js ]


[ File : C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\g61ohfog.default-1381311434468\prefs.js ]


[ File : C:\Documents and Settings\Em\Application Data\Mozilla\Firefox\Profiles\h0in13jh.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6R8Kf79msE&i=26");
Line Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Line Deleted : user_pref("browser.search.selectedEngine", "MyStart Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb128?a=6R8Kf79msE&i=26");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10674");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "ecd697d80000000000000019db060983");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15648");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8Kf79msE&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6R8Kf79msE");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92825344448925456");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:02:01");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb128/?loc=IB_DS&a=6R8Kf79msE&&i=26&search=");

[ File : C:\Documents and Settings\Work\Application Data\Mozilla\Firefox\Profiles\1qj6nm97.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=ECD60019DB060983&affID=119357&tsp=4985");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=ECD60019DB060983&affID=119357&tsp=4985");

-\\ Google Chrome v

[ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Em\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [8287 octets] - [15/10/2013 02:03:53]
AdwCleaner[S0].txt - [8368 octets] - [15/10/2013 02:07:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8428 octets] ##########



Rouge Killer Log



RogueKiller V8.7.2 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Al [Admin rights]
Mode : Remove -- Date : 10/15/2013 02:23:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] At1.job : C:\DOCUME~1\Al\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x7B513AB7)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST9160821AS +++++
--- User ---
[MBR] 403d383c4b4517a017475265549167c9
[BSP] 7dd9ce490d4fb4d3bb09d71f61b5ee63 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 409640 | Size: 152425 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10152013_022349.txt >>
RKreport[0]_S_10152013_022200.txt



Combofix Log

ComboFix 13-10-13.02 - Al 15/10/2013 2:45.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.1312 [GMT 1:00]
Running from: c:\documents and settings\Al\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\Al\WINDOWS
c:\documents and settings\Work\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-09-15 to 2013-10-15 )))))))))))))))))))))))))))))))
.
.
2013-10-15 01:03 . 2013-10-15 01:08 -------- d-----w- C:\AdwCleaner
2013-10-15 00:30 . 2013-10-15 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2013-10-14 17:30 . 2013-10-14 17:30 -------- d-----w- c:\windows\ERUNT
2013-10-11 13:27 . 2013-10-11 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-11 13:27 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-10-11 13:27 . 2013-10-11 13:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-10-10 23:58 . 2013-10-11 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-09 21:48 . 2013-10-10 19:09 -------- d-----w- c:\program files\stinger
2013-10-09 10:44 . 2013-10-09 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-10-09 10:43 . 2013-10-09 10:43 73728 ----a-r- c:\documents and settings\Al\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-10-09 10:43 . 2013-10-09 10:43 73728 ----a-r- c:\documents and settings\Al\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-10-09 10:43 . 2013-10-09 10:43 73728 ----a-r- c:\documents and settings\Al\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-10-09 10:43 . 2013-10-09 10:43 -------- d-----w- c:\program files\Sophos
2013-10-09 10:30 . 2013-10-09 10:30 -------- d-----w- c:\windows\system32\wbem\Repository
2013-10-09 10:13 . 2013-10-09 10:13 -------- d-----w- c:\program files\gs
2013-10-09 10:13 . 2013-10-09 10:13 -------- d-----w- c:\program files\VS Revo Group
2013-10-09 10:09 . 2013-10-09 10:09 -------- d-----w- c:\program files\Microsoft SDKs
2013-10-07 11:14 . 2013-10-09 10:13 -------- d-----w- c:\program files\mIRC(2)
2013-10-07 11:14 . 2013-10-09 10:13 -------- d-----w- c:\documents and settings\Al\Application Data\mIRC
2013-10-02 13:37 . 2013-10-02 13:37 -------- d-----w- c:\documents and settings\Al\Application Data\IsolatedStorage
2013-10-02 13:37 . 2013-10-02 13:37 -------- d-----w- c:\documents and settings\Al\Local Settings\Application Data\IsolatedStorage
2013-10-02 13:34 . 2013-10-02 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2013-10-02 13:06 . 2013-10-02 13:06 -------- d-----w- c:\documents and settings\Al\Application Data\ACT
2013-10-02 13:06 . 2013-10-09 10:25 -------- d-----w- c:\program files\Microsoft SQL Server
2013-10-02 13:06 . 2013-10-02 13:06 -------- d-----w- c:\program files\ACT
2013-10-02 12:45 . 2013-10-02 12:45 -------- d-----w- C:\contactik
2013-09-26 10:57 . 2013-09-26 10:57 -------- d-----w- c:\windows\Cache
2013-09-26 10:57 . 2013-09-26 10:57 31 ---ha-w- c:\windows\UKCpInfo.sys
2013-09-26 10:57 . 2013-10-09 10:13 -------- d-----w- c:\program files\Coupon Printer
2013-09-23 11:05 . 2013-09-23 11:05 -------- d-----w- c:\program files\PDF Password Remover v3.1
2013-09-20 20:08 . 2013-09-22 17:27 -------- d-----w- c:\documents and settings\Work\Local Settings\Application Data\Paint.NET
2013-09-16 00:03 . 2013-09-16 00:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 23:06 . 2012-07-25 14:53 24672 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-10-10 23:06 . 2012-06-19 17:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2013-10-10 23:06 . 2012-05-25 19:38 24160 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2013-09-12 12:41 . 2012-04-03 16:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-12 12:41 . 2011-10-26 15:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 03:49 . 2011-12-14 23:22 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2013-08-09 01:56 . 2008-04-14 04:42 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-14 04:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-14 04:42 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-14 04:41 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 04:41 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-14 00:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-13 23:07 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 04:42 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 21:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-21 11:39 . 2011-10-26 15:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-07-21 11:39 . 2011-10-26 15:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 356128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Work^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Work\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2013-02-17 00:57 916480 ----a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]
2013-01-15 12:07 2750840 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-04-10 09:40 116648 ----atw- c:\documents and settings\Work\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 13:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PSI_SVC_2"=2 (0x2)
"EPSONStatusAgent2"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"!SASCORE"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"RealNetworks Downloader Resolver Service"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Microsoft SharePoint Workspace Audit Service"=3 (0x3)
"Kodak AiO Network Discovery Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Imapi Helper"=3 (0x3)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Chami\\HTML-Kit\\Bin\\HTMLKit.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Al\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Work\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [08/06/2012 12:38 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [13/08/2012 17:49 145040]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [15/01/2013 13:07 780152]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [11/10/2013 14:27 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [11/10/2013 14:27 1369624]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [27/06/2012 15:09 35672]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [25/05/2012 20:38 24160]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [25/07/2012 15:53 24672]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 08:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 08:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 08:11 12928]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [11/10/2013 14:27 168384]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [14/09/2013 23:47 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [14/09/2013 23:47 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [14/09/2013 23:47 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [14/09/2013 23:47 25088]
S3 CEWZNDV;CEWZNDV;c:\docume~1\Al\LOCALS~1\Temp\CEWZNDV.exe --> c:\docume~1\Al\LOCALS~1\Temp\CEWZNDV.exe [?]
S3 CNHJBMBP;CNHJBMBP;c:\docume~1\Al\LOCALS~1\Temp\CNHJBMBP.exe --> c:\docume~1\Al\LOCALS~1\Temp\CNHJBMBP.exe [?]
S3 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/12/2011 15:33 27064]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [15/03/2013 15:07 395640]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 03:07 39056]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 14:14 160944]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37255119
*Deregistered* - 37255119
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:41]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004Core.job
- c:\documents and settings\Em\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-28 16:16]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004UA.job
- c:\documents and settings\Em\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-28 16:16]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job
- c:\documents and settings\Work\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-10 09:40]
.
2013-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job
- c:\documents and settings\Work\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-10 09:40]
.
2013-10-07 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09]
.
2013-10-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
2013-10-03 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07]
.
2013-10-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-10-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-10-14 c:\windows\Tasks\User_Feed_Synchronization-{8F92262F-335D-40B0-9F9A-BC107C447E49}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Al\Application Data\Mozilla\Firefox\Profiles\g61ohfog.default-1381311434468\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-37255119.sys
MSConfigStartUp-Facebook Update - c:\documents and settings\Work\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Internet Helper Anti-phishing - c:\documents and settings\All Users\Application Data\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
AddRemove-321763792.go.sky.com - c:\program files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
AddRemove-DSite - c:\documents and settings\Al\Application Data\DSite\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-15 02:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-10-15 02:57:49
ComboFix-quarantined-files.txt 2013-10-15 01:57
.
Pre-Run: 103,065,321,472 bytes free
Post-Run: 103,084,134,400 bytes free
.
- - End Of File - - 4FF081EC3597E7FFD56113AFD480C2EA
8F558EB6672622401DA993E1E865C861




Eset Online Scanner Log

C:\Documents and Settings\Work\My Documents\Downloads\Firefox_Setup_21.0 (1).exe Win32/InstallCore.BL application
C:\Documents and Settings\Work\My Documents\Downloads\Firefox_Setup_21.0.exe Win32/InstallCore.BL application
C:\Program Files\PDF Password Remover v3.1\winDecrypt.exe probably a variant of Win32/PSWTool.PdfCracker.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP428\A0166053.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP428\A0166074.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP429\A0167074.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP429\A0167097.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP429\A0167118.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP430\A0167141.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167162.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167179.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167210.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167227.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167256.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167267.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167279.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167311.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167329.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167350.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167375.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP431\A0167389.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP432\A0168388.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP432\A0168405.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP432\A0168424.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP432\A0168452.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP432\A0168570.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP433\A0168704.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP433\A0168721.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP433\A0168732.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP435\A0169221.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP437\A0169407.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP438\A0171067.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP438\A0171078.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP439\A0171136.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP439\A0171146.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP440\A0171459.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172057.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172071.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172085.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172113.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172130.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172190.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172215.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172229.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172260.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172272.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP441\A0172291.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP443\A0172439.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP444\A0173440.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP444\A0173456.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP444\A0173471.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP445\A0173526.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP446\A0173780.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174654.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174676.exe a variant of Win32/InstallCore.CH application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174725.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174733.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174744.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174765.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP447\A0174788.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP448\A0174841.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP449\A0174858.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP449\A0174869.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP449\A0174896.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP449\A0174905.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP450\A0174936.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP451\A0174946.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP451\A0174988.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP451\A0174997.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP452\A0175053.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP453\A0175065.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP453\A0175191.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP453\A0175199.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP455\A0175467.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP459\A0176114.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP460\A0176193.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP460\A0176222.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP460\A0176255.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP460\A0176275.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176351.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176372.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176394.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176425.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176441.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176460.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176492.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP461\A0176518.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP462\A0176555.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP462\A0176562.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP462\A0176596.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP462\A0176604.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP463\A0176690.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP463\A0176702.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP464\A0176878.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP464\A0176908.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP464\A0176924.dll a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP464\A0176969.dll probably a variant of Win32/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP464\A0176972.exe a variant of MSIL/BrowseFox.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP464\A0176975.exe Win32/BrowseFox.C application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP468\A0177507.exe a variant of Win32/AirAdInstaller.A application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP468\A0177509.exe Win32/DownloadAdmin.G application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP468\A0177519.exe a variant of Win32/InstallCore.CL application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP482\A0181830.exe Win32/Somoto.D application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP491\A0187820.dll Win32/Bundled.Toolbar.Ask.B application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP491\A0187822.exe a variant of Win32/DealPly.F application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP491\A0187824.exe Win32/Somoto.D application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP491\A0187900.exe Win32/OpenCandy application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP491\A0187901.exe Win32/OpenCandy application
C:\System Volume Information\_restore{3886C046-0431-4586-A24C-4347547CE373}\RP491\A0187902.exe Win32/OpenCandy application
  • 0

#4
emeraldnzl
Posted 18 October 2013 - 03:16 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again alastair70,

I think I have fixed my laptop. After reading several other posts I ran ADWCleaner and then RougeKiller. I did a combofix scan followed by Eset online Scanner.


Looks like you did a good job. The logs look good to me. A couple of leftovers to remove but otherwise nothing bad there that I can see.

I am certain that I got infected after my son had been using Utorrent


Yes, very likely. P to P file sharing is a huge source of infection.

I am very interested indeed in learning how to remove malware and viruses


You might like to consider our training program, see here.

Now

Let's remove those bad left overs. While they are not active it would make sense to get rid of them.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: Running the cleanup actions below will remove the Fixlog.txt so check it to see if it has done it's job before following the next instruction. No need to post back unless there is something you are not sure of.

After that

It's important to remove the tools you have been using. If left on the machine they can cause problems down the track.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#5
alastair70
Posted 21 October 2013 - 05:44 AM

alastair70

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My Laptop is running as it should do, Thanks for everything. I will have a good luck at GeekU

All the best
Alastair
  • 0

#6
emeraldnzl
Posted 21 October 2013 - 01:28 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Thanks for everything.


You are very welcome. :happy:

I will keep this topic open for a day or two in case any issues arise.
  • 0

#7
alastair70
Posted 21 October 2013 - 02:21 PM

alastair70

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay that's great, and seriously thank you ever so much, I know I got most of it but I didn't know how or why I had to uninstall those two items. It is people like. Yourself and all the other helpers that helps restore faith in people, helping others Without reward, you are a star my friend.
  • 0

#8
emeraldnzl
Posted 21 October 2013 - 02:23 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
:thumbsup:
  • 0

#9
emeraldnzl
Posted 03 November 2013 - 09:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP