[punky_one]

Hi there,

My laptop keeps crashing whilst programs are open, or the program will not run correctly. It also does not shut down properly. I have run avast, spy bot, malware bytes and it is still pretty bad. Can anyone help?

Thanks

[Advertisements]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Don't worry, we'll get these problems whipped

Now, let's get started, shall we?




Step 1: Download and Scan with OTL


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

• Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: Scan with aswMBR

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

• OTL Log
  
• Extras Log
  
• aswMBR Log
  
• The log that was produced when you ran Malwarebytes.

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Don't worry, we'll get these problems whipped

Now, let's get started, shall we?




Step 1: Download and Scan with OTL


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

• Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: Scan with aswMBR

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

• OTL Log
  
• Extras Log
  
• aswMBR Log
  
• The log that was produced when you ran Malwarebytes.

[pystryker]

One other thing: What version of Avast are you using?

[punky_one]

HI there, thanks for the reply, I am using the latest version as I updated it as soon as I got the laptop. I dont know where to find the log from malware bytes but here are the others.

OTL logfile created on: 02/11/2013 12:19:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tom\.thumbnails\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.83% Memory free
4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.32 Gb Total Space | 33.52 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.59% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/02 11:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom\.thumbnails\Desktop\OTL.exe
PRC - [2013/10/24 22:07:22 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
PRC - [2013/10/24 10:10:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/23 11:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/24 10:11:05 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2007/03/30 03:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/10/24 10:10:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/15 12:37:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 10:45:38 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 19:39:34 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013/10/24 10:11:09 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/10/24 10:11:09 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/10/24 10:11:09 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/24 10:11:09 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/10/24 10:11:09 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/10/24 10:11:09 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/10/24 10:11:09 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/10/24 10:11:08 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/05/24 06:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/02/04 13:24:32 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2006/11/05 10:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 07:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/02/20 18:51:14 | 010,446,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://support.thetechguys.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\..\SearchScopes,DefaultScope = {8F568039-CC7E-47F9-B209-F6915DC187C6}
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\..\SearchScopes\{8F568039-CC7E-47F9-B209-F6915DC187C6}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\tom\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/10/24 10:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 10:45:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 10:45:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 10:45:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 10:45:18 | 000,000,000 | ---D | M]

[2008/08/28 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Extensions
[2013/10/29 22:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\extensions
[2013/09/22 22:41:38 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\extensions\[email protected]
[2013/10/10 10:36:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/08 09:20:54 | 000,000,921 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\searchplugins\yahoo.xml
[2013/09/19 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/19 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/09/19 10:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/19 10:45:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage:
CHR - homepage: http://uk.search.yah...r=spigot-yhp-ch

O1 HOSTS File: ([2011/11/24 11:28:30 | 000,441,366 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 15188 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-402816791-3076325328-2136879946-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKU\S-1-5-21-402816791-3076325328-2136879946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21244BA2-C061-4D4D-833E-D4831FAD908A}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D74051F-ABD5-4F0A-B5B8-2AB6E498F1AA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0767abb1-d326-11dc-9831-00030d6cb0d9}\Shell - "" = AutoRun
O33 - MountPoints2\{0767abb1-d326-11dc-9831-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\Shell - "" = AutoRun
O33 - MountPoints2\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\boyedt.com
O33 - MountPoints2\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\Shell\open\Command - "" = D:\boyedt.com
O33 - MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\Shell - "" = Autorun
O33 - MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\Shell\AutoRun\command - "" = SVICHOSST.exe
O33 - MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\Shell\Open\command - "" = SVICHOSST.exe
O33 - MountPoints2\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\Shell - "" = AutoRun
O33 - MountPoints2\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{671fd4e5-b175-11dd-bb2f-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\Shell\AutoRun\command - "" = F:\xih9.cmd
O33 - MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\Shell\explore\Command - "" = F:\xih9.cmd
O33 - MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\Shell\open\Command - "" = F:\xih9.cmd
O33 - MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\xih9.cmd
O33 - MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\Shell\explore\Command - "" = D:\xih9.cmd
O33 - MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\Shell\open\Command - "" = D:\xih9.cmd
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/02 11:47:39 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\tom\.thumbnails\Desktop\aswmbr.exe
[2013/11/02 11:44:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tom\.thumbnails\Desktop\OTL.exe
[2013/11/02 00:27:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/02 00:19:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/29 20:35:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/29 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\tom\.thumbnails\Desktop\New Folder
[2013/10/29 19:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/29 19:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/29 16:42:00 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\AVG
[2013/10/29 16:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/10/29 16:34:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/10/29 16:34:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/10/24 14:31:23 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\AVAST Software
[2013/10/24 10:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/24 10:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/20 14:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 14:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/02 12:10:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 11:47:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\tom\.thumbnails\Desktop\aswmbr.exe
[2013/11/02 11:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom\.thumbnails\Desktop\OTL.exe
[2013/11/02 11:42:08 | 000,594,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/02 11:42:08 | 000,101,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/02 11:40:55 | 000,359,652 | ---- | M] () -- C:\Users\tom\Documents\cc_20131102_114034.reg
[2013/11/02 11:37:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 11:37:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 11:36:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/02 00:35:45 | 000,005,874 | ---- | M] () -- C:\Users\tom\Documents\cc_20131102_003534.reg
[2013/10/29 20:03:16 | 000,000,965 | ---- | M] () -- C:\Users\tom\.thumbnails\Desktop\Adobe Photoshop 7.0.lnk
[2013/10/29 19:41:21 | 000,146,756 | ---- | M] () -- C:\Users\tom\Documents\cc_20131029_194057.reg
[2013/10/29 19:35:48 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/29 11:27:28 | 000,002,539 | ---- | M] () -- C:\Users\tom\AppData\Local\recently-used.xbel
[2013/10/28 23:53:00 | 000,001,356 | ---- | M] () -- C:\Users\tom\AppData\Local\d3d9caps.dat
[2013/10/24 10:12:00 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/24 10:11:09 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/10/24 10:11:09 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/10/24 10:11:09 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/10/24 10:11:09 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/10/24 10:11:09 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/10/24 10:11:09 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/10/24 10:11:09 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/10/24 10:11:08 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/10/24 10:11:07 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/10/24 10:11:07 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/24 10:07:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/02 11:40:37 | 000,359,652 | ---- | C] () -- C:\Users\tom\Documents\cc_20131102_114034.reg
[2013/11/02 00:35:37 | 000,005,874 | ---- | C] () -- C:\Users\tom\Documents\cc_20131102_003534.reg
[2013/10/29 20:03:16 | 000,000,965 | ---- | C] () -- C:\Users\tom\.thumbnails\Desktop\Adobe Photoshop 7.0.lnk
[2013/10/29 19:41:05 | 000,146,756 | ---- | C] () -- C:\Users\tom\Documents\cc_20131029_194057.reg
[2013/10/29 19:35:48 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/29 11:27:28 | 000,002,539 | ---- | C] () -- C:\Users\tom\AppData\Local\recently-used.xbel
[2013/08/01 22:53:50 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/01 22:53:26 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2010/02/15 11:18:34 | 000,180,856 | ---- | C] () -- C:\Users\tom\AppData\Roaming\speech.wav
[2009/08/27 16:04:50 | 000,001,356 | ---- | C] () -- C:\Users\tom\AppData\Local\d3d9caps.dat
[2008/11/04 21:45:39 | 000,000,125 | -H-- | C] () -- C:\Users\tom\AppData\Roaming\lakerda1967.sys
[2008/11/04 21:45:14 | 000,010,584 | ---- | C] () -- C:\Users\tom\AppData\Roaming\docXConverter (3).ini
[2008/08/03 12:20:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/09/26 17:32:48 | 000,027,136 | ---- | C] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/25 01:33:58 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Audacity
[2013/10/24 14:31:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\AVAST Software
[2013/10/29 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\AVG
[2011/04/15 11:12:04 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/21 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Cucu
[2008/02/04 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\DAEMON Tools Pro
[2013/01/01 19:44:18 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dropbox
[2010/02/08 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\gtk-2.0
[2013/10/29 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\inkscape
[2011/01/08 23:53:39 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Local
[2010/02/19 08:57:43 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\NCH Swift Sound
[2008/08/09 14:43:28 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Nokia
[2008/03/05 23:40:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\PC Suite
[2011/04/15 10:32:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Publish Providers
[2009/06/20 15:02:55 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SecondLife
[2010/10/07 14:51:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Sony
[2012/01/20 01:05:42 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SpringLobby
[2012/01/20 01:29:38 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\springlobby_updater
[2012/01/20 01:00:04 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SpringSettings
[2008/01/31 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Uniblue
[2013/11/02 00:32:52 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\uTorrent
[2010/06/22 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Yctice

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 21:50:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 21:50:30 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 21:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 21:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/09/03 13:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.DAT >
[2013/10/15 19:36:22 | 000,003,075 | ---- | M] () MD5=6806FCE3B99E6913439FB220BF6544B0 -- C:\Users\tom\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2008/01/19 07:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 09:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 06:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 06:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 12:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 12:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/08/03 14:48:56 | 000,001,688 | ---- | M] () MD5=21A9474322472BC89A305BF9CE921DA9 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 21:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 12:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 12:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 21:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2008/05/29 21:43:40 | 005,308,416 | ---- | M] () MD5=11497091149E46166AEEAFBA9DB68D95 -- C:\Program Files\OpenOffice.org 2.4\program\services.rdb

< MD5 for: SERVICES.SBS >
[2013/07/16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Vista
Volume Serial Number is 70B4-CF89
Directory of C:\
02/11/2006 13:02 <JUNCTION> Documents and Settings [V:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:02 <JUNCTION> Application Data [V:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [V:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [V:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [V:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [V:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [V:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:02 <SYMLINKD> All Users [V:\ProgramData]
02/11/2006 13:02 <JUNCTION> Default User [V:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:02 <JUNCTION> Application Data [V:\Users\Default\AppData\Roaming]
02/11/2006 13:02 <JUNCTION> Cookies [V:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 13:02 <JUNCTION> Local Settings [V:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> My Documents [V:\Users\Default\Documents]
02/11/2006 13:02 <JUNCTION> NetHood [V:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:02 <JUNCTION> PrintHood [V:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:02 <JUNCTION> Recent [V:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:02 <JUNCTION> SendTo [V:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:02 <JUNCTION> Start Menu [V:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [V:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:02 <JUNCTION> Application Data [V:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [V:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [V:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:02 <JUNCTION> My Music [V:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [V:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [V:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 13:02 <JUNCTION> My Music [V:\Users\Public\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [V:\Users\Public\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [V:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\tom
26/09/2007 14:45 <JUNCTION> Application Data [C:\Users\tom\AppData\Roaming]
26/09/2007 14:45 <JUNCTION> Cookies [C:\Users\tom\AppData\Roaming\Microsoft\Windows\Cookies]
26/09/2007 14:45 <JUNCTION> Local Settings [C:\Users\tom\AppData\Local]
26/09/2007 14:45 <JUNCTION> My Documents [C:\Users\tom\Documents]
26/09/2007 14:45 <JUNCTION> NetHood [C:\Users\tom\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26/09/2007 14:45 <JUNCTION> PrintHood [C:\Users\tom\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26/09/2007 14:45 <JUNCTION> Recent [C:\Users\tom\AppData\Roaming\Microsoft\Windows\Recent]
26/09/2007 14:45 <JUNCTION> SendTo [C:\Users\tom\AppData\Roaming\Microsoft\Windows\SendTo]
26/09/2007 14:45 <JUNCTION> Start Menu [C:\Users\tom\AppData\Roaming\Microsoft\Windows\Start Menu]
26/09/2007 14:45 <JUNCTION> Templates [C:\Users\tom\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\tom\AppData\Local
26/09/2007 14:45 <JUNCTION> Application Data [C:\Users\tom\AppData\Local]
26/09/2007 14:45 <JUNCTION> History [C:\Users\tom\AppData\Local\Microsoft\Windows\History]
26/09/2007 14:45 <JUNCTION> Temporary Internet Files [C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\tom\Documents
26/09/2007 14:45 <JUNCTION> My Music [C:\Users\tom\Music]
26/09/2007 14:45 <JUNCTION> My Pictures [C:\Users\tom\Pictures]
26/09/2007 14:45 <JUNCTION> My Videos [C:\Users\tom\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
44 Dir(s) 35,993,489,408 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF

< End of report >


OTL Extras logfile created on: 02/11/2013 12:19:41 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tom\.thumbnails\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.83% Memory free
4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.32 Gb Total Space | 33.52 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.59% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-402816791-3076325328-2136879946-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1934DB92-8880-4E54-8D50-B989C922F06E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{1A83CA52-3958-4B11-8FE7-240BCC301BD3}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{20F39D88-76C3-4D7B-BE4A-7501B4302EEE}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{3C90413D-26F7-41A2-A9F4-0980677C88E7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{45745A0B-A039-4657-B2E0-04D69865C853}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{47CBE10B-784B-4EBD-A2C9-F440E75F52FD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4B8C7436-0F26-40CB-BA94-696216CB0C2D}" = lport=57140 | protocol=6 | dir=in | name=akamai netsession interface |
"{89AAD6AF-FC9E-4C6F-B065-0979600EE63C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A25C55B6-21DA-494D-9615-3B9AD384DBB7}" = lport=64414 | protocol=6 | dir=in | name=akamai netsession interface |
"{A45E1CE2-157A-49CF-9944-4EA243EC1045}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E71FF98C-5878-48BB-B549-504AA04E8CBE}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{FF795B7B-6DB3-41CD-B06F-2978840602AB}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B698FA4-8497-4B06-ADCA-622156482F2F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{39DE0777-26BE-4144-8567-0DF05425FC42}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{52BDFD03-B8D0-4966-8714-6721D2D1A1C1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5700104A-955C-46DD-AAE8-A181ABA549A5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CA71C19E-02D8-4A15-BA69-BEA7474525EF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{23D08263-F352-4A26-A45B-9BAA364ECFBD}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{4759A23F-39F5-419F-A839-0D37329CD203}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C0C515D2-C2B3-4201-8A47-98906030F209}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D6674A76-57CC-4716-BB02-D61008BB4750}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DA2F5526-2C8F-488C-8A79-6BC84983FB31}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1A9843B5-DEBC-42D9-9403-591FEC3D2026}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{39DB5EBF-2110-4C03-BB52-9FACA2A3C501}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9AAA28B2-94B5-4569-B8A0-1394CEE0C81C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BB1115A0-5A89-4653-BE66-AA98B2660429}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D284B2AD-EB93-41F9-85B6-12804BD8B5D6}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HDMI" = Intel® Graphics Media Accelerator Driver
"Inkscape" = Inkscape 0.48.4
"IZArc 3.5 beta 3_is1" = IZArc 3.5 beta 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-402816791-3076325328-2136879946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Search Protection" = Search Protection

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 05/04/2008 19:39:44 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 06/04/2008 12:00:40 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 06/04/2008 13:39:19 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 23/08/2008 11:15:23 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 01/04/2009 13:37:59 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 01/04/2009 15:00:41 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 01/04/2009 15:00:51 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 01/04/2009 15:01:22 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 16/03/2010 15:46:58 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

Error - 29/03/2010 05:10:02 | Computer Name = tom-PC | Source = avast! | ID = 33554522
Description =

[ System Events ]
Error - 02/11/2013 07:36:39 | Computer Name = tom-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 02/11/2013 07:36:45 | Computer Name = tom-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 02/11/2013 07:37:16 | Computer Name = tom-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-02 12:30:53
-----------------------------
12:30:53.107 OS Version: Windows 6.0.6002 Service Pack 2
12:30:53.107 Number of processors: 2 586 0xE0C
12:30:53.107 ComputerName: TOM-PC UserName: tom
12:30:54.028 Initialize success
12:30:58.008 AVAST engine defs: 13110101
12:31:13.577 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
12:31:13.577 Disk 0 Vendor: Hitachi_HTS541610J9SA00 SBCOC70P Size: 95396MB BusType: 3
12:31:13.608 Disk 0 MBR read successfully
12:31:13.608 Disk 0 MBR scan
12:31:13.608 Disk 0 Windows VISTA default MBR code
12:31:13.624 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
12:31:13.640 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
12:31:13.655 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 88394 MB offset 14338048
12:31:13.671 Disk 0 scanning sectors +195368960
12:31:13.889 Disk 0 scanning C:\Windows\system32\drivers
12:31:31.564 Service scanning
12:31:56.961 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:32:05.556 Modules scanning
12:32:40.844 Disk 0 trace - called modules:
12:32:40.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x850601e8]<<
12:32:40.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c6b798]
12:32:40.890 3 CLASSPNP.SYS[88d9f8b3] -> nt!IofCallDriver -> [0x85ab4918]
12:32:40.890 5 acpi.sys[807b66bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85aa3448]
12:32:40.890 \Driver\atapi[0x85a9d2f0] -> IRP_MJ_CREATE -> 0x850601e8
12:32:41.436 AVAST engine scan C:\Windows
12:32:44.417 AVAST engine scan C:\Windows\system32
12:35:37.500 AVAST engine scan C:\Windows\system32\drivers
12:35:52.445 AVAST engine scan C:\Users\tom
12:44:06.969 AVAST engine scan C:\ProgramData
12:45:12.364 Scan finished successfully
12:56:43.959 Disk 0 MBR has been saved successfully to "C:\Users\tom\.thumbnails\Desktop\MBR.dat"
12:56:43.974 The log file has been saved successfully to "C:\Users\tom\.thumbnails\Desktop\aswMBR.txt"

[punky_one]

I found it Google is kind to me haha.

alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.01.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
tom :: TOM-PC [administrator]

02/11/2013 00:42:38
mbam-log-2013-11-02 (00-42-38).txt

Scan type: Full scan (C:\|D:\|S:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336546
Time elapsed: 1 hour(s), 16 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[pystryker]

Hi and thanks for the logs I have some instructions for you pending approval by my instructor. He's offline, but will be back online in the morning.

[punky_one]

Brilliant, thanks for the help!

[pystryker]

Hi, we've got some work to do

Please make sure that Avast is completely up to date. They just released a fix yesterday to deal with some problems that the 2014 version had with Windows XP.

Latest Avast version is 2014.9.0.2007


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.




Step 1: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
O33 - MountPoints2\{0767abb1-d326-11dc-9831-00030d6cb0d9}\Shell - "" = AutoRun
O33 - MountPoints2\{0767abb1-d326-11dc-9831-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\Shell - "" = AutoRun
O33 - MountPoints2\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\boyedt.com
O33 - MountPoints2\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\Shell\open\Command - "" = D:\boyedt.com
O33 - MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\Shell - "" = Autorun
O33 - MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\Shell\AutoRun\command - "" = SVICHOSST.exe
O33 - MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\Shell\Open\command - "" = SVICHOSST.exe
O33 - MountPoints2\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\Shell - "" = AutoRun
O33 - MountPoints2\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{671fd4e5-b175-11dd-bb2f-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\Shell\AutoRun\command - "" = F:\xih9.cmd
O33 - MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\Shell\explore\Command - "" = F:\xih9.cmd
O33 - MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\Shell\open\Command - "" = F:\xih9.cmd
O33 - MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\Shell\AutoRun\command - "" = D:\xih9.cmd
O33 - MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\Shell\explore\Command - "" = D:\xih9.cmd
O33 - MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\Shell\open\Command - "" = D:\xih9.cmd
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4B7BEAFF

:Commands
[emptytemp]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  
• Close any open windows or browsers.
  
• Pause your Anti-Virus program if it is running.
  
• Once it starts, click on the Scan button.
  
• Let the scan complete itself. This may take a few minutes.
  
• Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  
• Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt


Step 3: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: OTL Quick Scan

• Open OTL
  
• This time, click the Quick Scan button.
  
• OTL will only produce one log from this scan, please post it with you next reply.

Step 5: MCShield

Download MCShield to your desktop and install

• It will initially run a scan and show the result as a toaster by the system clock.
  
• Then in the control center select Scanner and tick unhide items on flash drives.

• Plug in the drive and McShield will start a scan
  
• Then get the log which will be here :
  
• Start > all programs > MCShield > logs > all scans

And post that in your next reply.



Things I need to see in your next post:

• OTL Fix Log
  
• AdwCleaner Log
  
• Junkware Removal Tool Log
  
• OTL Quick Scan Log
  
• MCShield Log

[punky_one]

Ok thankyou, I have decided to not format as I do not have a working disc drive, I use this laptop for basic graphics, writing invoices and internet browsing/gaming.
I have uninstalled utorrent and Avast is up to date. I will proceed with the instructions above and post logs below.

[punky_one]

Ok, so I started OTL fix and it crashed, I forced restarted my latop and ran the fix again, it worked fine, everything else went great until MC Sheild, I dont know what you mean by plug in the drive? I dont have a drive to plug in.

Anyway here are the logs minus the MC Shield.

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0767abb1-d326-11dc-9831-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0767abb1-d326-11dc-9831-00030d6cb0d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0767abb1-d326-11dc-9831-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0767abb1-d326-11dc-9831-00030d6cb0d9}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16ba0988-3e38-11e3-9cd1-00030d6cb0d9}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\ not found.
File D:\boyedt.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2795c196-95e2-11dd-8f38-00030d6cb0d9}\ not found.
File D:\boyedt.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315941da-991e-11dc-8982-00030d6cb0d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315941da-991e-11dc-8982-00030d6cb0d9}\ not found.
File SVICHOSST.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315941da-991e-11dc-8982-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315941da-991e-11dc-8982-00030d6cb0d9}\ not found.
File SVICHOSST.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4592ec47-931a-11dc-b2cf-00030d6cb0d9}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{671fd4e5-b175-11dd-bb2f-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{671fd4e5-b175-11dd-bb2f-00030d6cb0d9}\ not found.
File D:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beb7a8b9-1eb2-11de-838b-00030d6cb0d9}\ not found.
File F:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\ not found.
File D:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\ not found.
File D:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f95c27f5-3ecf-11de-bb7b-00030d6cb0d9}\ not found.
File D:\xih9.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Unable to delete ADS C:\ProgramData\TEMP:888AFB86 .
Unable to delete ADS C:\ProgramData\TEMP:4B7BEAFF .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

User: tom
->Temp folder emptied: 1899438 bytes
->Temporary Internet Files folder emptied: 3408006 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17247389 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1882531 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6712 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11032013_163605

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


# AdwCleaner v3.010 - Report created 03/11/2013 at 16:44:26
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : tom - TOM-PC
# Running from : C:\Users\tom\.thumbnails\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1860 octets] - [02/11/2013 00:27:23]
AdwCleaner[R1].txt - [1920 octets] - [03/11/2013 16:43:31]
AdwCleaner[S0].txt - [1861 octets] - [03/11/2013 16:44:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1921 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by tom on 03/11/2013 at 16:48:42.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/11/2013 at 16:52:36.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 03/11/2013 16:54:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tom\.thumbnails\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.07% Memory free
4.21 Gb Paging File | 3.16 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.32 Gb Total Space | 33.31 Gb Free Space | 38.58% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.59% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/03 16:22:24 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/11/03 16:22:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/11/02 11:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom\.thumbnails\Desktop\OTL.exe
PRC - [2013/09/19 10:45:40 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/01/28 11:43:32 | 000,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/23 11:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/24 10:11:05 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013/09/19 10:45:38 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2007/03/30 03:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/11/03 16:22:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/15 12:37:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/19 10:45:38 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 19:39:34 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013/11/03 16:22:30 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/03 16:22:30 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/03 16:22:30 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/03 16:22:30 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/03 16:22:29 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/10/24 10:11:09 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/10/24 10:11:09 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/24 10:11:09 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2009/05/24 06:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/02/04 13:24:32 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2006/11/05 10:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 07:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/02/20 18:51:14 | 010,446,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://support.thetechguys.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8F568039-CC7E-47F9-B209-F6915DC187C6}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=utf-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\tom\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/11/03 16:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 10:45:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 10:45:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 10:45:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 10:45:18 | 000,000,000 | ---D | M]

[2008/08/28 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Extensions
[2013/10/29 22:46:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\extensions
[2013/09/22 22:41:38 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\extensions\[email protected]
[2013/10/10 10:36:25 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/08 09:20:54 | 000,000,921 | ---- | M] () -- C:\Users\tom\AppData\Roaming\Mozilla\Firefox\Profiles\8mjdsicj.default-1377682916857\searchplugins\yahoo.xml
[2013/09/19 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/19 10:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/09/19 10:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/19 10:45:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage:
CHR - homepage: http://uk.search.yah...r=spigot-yhp-ch

O1 HOSTS File: ([2011/11/24 11:28:30 | 000,441,366 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 15188 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21244BA2-C061-4D4D-833E-D4831FAD908A}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D74051F-ABD5-4F0A-B5B8-2AB6E498F1AA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/03 16:41:15 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\tom\.thumbnails\Desktop\JRT.exe
[2013/11/03 16:27:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/03 16:26:28 | 000,000,000 | ---D | C] -- C:\Users\tom\.thumbnails\Desktop\New Folder (2)
[2013/11/02 11:47:39 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\tom\.thumbnails\Desktop\aswmbr.exe
[2013/11/02 11:44:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tom\.thumbnails\Desktop\OTL.exe
[2013/11/02 00:27:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/02 00:19:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/29 20:35:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/29 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\tom\.thumbnails\Desktop\New Folder
[2013/10/29 19:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/29 19:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/29 16:42:00 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\AVG
[2013/10/29 16:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/10/29 16:34:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2013/10/29 16:34:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/10/24 14:31:23 | 000,000,000 | ---D | C] -- C:\Users\tom\AppData\Roaming\AVAST Software
[2013/10/24 10:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/24 10:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/20 14:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 14:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

========== Files - Modified Within 30 Days ==========

[2013/11/03 16:51:31 | 000,594,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/03 16:51:31 | 000,101,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/03 16:46:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 16:46:19 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 16:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/03 16:41:45 | 002,633,042 | ---- | M] () -- C:\Users\tom\.thumbnails\Desktop\MCShield-Setup.exe
[2013/11/03 16:41:16 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\tom\.thumbnails\Desktop\JRT.exe
[2013/11/03 16:40:10 | 001,060,070 | ---- | M] () -- C:\Users\tom\.thumbnails\Desktop\adwcleaner.exe
[2013/11/03 16:31:12 | 002,400,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/03 16:22:48 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/03 16:22:30 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/11/03 16:22:30 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/11/03 16:22:30 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/11/03 16:22:30 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/11/03 16:22:29 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/11/03 16:22:29 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/11/03 16:22:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/03 16:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 11:47:48 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\tom\.thumbnails\Desktop\aswmbr.exe
[2013/11/02 11:44:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tom\.thumbnails\Desktop\OTL.exe
[2013/11/02 11:40:55 | 000,359,652 | ---- | M] () -- C:\Users\tom\Documents\cc_20131102_114034.reg
[2013/11/02 00:35:45 | 000,005,874 | ---- | M] () -- C:\Users\tom\Documents\cc_20131102_003534.reg
[2013/10/29 20:03:16 | 000,000,965 | ---- | M] () -- C:\Users\tom\.thumbnails\Desktop\Adobe Photoshop 7.0.lnk
[2013/10/29 19:41:21 | 000,146,756 | ---- | M] () -- C:\Users\tom\Documents\cc_20131029_194057.reg
[2013/10/29 19:35:48 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/29 11:27:28 | 000,002,539 | ---- | M] () -- C:\Users\tom\AppData\Local\recently-used.xbel
[2013/10/28 23:53:00 | 000,001,356 | ---- | M] () -- C:\Users\tom\AppData\Local\d3d9caps.dat
[2013/10/24 10:11:09 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/10/24 10:11:09 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/10/24 10:11:09 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/10/24 10:07:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2013/11/03 16:41:40 | 002,633,042 | ---- | C] () -- C:\Users\tom\.thumbnails\Desktop\MCShield-Setup.exe
[2013/11/03 16:40:10 | 001,060,070 | ---- | C] () -- C:\Users\tom\.thumbnails\Desktop\adwcleaner.exe
[2013/11/03 16:30:13 | 002,400,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/02 11:40:37 | 000,359,652 | ---- | C] () -- C:\Users\tom\Documents\cc_20131102_114034.reg
[2013/11/02 00:35:37 | 000,005,874 | ---- | C] () -- C:\Users\tom\Documents\cc_20131102_003534.reg
[2013/10/29 20:03:16 | 000,000,965 | ---- | C] () -- C:\Users\tom\.thumbnails\Desktop\Adobe Photoshop 7.0.lnk
[2013/10/29 19:41:05 | 000,146,756 | ---- | C] () -- C:\Users\tom\Documents\cc_20131029_194057.reg
[2013/10/29 19:35:48 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/29 11:27:28 | 000,002,539 | ---- | C] () -- C:\Users\tom\AppData\Local\recently-used.xbel
[2013/08/01 22:53:50 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/01 22:53:26 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2010/02/15 11:18:34 | 000,180,856 | ---- | C] () -- C:\Users\tom\AppData\Roaming\speech.wav
[2009/08/27 16:04:50 | 000,001,356 | ---- | C] () -- C:\Users\tom\AppData\Local\d3d9caps.dat
[2008/11/04 21:45:39 | 000,000,125 | -H-- | C] () -- C:\Users\tom\AppData\Roaming\lakerda1967.sys
[2008/11/04 21:45:14 | 000,010,584 | ---- | C] () -- C:\Users\tom\AppData\Roaming\docXConverter (3).ini
[2008/08/03 12:20:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/09/26 17:32:48 | 000,027,136 | ---- | C] () -- C:\Users\tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/25 01:33:58 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Audacity
[2013/10/24 14:31:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\AVAST Software
[2013/10/29 16:42:00 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\AVG
[2011/04/15 11:12:04 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/21 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Cucu
[2008/02/04 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\DAEMON Tools Pro
[2013/01/01 19:44:18 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Dropbox
[2010/02/08 18:09:14 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\gtk-2.0
[2013/10/29 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\inkscape
[2011/01/08 23:53:39 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Local
[2010/02/19 08:57:43 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\NCH Swift Sound
[2008/08/09 14:43:28 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Nokia
[2008/03/05 23:40:23 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\PC Suite
[2011/04/15 10:32:29 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Publish Providers
[2009/06/20 15:02:55 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SecondLife
[2010/10/07 14:51:09 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Sony
[2012/01/20 01:05:42 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SpringLobby
[2012/01/20 01:29:38 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\springlobby_updater
[2012/01/20 01:00:04 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\SpringSettings
[2008/01/31 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Uniblue
[2013/11/02 00:32:52 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\uTorrent
[2010/06/22 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\tom\AppData\Roaming\Yctice

========== Purity Check ==========



< End of report >


Thanks

Edited by punky_one, 03 November 2013 - 11:11 AM.

[pystryker]

Ok, so I started OTL fix and it crashed, I forced restarted my latop and ran the fix again, it worked fine, everything else went great until MC Sheild, I dont know what you mean by plug in the drive? I dont have a drive to plug in.

I'm sorry, I should have given a better explaination about that. The infections look like USB infections and the program scans all USB drives as soon as they are plugged in and blocks/cures anything it finds that is not legitimate. It's for future protection as well as checking your USB's.

I'll review the logs you have posted and work out what our next steps are going to be. Go ahead and check your USB drives using MCShield and let's make sure they are ok.

[punky_one]

Ahh ok I get it now, my external hardrive is at work, but more of a worry, alot of my friends plug their hardrives/pen drives into my laptop to transfer files etc. What should I do if MC Sheild flags up a threst on someone else's hardrive? If it does run a clean on the drive will it wipe any data that is attached to the infection? Sorry if this seems like a really obvious question, but I just want to be sure Thanks again for your help so far!

[pystryker]

Ahh ok I get it now, my external hardrive is at work, but more of a worry, alot of my friends plug their hardrives/pen drives into my laptop to transfer files etc. What should I do if MC Sheild flags up a threst on someone else's hardrive? If it does run a clean on the drive will it wipe any data that is attached to the infection? Sorry if this seems like a really obvious question, but I just want to be sure

MCShield will only quarantine/delete malware anything else it will leave.

Thanks again for your help so far!

You are very much welcome It's my pleasure!

[pystryker]

Hi

You logs are looking good, let's fix a couple of things and run a sweep for remnants.



Step 1: Disable Spybot's Tea Timer


Let's disable Spybot's TeaTimer for the duration of the fixes.


Spybot Search & Destroy TeaTimer
There are two ways to disable TeaTimer

1)

• Launch Spybot Search & Destroy
• In the Menu, Select Mode and choose Advanced Mode
• Click Yes in the confirmation dialogue box
• click on Tools to expand the menu. Make sure that Resident is checked and then click Resident in the left pane.
• In the right pane uncheck Resident "Tea timer" (Protection of over-all system settings) to disable it.
• Uncheck the TeaTimer box and OK any prompts.
• If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
• Exit Spybot S&D when done.
• (Once you are clean, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.

2)

• Right click the TeaTimer icon in the system Tray
• Then click Exit Spybot-S&D Resident
• (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

:Commands
[reboot]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: Scan with MBAM


I see you have Malwarebytes' Anti-Malware installed.

• Please open the program.
• Click on the Update tab then click Check for Updates
  
  
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, check the following settings:
  
  • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  
  
  
• On the Scanner tab, check Perform quick scan.
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
  
  
• Make sure that everything is checked, and click Remove Selected.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

Step 4: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked.
  
• Make sure that the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
  
• Now click on Start
  
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically. The scan may take several hours.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on Finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Things I need to see in your next post:

• OTL Fix Log
  
• MBAM Log
  
• ESET Log
  
• How is the machine running now?

[punky_one]

I ran OTL and the restart did not produce a log, so I went into the file and grabbed it that way. The laptop seems to be running a lot better thanks! I really appreciate the time and effort you have taken to help me.

Here are the logs as requested.



========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11032013_215702


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
tom :: TOM-PC [administrator]

03/11/2013 22:05:40
mbam-log-2013-11-03 (22-05-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207650
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=36063b64a72de442b93f6b3badd67462
# engine=15739
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-03 11:43:20
# local_time=2013-11-03 11:43:20 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 76654 221054928 0 0
# scanned=134945
# found=0
# cleaned=0
# scan_time=5146


On a seperate note, the reson why I got this laptop is because my main computer stopped working, possible corrupt hardrive, it wont read it at all and wont boot up. how likely is it that I can get the data off of the hardrive and who would I send it to?