Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with "Software Version updater" [Closed]


  • This topic is locked This topic is locked

#1
Kabouterke

Kabouterke

    Member

  • Member
  • PipPip
  • 14 posts
Hello. I have used this forum's advice for a long time but this is my first post here. I recently downloaded malware entitled "Software version updater" when I was downloading what I thought was a PDF (stupid, I know). I first noticed that it hijacks my browsers by opening up advertising pages when I open up new tabs, etc etc. Other than that, I can't see that it's changed anything else (however, I want to make sure that it is thoroughly removed because some other people said that it can have potentially other risks). I removed the program from the "add/remove programs" list in the control panel, but it is still there even though the logo is now gone. I searched with it for AVG and Spybot, but neither of them were able to find it. I uninstalled and re-installed Google Chrome to see if that would change things, and it didn't. It also affects all of my other browsers.

If needed, I can tell you where and what I downloaded that infected my computer.

I searched first on the forum and I saw that another forum poster had a similar problem, but the advice he received was how to remove many different malware programs at once (including Software Version Downloader). And since I don't have a background in computers, I didn't want to try to remove it using those instructions to avoid doing something wrong.

Would anyone be willing to help me remove this from my computer?

Thank you in advance!

-Kabouterke

___________________________________________________________

OTL logfile created on: 2/9/2014 9:53:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.04% Memory free
3.85 Gb Paging File | 2.31 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 28.54 Gb Free Space | 51.07% Space Free | Partition Type: NTFS

Computer Name: LAPSTU02 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/09 21:39:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2014/02/03 11:35:30 | 004,349,216 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/02/03 11:35:30 | 002,929,952 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/02/03 11:35:30 | 002,317,600 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/02/02 00:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/01/13 21:00:40 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/20 10:57:28 | 006,214,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/20 10:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/07/23 15:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe
PRC - [2012/07/20 14:08:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2012/05/14 15:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2012/05/14 02:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2012/05/11 23:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2012/05/04 17:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2012/03/15 14:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2011/03/26 06:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\mgmtagnt.exe
PRC - [2011/03/26 06:13:10 | 000,049,808 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\eTray.exe
PRC - [2011/01/14 14:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/02 00:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/02 00:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/02 00:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/02 00:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/15 22:55:13 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2014/01/15 22:55:13 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012/04/03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2011/05/19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2011/04/01 09:53:28 | 000,499,712 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
MOD - [2011/03/26 06:13:10 | 000,081,991 | ---- | M] () -- C:\Program Files\netinst\zlib1.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2014/02/03 11:35:30 | 002,317,600 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/12 17:00:06 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/23 15:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/14 15:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012/05/11 23:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012/05/04 17:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/03/15 14:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/03/26 06:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) [Auto | Running] -- C:\Program Files\netinst\mgmtagnt.exe -- (esiCore)
SRV - [2011/01/14 14:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/17 12:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2012/04/20 00:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/04/20 00:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/04/13 09:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/01/14 14:58:36 | 000,087,744 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2010/12/07 13:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/12/06 08:46:24 | 000,135,256 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2010/10/07 05:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/06/02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/02/11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/23 10:55:28 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5B72A1BD6&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 75 E1 CA F5 1D CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.48:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.backup.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.0.0.48"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.0.0.48"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.48"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.startup.homepage: "http://search.condui...B72A1BD6&SSPV="
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff [2012/07/23 15:15:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/06 13:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/10/12 17:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\extensions
[2014/02/09 15:35:04 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\searchplugins\conduit-search.xml
[2013/10/12 17:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/12 17:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/12 17:00:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...1BD6&q=%s&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
CHR - homepage: http://google.com/
CHR - Extension: Google Docs = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Google Calendar = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NetInstall NiTray] C:\Program Files\NetInst\eTray.exe (FrontRange Solutions Deutschland GmbH)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spotify] C:\Documents and Settings\user\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.238.2.21 195.238.2.22 134.58.126.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D59FB1F9-4EAF-465D-85A9-95FE34C6A31A}: DhcpNameServer = 195.238.2.21 195.238.2.22 134.58.126.3
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~1\NetInst\NiAMH.dll) - C:\Program Files\netinst\NiAMH.dll (FrontRange Solutions Deutschland GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/23 10:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 18:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/09 18:18:00 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/09 18:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/09 18:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/09 17:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2014
[2014/02/09 17:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/02/09 17:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2014/02/09 17:15:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/02/09 17:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/02/09 17:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2014/02/09 17:04:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/02/09 17:04:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/09 16:59:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/02/09 16:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\MFAData
[2014/02/09 16:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/02/09 16:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2014
[2014/02/09 16:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/02/09 16:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/02/09 15:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/02/09 15:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/02/09 15:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SwvUpdater
[2014/02/09 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/02/09 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect
[2014/01/26 15:51:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2014/01/26 14:29:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/01/25 14:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/01/25 14:00:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/01/25 10:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Statistics & Research Methods II
[2014/01/24 23:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\SAS
[2014/01/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2014/01/24 21:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2014/01/24 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/01/24 21:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/01/24 13:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stata 12
[2014/01/24 13:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Stata12
[2014/01/21 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Warner
[2014/01/14 12:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\IBM
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/09 22:07:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1006UA.job
[2014/02/09 21:54:01 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 21:39:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1009UA.job
[2014/02/09 21:13:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1008UA.job
[2014/02/09 19:07:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1006Core.job
[2014/02/09 18:19:06 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/09 18:19:03 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/09 18:19:03 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/09 18:18:13 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/09 17:27:06 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/02/09 17:26:03 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/09 17:26:02 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/09 17:25:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 17:25:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/09 17:18:08 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/02/09 15:50:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/09 15:13:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1008Core.job
[2014/02/09 14:39:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1500820517-1417001333-1009Core.job
[2014/02/02 21:41:12 | 000,068,407 | ---- | M] () -- C:\Documents and Settings\user\Desktop\leuven.jpg
[2014/02/01 11:22:33 | 000,543,514 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/01 11:22:33 | 000,098,082 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/31 15:35:21 | 000,009,074 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2014/01/30 20:45:16 | 000,447,008 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Awesome Materials for EMONS EXAM - ANNOTATED SPSS OUPTUT.pdf
[2014/01/28 14:01:57 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 23:50:01 | 000,218,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/26 23:44:19 | 000,098,345 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Making.Sense.of.Odds.pdf
[2014/01/24 21:57:39 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/24 21:54:54 | 024,489,269 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vlc-2-1-1-win32.exe
[2014/01/24 00:07:00 | 000,268,829 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Train tickets.pdf
[2014/01/19 19:15:18 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2014/01/19 10:17:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/14 21:43:27 | 000,267,129 | ---- | M] () -- C:\Documents and Settings\user\Desktop\TrainTickets JAN.pdf
[2014/01/14 14:54:09 | 000,057,313 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Solutions IMPALLA Exam Statistics and Research - November 2007 (1).pdf
[2014/01/14 13:49:06 | 000,264,728 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Factor Analysis explained.pdf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\user\Desktop\*.tmp files -> C:\Documents and Settings\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/09 18:19:02 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/09 18:19:01 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/09 18:19:00 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/09 18:18:14 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/09 18:18:13 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/09 17:18:08 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/02/09 15:50:50 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/09 15:50:50 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/09 15:49:15 | 000,001,040 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 15:49:15 | 000,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 21:41:11 | 000,068,407 | ---- | C] () -- C:\Documents and Settings\user\Desktop\leuven.jpg
[2014/01/30 20:45:16 | 000,447,008 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Awesome Materials for EMONS EXAM - ANNOTATED SPSS OUPTUT.pdf
[2014/01/26 23:44:17 | 000,098,345 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Making.Sense.of.Odds.pdf
[2014/01/26 15:51:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/01/25 14:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/01/25 14:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/01/24 21:57:39 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/24 21:54:36 | 024,489,269 | ---- | C] () -- C:\Documents and Settings\user\Desktop\vlc-2-1-1-win32.exe
[2014/01/24 00:06:57 | 000,268,829 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Train tickets.pdf
[2014/01/14 21:43:25 | 000,267,129 | ---- | C] () -- C:\Documents and Settings\user\Desktop\TrainTickets JAN.pdf
[2014/01/14 14:54:08 | 000,057,313 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Solutions IMPALLA Exam Statistics and Research - November 2007 (1).pdf
[2014/01/14 13:49:06 | 000,264,728 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Factor Analysis explained.pdf
[2013/11/23 22:21:03 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 14:59:21 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2013/04/30 15:41:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2013/04/30 15:41:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2013/03/20 13:43:22 | 000,216,994 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/23 19:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/07/23 19:58:15 | 000,543,514 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/23 19:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/23 19:58:15 | 000,098,082 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/23 19:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/23 19:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/07/23 19:58:13 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/07/23 19:58:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/07/23 19:58:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/07/23 19:58:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/07/23 19:57:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/23 19:57:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2012/07/23 19:57:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/07/23 19:57:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/07/23 19:57:20 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/23 15:49:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2012/07/23 13:47:01 | 000,009,074 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012/07/23 12:05:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/23 12:04:45 | 000,218,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/23 10:26:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/07/23 10:17:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 10:12:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/23 10:12:07 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/07/23 10:12:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/07/23 10:12:07 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

========== ZeroAccess Check ==========

[2012/07/23 14:04:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/09 17:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/02/09 16:59:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/02/09 17:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/04/30 15:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2013/02/03 16:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2013/04/30 15:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2014/02/09 17:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2014
[2013/12/20 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2013/12/04 20:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SAS
[2014/02/09 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify
[2013/12/15 02:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SPSSInc
[2014/02/09 21:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SwvUpdater
[2014/02/09 17:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >

Edited by Kabouterke, 09 February 2014 - 03:21 PM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Kabouterke, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.
  • 0

#3
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello there! Thank you so much for replying, I really appreciate that. Okay, I read everything you wrote and went ahead and changed the settings in my brower (Chrome) for downloads.

When I ran OTL yesterday, it gave me two notepad docs which included "extras" (I have pasted it here). However, when I ran it just now, it only gave me one document. Please let me know if you need me to post that.

What should I do next? ;)

OTL Extras logfile created on: 2/9/2014 9:53:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.04% Memory free
3.85 Gb Paging File | 2.31 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 28.54 Gb Free Space | 51.07% Space Free | Partition Type: NTFS

Computer Name: LAPSTU02 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"29159:TCP" = 29159:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe" = C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (IBM Corp.)
"C:\Program Files\IBM\SPSS\Statistics\21\stats.com" = C:\Program Files\IBM\SPSS\Statistics\21\stats.com:*:Disabled:Statistics21:com -- (IBM Corp.)
"C:\Program Files\IBM\SPSS\Statistics\21\stats.exe" = C:\Program Files\IBM\SPSS\Statistics\21\stats.exe:*:Disabled:Statistics21:exe -- (IBM Corp.)
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\Program Files\IBM\SPSS\Statistics\22\stats.exe" = C:\Program Files\IBM\SPSS\Statistics\22\stats.exe:*:Disabled:Statistics22:exe -- (IBM Corp.)
"C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe" = C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (IBM Corp.)
"C:\Program Files\IBM\SPSS\Statistics\22\stats.com" = C:\Program Files\IBM\SPSS\Statistics\22\stats.com:*:Disabled:Statistics22:com -- (IBM Corp.)
"C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\admin\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\admin\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\user\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\user\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\IBM\SPSS\Statistics\22\JRE\bin\javaw.exe" = C:\Program Files\IBM\SPSS\Statistics\22\JRE\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (IBM)
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{104875A1-D083-4A34-BC4F-3F635B7F8EF7}" = IBM SPSS Statistics 22
"{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}" = IBM SPSS Statistics 21
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java™ 6 Update 24
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{401C04AC-99A0-4DE2-879F-30D03A633FEF}" = AVG 2014
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5006A0E8-B9B0-48DF-981A-41D005B3E937}" = Stata 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{9C7CCB81-E061-4B88-9617-0DFEB8E3DA5E}" =
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{9C7CCB81-E061-4B88-9617-0DFEB8E3DA5E}" =
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{9C7CCB81-E061-4B88-9617-0DFEB8E3DA5E}" =
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{9C7CCB81-E061-4B88-9617-0DFEB8E3DA5E}" =
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{bcd538f9-31bf-4730-920a-066a6f7fb10d}" = SAS 9.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C55C8EA3-C8FD-457A-840F-5A815DD79CD0}" = SonicWALL Global VPN Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2014
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OfficeScanNT" = Trend Micro OfficeScan Client
"SearchProtect" = Search Protect
"STANDARD" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 2.1.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2013 8:18:31 AM | Computer Name = LAPSTU02 | Source = Application Hang | ID = 1002
Description = Hanging application mshta.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/12/2013 8:18:39 AM | Computer Name = LAPSTU02 | Source = Application Hang | ID = 1002
Description = Hanging application mshta.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2013 3:18:51 PM | Computer Name = LAPSTU02 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module , version 5.1.2600.5512, fault address 0x00028bed.

Error - 11/4/2013 3:19:09 PM | Computer Name = LAPSTU02 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.18702, fault address 0x00019e5c.

Error - 11/10/2013 7:15:41 PM | Computer Name = LAPSTU02 | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.0.396, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/4/2013 4:23:38 PM | Computer Name = LAPSTU02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/19/2013 6:32:42 AM | Computer Name = LAPSTU02 | Source = MsiInstaller | ID = 11925
Description = Product: IBM SPSS Statistics 22 -- Error 1925.You do not have sufficient
privileges to complete this installation for all users of the machine. Log on
as an administrator and then retry this installation.

Error - 12/21/2013 9:38:43 PM | Computer Name = LAPSTU02 | Source = Application Hang | ID = 1002
Description = Hanging application spotify.exe, version 0.9.6.81, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/6/2014 6:13:12 PM | Computer Name = LAPSTU02 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/24/2014 8:46:22 PM | Computer Name = LAPSTU02 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.4518.1014, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/6/2014 7:53:18 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the OfficeScan NT Proxy Service
service to connect.

Error - 2/6/2014 7:53:19 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7000
Description = The OfficeScan NT Proxy Service service failed to start due to the
following error: %%1053

Error - 2/8/2014 11:59:42 AM | Computer Name = LAPSTU02 | Source = DCOM | ID = 10010
Description = The server {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} did not register
with DCOM within the required timeout.

Error - 2/9/2014 10:41:58 AM | Computer Name = LAPSTU02 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00607343CF07. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 2/9/2014 10:43:01 AM | Computer Name = LAPSTU02 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00607343CF07. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 2/9/2014 12:17:29 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7000
Description = The AVGIDSDriver service failed to start due to the following error:
%%87

Error - 2/9/2014 12:18:46 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7000
Description = The AVGIDSDriver service failed to start due to the following error:
%%87

Error - 2/9/2014 12:18:46 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%87

Error - 2/9/2014 1:18:49 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 2/9/2014 1:18:49 PM | Computer Name = LAPSTU02 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053


< End of report >
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

You have the Search Protect browser hijacker program. This program will cause the redirects you spoke of. And it was probably downloaded with the Software Updater Version program that you mentioned.
There is an entry in the Add/Remove programs, but we DON'T want to use it. The Search Protect uninstaller in XP breaks the system if you use it so we will uninstall it manually.

Before we do that we need to talk about the antivirus programs on the computer. You have two of them running. AVG 2014 and TrendMicro Office Scan Client.

Multiple Antivirus Programs Installed

I see that you have more than one antivirus programs installed and running. You should only have one antivirus program installed and running. Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS antivirus protection.

The AVG program is likely the free version and the TrendMicro AV is a commercial program that you either paid for or you downloaded the 30 day trial version. You need to tell me which AV program you want to keep and we will uninstall the other one.

The OTL log shows an internet service provider address for Belgacom Skynet in Belgum. It also shows one for Katholieke Universiteit Leuven in Belgum. Have you ever connected to th internet through a Belgum ISP?

Can you tell me anything about a program nammed NetInstall from FrontRange Soltions? Looks like a German coompany.

Do you know what this file is on the desktop vlc-2-1-1-win32.exe?


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions above please.
  • 0

#5
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi! Thanks so much for writing back.

Anti-V software: We can get rid of the AVG and I will keep TrendMicro AV.

Yes, I use the Belgian Belgacom provider service and I am a student at the Katholieke Universiteit Leuven in Belgium, so that is all okay as far as I know.

The NetInstall is (I believe) a piece of software that I use to connect to a remote desktop. I will make sure about this tomorrow at my work.

The vlc-2-1-1-win32.exe file was downloaded when I installed VLC Media Player. As far as I know, it is safe.

Thanks in advance!

-Kabouterke
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Hi! Thanks so much for writing back.

You are welcome.

Yes, I use the Belgian Belgacom provider service and I am a student at the Katholieke Universiteit Leuven in Belgium, so that is all okay as far as I know.

I thought that was the case. The OTL log showed the Country location of the computer as the United States so I just wanted to verify that.

One final question and we should be ready to start. IE and Firefox show a proxy connection connecting through port: 8080

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.48:8080


FF - prefs.js..network.proxy.backup.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.0.0.48"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.0.0.48"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.48"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

Do you connect to the internet through a proxy server?
  • 0

#7
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
About the proxy server:

I have been researching to see exactly what a proxy server is. I have never used a proxy server to surf anonymously on the internet. However, I connect to my work/school via a remote desktop. So, for instance, I click on a icon that makes a connection to my work and then a new remote desktop appears on this screen. I have not done that now for over a few weeks.

So, it is not easy for me to confirm if this is safe or not:
FF - prefs.js..network.proxy.backup.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.0.0.48"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.0.0.48"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.48"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

Would it be wise to contact me work first to see if these recognize this?

-Kabouterke
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Port 8080 is used for internet http traffic. It is used for web proxy and caching server. Port 8080 is an alternative for Port 80 which is normally used by http and web services.
Some services require you to connect to them using a proxy server and port:8080 ( or others) instead of the normal port:80

Usually you are told that you will need to set the browser up to use a proxy and port:8080. But I guess the program that you installed to connect to them could have done it for you.
When you click that icon does it load a program? If yes, does the program have a settings page? If yes, check the settings and see if is set up to use a proxy.

Otherwise contact them and confirm that they connect through a proxy.
  • 0

#9
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Godawgs. I just checked with the IT folks, and they said that this port is used when I am in their building and is not used when I am not at work. So he recommended removing it.
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Thanks for the info. Now let's get started killing this bugger. Please let me know if the browser hijacks are still happening after this round of fixes.

There is a good bit to do here so take your time and read the instructions carefully. If you have any questions stop and ask.

It might be helpful to print these instructions or copy them to a text file so you will have them to refer to as you complete the steps. If might also be helpful to download all of the tools at one time and then close the browser and all open windows before you begin the instructions.


Step-1.

Uninstall Program

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Avg 2014

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/02/03 11:35:30 | 004,349,216 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/02/03 11:35:30 | 002,929,952 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/02/03 11:35:30 | 002,317,600 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
SRV - [2014/02/03 11:35:30 | 002,317,600 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...5B72A1BD6&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.48:8080
FF - prefs.js..network.proxy.backup.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.0.0.48"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.0.0.48"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.0.0.48"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.48"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.0.0.48"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.startup.homepage: "http://search.condui...B72A1BD6&SSPV="
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff [2012/07/23 15:15:12 | 000,000,000 | ---D | M]
[2014/02/09 15:35:04 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\searchplugins\conduit-search.xml
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
[2014/02/09 16:59:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/02/09 16:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\MFAData
[2014/02/09 16:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/02/09 16:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Avg2014
[2014/02/09 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/02/09 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect
[2014/02/09 17:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2014
[2014/02/09 17:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = -
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = -
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = -
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = -

:FILES
C:\Program Files\AVG
ipconfig /flushdns /c
netsh firewall reset /c
netsh firewall set opmode mode = ENABLE profile = ALL /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users, double click the AdwCleaner icon Posted Image on the desktop to run AdwCleaner. You will see the following console:

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Doube-click the JRT icon Posted Image to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<---Very Important
    NOTE: There won't be a Include 64 bit Scans box.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the computer is running now.
2. The OTL fixes log
3. The AdwCleaner[S0].txt log
4. The JRT.txt log
5. The new OTL.txt log
  • 0

Advertisements


#11
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:thumbsup: Things are already looking better. Computer and internet are running much quicker, and the adredirects are gone in all browsers.

2. OTL fixes scan
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named cltmng.exe was found!
No active process named cltmngui.exe was found!
No active process named CltMngSvc.exe was found!
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "10.0.0.48" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "10.0.0.48" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "10.0.0.48" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "10.0.0.48" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "10.0.0.48" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "10.0.0.48" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "10.0.0.48" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 4 removed from network.proxy.type
Prefs.js: "http://search.condui...B72A1BD6&SSPV=" removed from browser.startup.homepage
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff\chrome\content folder moved successfully.
C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff\chrome folder moved successfully.
C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\searchplugins\conduit-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\Common Files folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\MFAData\logs folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\MFAData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\survey folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\avibackup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData folder moved successfully.
Folder C:\Documents and Settings\user\Local Settings\Application Data\Avg2014\ not found.
C:\Program Files\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files\SearchProtect\SearchProtect folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect\SearchProtect folder moved successfully.
Folder C:\Documents and Settings\user\Application Data\AVG2014\ not found.
C:\Documents and Settings\user\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\user\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\user\Application Data\TuneUp Software folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgnsx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgdiagex.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgmfapx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgemcx.exe not found.
========== FILES ==========
File\Folder C:\Program Files\AVG not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
< netsh firewall reset /c >
Ok.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
< netsh firewall set opmode mode = ENABLE profile = ALL /c >
Ok.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 807753156 bytes
->Temporary Internet Files folder emptied: 31445330 bytes
->FireFox cache emptied: 23442936 bytes

User: Administrator
->Temp folder emptied: 111179455 bytes
->Temporary Internet Files folder emptied: 242182 bytes
->FireFox cache emptied: 5883282 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93002 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 7944913 bytes
->Temporary Internet Files folder emptied: 1644734 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 419186931 bytes
->Google Chrome cache emptied: 324290757 bytes
->Flash cache emptied: 8633 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1460915 bytes
%systemroot%\System32 .tmp files removed: 138769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2818646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 309335274 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 914424 bytes

Total Files Cleaned = 1,953.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122014_190813

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_924.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


3. Adwclearner.log
# AdwCleaner v3.018 - Report created 12/02/2014 at 19:21:02
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - LAPSTU02
# Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP0AA81AB0-35AA-40BC-BC6D-BB25B72A1BD6");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\6jz9w74l.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gwstsjy7.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [2141 octets] - [12/02/2014 19:19:53]
AdwCleaner[S0].txt - [2031 octets] - [12/02/2014 19:21:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2091 octets] ##########


4. JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by user on Wed 02/12/2014 at 19:31:49.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/12/2014 at 19:38:31.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. New OTL
OTL logfile created on: 2/12/2014 7:45:12 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.88% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.50 Gb Free Space | 52.79% Space Free | Partition Type: NTFS

Computer Name: LAPSTU02 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/12 19:06:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2014/01/13 21:00:40 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/23 15:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe
PRC - [2012/07/20 14:08:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2012/05/14 15:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2012/05/14 02:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2012/05/11 23:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2012/05/04 17:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2012/03/15 14:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2011/03/26 06:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\mgmtagnt.exe
PRC - [2011/03/26 06:13:10 | 000,049,808 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\eTray.exe
PRC - [2011/01/14 14:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/01 09:53:28 | 000,499,712 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
MOD - [2011/03/26 06:13:10 | 000,081,991 | ---- | M] () -- C:\Program Files\netinst\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/12 17:00:06 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/23 15:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/14 15:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012/05/11 23:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012/05/04 17:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/03/15 14:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/03/26 06:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) [Auto | Running] -- C:\Program Files\netinst\mgmtagnt.exe -- (esiCore)
SRV - [2011/01/14 14:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/17 12:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2012/04/20 00:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/04/20 00:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/04/13 09:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/01/14 14:58:36 | 000,087,744 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2010/12/07 13:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/12/06 08:46:24 | 000,135,256 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2010/10/07 05:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/06/02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/02/11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/23 10:55:28 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 75 E1 CA F5 1D CF 01 [binary data]
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/06 13:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/10/12 17:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\extensions
[2013/10/12 17:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/12 17:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/12 17:00:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
CHR - homepage: http://google.com/
CHR - Extension: Google Docs = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Google Calendar = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NetInstall NiTray] C:\Program Files\NetInst\eTray.exe (FrontRange Solutions Deutschland GmbH)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" File not found
O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\user\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=4cccfed887a147d2b781d15094ece268-4f91cceeeb6cc401c9dd67115e9483cb543a03b1 /CMPID=0214c File not found
O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [Spotify Web Helper] C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D59FB1F9-4EAF-465D-85A9-95FE34C6A31A}: DhcpNameServer = 134.58.126.3 134.58.127.1
O20 - AppInit_DLLs: (c:\progra~1\netinst\niamh.dll) - c:\Program Files\netinst\NiAMH.dll (FrontRange Solutions Deutschland GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/23 10:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2014/02/12 19:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/12 19:29:21 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe
[2014/02/12 19:18:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/12 19:08:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/12 19:06:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2014/02/12 18:27:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/10 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\ProcAlyzer Dumps
[2014/02/09 18:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/09 18:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/09 17:04:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/02/09 16:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/02/09 16:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/02/09 15:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/02/09 15:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/26 15:51:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2014/01/26 14:29:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/01/25 14:34:20 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2014/01/25 14:31:58 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2014/01/25 14:27:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/01/25 14:27:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/01/25 14:27:51 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/01/25 14:27:49 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/01/25 14:27:48 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/01/25 14:27:48 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/01/25 14:26:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/25 14:21:20 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2014/01/25 14:19:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2014/01/25 14:14:43 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2014/01/25 14:14:43 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/01/25 14:08:13 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2014/01/25 14:08:12 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2014/01/25 14:08:12 | 002,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2014/01/25 14:08:12 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2014/01/25 14:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/01/25 14:00:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/01/25 10:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Statistics & Research Methods II
[2014/01/24 23:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\SAS
[2014/01/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2014/01/24 21:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2014/01/24 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/01/24 21:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/01/24 13:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stata 12
[2014/01/24 13:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Stata12
[2014/01/21 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Warner
[2014/01/14 12:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\IBM

========== Files - Modified Within 30 Days ==========

[2014/02/12 19:29:31 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe
[2014/02/12 19:25:14 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/02/12 19:23:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/12 19:17:59 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe
[2014/02/12 19:06:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2014/02/12 18:52:47 | 000,543,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 18:52:47 | 000,098,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 18:40:06 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/12 15:21:30 | 000,824,608 | ---- | M] () -- C:\Documents and Settings\user\Desktop\eduroamsetup.exe
[2014/02/12 14:51:29 | 000,000,407 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/10 20:13:13 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2014/02/10 19:04:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 17:26:03 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/09 15:50:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/06 00:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/06 00:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/06 00:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/06 00:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/06 00:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/06 00:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/06 00:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/06 00:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/06 00:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/06 00:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/06 00:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/06 00:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/06 00:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/06 00:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/06 00:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/06 00:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/06 00:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/06 00:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/06 00:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/06 00:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/06 00:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/06 00:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/06 00:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/06 00:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/06 00:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/06 00:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/06 00:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/06 00:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/06 00:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/06 00:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 23:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/02 21:41:12 | 000,068,407 | ---- | M] () -- C:\Documents and Settings\user\Desktop\leuven.jpg
[2014/01/31 15:35:21 | 000,009,074 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2014/01/30 20:45:16 | 000,447,008 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Awesome Materials for EMONS EXAM - ANNOTATED SPSS OUPTUT.pdf
[2014/01/26 23:50:01 | 000,218,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/26 23:44:19 | 000,098,345 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Making.Sense.of.Odds.pdf
[2014/01/24 21:57:39 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/24 21:54:54 | 024,489,269 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vlc-2-1-1-win32.exe
[2014/01/24 00:07:00 | 000,268,829 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Train tickets.pdf
[2014/01/19 19:15:18 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2014/01/19 10:17:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/14 21:43:27 | 000,267,129 | ---- | M] () -- C:\Documents and Settings\user\Desktop\TrainTickets JAN.pdf
[2014/01/14 14:54:09 | 000,057,313 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Solutions IMPALLA Exam Statistics and Research - November 2007 (1).pdf
[2014/01/14 13:49:06 | 000,264,728 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Factor Analysis explained.pdf

========== Files Created - No Company Name ==========

[2014/02/12 19:17:52 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe
[2014/02/12 15:21:18 | 000,824,608 | ---- | C] () -- C:\Documents and Settings\user\Desktop\eduroamsetup.exe
[2014/02/09 22:13:18 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/09 15:50:50 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/09 15:50:50 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/02 21:41:11 | 000,068,407 | ---- | C] () -- C:\Documents and Settings\user\Desktop\leuven.jpg
[2014/01/30 20:45:16 | 000,447,008 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Awesome Materials for EMONS EXAM - ANNOTATED SPSS OUPTUT.pdf
[2014/01/26 23:44:17 | 000,098,345 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Making.Sense.of.Odds.pdf
[2014/01/26 15:51:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/01/25 14:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/01/25 14:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/01/24 21:57:39 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/24 21:54:36 | 024,489,269 | ---- | C] () -- C:\Documents and Settings\user\Desktop\vlc-2-1-1-win32.exe
[2014/01/24 00:06:57 | 000,268,829 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Train tickets.pdf
[2014/01/14 21:43:25 | 000,267,129 | ---- | C] () -- C:\Documents and Settings\user\Desktop\TrainTickets JAN.pdf
[2014/01/14 14:54:08 | 000,057,313 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Solutions IMPALLA Exam Statistics and Research - November 2007 (1).pdf
[2014/01/14 13:49:06 | 000,264,728 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Factor Analysis explained.pdf
[2013/11/23 22:21:03 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 14:59:21 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2013/04/30 15:41:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2013/04/30 15:41:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2013/03/20 13:43:22 | 000,216,994 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/23 19:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/07/23 19:58:15 | 000,543,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/23 19:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/23 19:58:15 | 000,098,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/23 19:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/23 19:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/07/23 19:58:13 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/07/23 19:58:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/07/23 19:58:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/07/23 19:58:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/07/23 19:57:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/23 19:57:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2012/07/23 19:57:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/07/23 19:57:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/07/23 19:57:20 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/23 15:49:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2012/07/23 13:47:01 | 000,009,074 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012/07/23 12:05:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/23 12:04:45 | 000,218,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/23 10:26:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/07/23 10:17:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 10:12:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/23 10:12:07 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/07/23 10:12:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/07/23 10:12:07 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

========== ZeroAccess Check ==========

[2012/07/23 14:04:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/13 11:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Dropbox
[2013/12/19 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/07/23 16:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SAS
[2013/04/30 15:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2013/02/03 16:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2013/04/30 15:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2013/12/20 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2013/12/04 20:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SAS
[2014/02/12 18:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify
[2013/12/15 02:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SPSSInc

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 14:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 13:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 07:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< MD5 for: RPCSS.DLL >
[2008/04/14 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 11:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2010/11/10 11:49:34 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/12/05 02:18:55 | 000,010,240 | ---- | M] () MD5=1D1FC65D03665DB6B6FDCA91DA7567A9 -- C:\Documents and Settings\user\Application Data\Adobe\Acrobat\10.0\Security\services.dat
[2014/02/04 08:04:22 | 000,004,168 | ---- | M] () MD5=96511F1626364F3ECB98A1D0D896CB30 -- C:\Documents and Settings\user\Local Settings\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.EXE-2F433351.PF >
[2014/02/12 14:57:38 | 000,032,118 | ---- | M] () MD5=E0903AE86041D00909A7CD62A4A5552A -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf

< MD5 for: SERVICES.LNK >
[2014/02/09 16:16:51 | 000,001,602 | ---- | M] () MD5=5DA34C0B868E40A78F42F55D05581449 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.XML >
[2011/05/18 22:26:52 | 000,000,975 | ---- | M] () MD5=0D2006133FE620F741B2193AE9B4A66E -- C:\Program Files\SASHome\InstallMisc\utilities\installqual\9.3\Services.xml
[2011/05/26 03:56:44 | 000,000,682 | ---- | M] () MD5=DCB7126E8D7502445187ED4266496724 -- C:\Program Files\SASHome\SASFoundation\9.3\dtest\sasoq\Services.xml

< MD5 for: SERVICES.XML.ORIG >
[2011/05/26 03:24:04 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\storprocsrv\config\StoredProcessServer\dtest\StoredProcessServer\Services.xml.orig
[2011/05/26 03:24:06 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\workspacesrv\config\WorkspaceServer\dtest\WorkspaceServer\Services.xml.orig
[2011/05/26 03:24:06 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\workspacpool\config\PooledWorkspaceServer\dtest\PooledWorkspaceServer\Services.xml.orig
[2011/05/26 03:24:02 | 000,000,596 | ---- | M] () MD5=A1DE8AF6D4FF2816BB828832689A556F -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\olapcubesrv\config\OLAPServer\dtest\OLAPServer\Services.xml.orig

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINSOCK.DLL >
[2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 0AF3-9CDC
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014 06:49 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014 06:49 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014 06:53 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014 06:46 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 31,440,203,776 bytes free

< End of report >
  • 0

#12
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
:thumbsup: Things are already looking better. Computer and internet are running much quicker, and the adredirects are gone in all browsers.

2. OTL fixes scan
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named cltmng.exe was found!
No active process named cltmngui.exe was found!
No active process named CltMngSvc.exe was found!
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe moved successfully.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "10.0.0.48" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "10.0.0.48" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "10.0.0.48" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "10.0.0.48" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "10.0.0.48" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "10.0.0.48" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "10.0.0.48" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 4 removed from network.proxy.type
Prefs.js: "http://search.condui...B72A1BD6&SSPV=" removed from browser.startup.homepage
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff\chrome\content folder moved successfully.
C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff\chrome folder moved successfully.
C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff folder moved successfully.
C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\searchplugins\conduit-search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\Common Files folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\MFAData\logs folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\MFAData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\survey folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\avibackup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData folder moved successfully.
Folder C:\Documents and Settings\user\Local Settings\Application Data\Avg2014\ not found.
C:\Program Files\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Program Files\SearchProtect\SearchProtect\bin folder moved successfully.
C:\Program Files\SearchProtect\SearchProtect folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect\SearchProtect\Logs folder moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\SearchProtect\SearchProtect folder moved successfully.
Folder C:\Documents and Settings\user\Application Data\AVG2014\ not found.
C:\Documents and Settings\user\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\user\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\user\Application Data\TuneUp Software folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgnsx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgdiagex.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgmfapx.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2014\avgemcx.exe not found.
========== FILES ==========
File\Folder C:\Program Files\AVG not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
< netsh firewall reset /c >
Ok.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
< netsh firewall set opmode mode = ENABLE profile = ALL /c >
Ok.
C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 807753156 bytes
->Temporary Internet Files folder emptied: 31445330 bytes
->FireFox cache emptied: 23442936 bytes

User: Administrator
->Temp folder emptied: 111179455 bytes
->Temporary Internet Files folder emptied: 242182 bytes
->FireFox cache emptied: 5883282 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93002 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 7944913 bytes
->Temporary Internet Files folder emptied: 1644734 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 419186931 bytes
->Google Chrome cache emptied: 324290757 bytes
->Flash cache emptied: 8633 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1460915 bytes
%systemroot%\System32 .tmp files removed: 138769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2818646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 309335274 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 914424 bytes

Total Files Cleaned = 1,953.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122014_190813

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_924.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


3. Adwclearner.log
# AdwCleaner v3.018 - Report created 12/02/2014 at 19:21:02
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - LAPSTU02
# Running from : C:\Documents and Settings\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3318001&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP0AA81AB0-35AA-40BC-BC6D-BB25B72A1BD6");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\6jz9w74l.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gwstsjy7.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [2141 octets] - [12/02/2014 19:19:53]
AdwCleaner[S0].txt - [2031 octets] - [12/02/2014 19:21:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2091 octets] ##########


4. JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by user on Wed 02/12/2014 at 19:31:49.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/12/2014 at 19:38:31.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. New OTL
OTL logfile created on: 2/12/2014 7:45:12 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.88% Memory free
3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 29.50 Gb Free Space | 52.79% Space Free | Partition Type: NTFS

Computer Name: LAPSTU02 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/12 19:06:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2014/01/13 21:00:40 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/23 15:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe
PRC - [2012/07/20 14:08:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2012/05/14 15:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2012/05/14 02:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2012/05/11 23:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2012/05/04 17:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2012/03/15 14:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2011/03/26 06:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\mgmtagnt.exe
PRC - [2011/03/26 06:13:10 | 000,049,808 | ---- | M] (FrontRange Solutions Deutschland GmbH) -- C:\Program Files\netinst\eTray.exe
PRC - [2011/01/14 14:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/01 09:53:28 | 000,499,712 | ---- | M] () -- C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
MOD - [2011/03/26 06:13:10 | 000,081,991 | ---- | M] () -- C:\Program Files\netinst\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/12 17:00:06 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/23 15:15:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre1.6.0_24\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/14 15:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012/05/11 23:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012/05/04 17:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/03/15 14:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/03/26 06:13:10 | 000,220,312 | ---- | M] (FrontRange Solutions Deutschland GmbH) [Auto | Running] -- C:\Program Files\netinst\mgmtagnt.exe -- (esiCore)
SRV - [2011/01/14 14:57:28 | 000,228,824 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/17 12:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2012/04/20 00:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/04/20 00:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/04/13 09:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/01/14 14:58:36 | 000,087,744 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SWIPsec.sys -- (SWIPsec)
DRV - [2010/12/07 13:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/12/06 08:46:24 | 000,135,256 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2010/10/07 05:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)
DRV - [2010/06/02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/06/02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/06/02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/02/11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/23 10:55:28 | 000,021,016 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWVNIC.sys -- (SWVNIC)
DRV - [2001/08/17 13:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 75 E1 CA F5 1D CF 01 [binary data]
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: ""
FF - prefs.js..network.proxy.ftp_port: ""
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.share_proxy_settings: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - prefs.js..network.proxy.type: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/10/06 13:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/10/12 17:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\4po15nkj.default\extensions
[2013/10/12 17:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/12 17:00:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/12 17:00:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
CHR - homepage: http://google.com/
CHR - Extension: Google Docs = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_2\
CHR - Extension: Google Calendar = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NetInstall NiTray] C:\Program Files\NetInst\eTray.exe (FrontRange Solutions Deutschland GmbH)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" File not found
O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\user\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=4cccfed887a147d2b781d15094ece268-4f91cceeeb6cc401c9dd67115e9483cb543a03b1 /CMPID=0214c File not found
O4 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008..\Run: [Spotify Web Helper] C:\Documents and Settings\user\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1500820517-1417001333-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D59FB1F9-4EAF-465D-85A9-95FE34C6A31A}: DhcpNameServer = 134.58.126.3 134.58.127.1
O20 - AppInit_DLLs: (c:\progra~1\netinst\niamh.dll) - c:\Program Files\netinst\NiAMH.dll (FrontRange Solutions Deutschland GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/23 10:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2014/02/12 19:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/12 19:29:21 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe
[2014/02/12 19:18:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/12 19:08:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/12 19:06:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2014/02/12 18:27:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/10 20:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\ProcAlyzer Dumps
[2014/02/09 18:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/09 18:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/09 17:04:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2014/02/09 16:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/02/09 16:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/02/09 15:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/02/09 15:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/01/26 15:51:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2014/01/26 14:29:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2014/01/25 14:34:20 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2014/01/25 14:31:58 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2014/01/25 14:27:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/01/25 14:27:51 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/01/25 14:27:51 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/01/25 14:27:49 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/01/25 14:27:48 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/01/25 14:27:48 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/01/25 14:26:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2014/01/25 14:21:20 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2014/01/25 14:19:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2014/01/25 14:14:43 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2014/01/25 14:14:43 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2014/01/25 14:08:13 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2014/01/25 14:08:12 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2014/01/25 14:08:12 | 002,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2014/01/25 14:08:12 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2014/01/25 14:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2014/01/25 14:00:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2014/01/25 10:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Statistics & Research Methods II
[2014/01/24 23:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\SAS
[2014/01/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\vlc
[2014/01/24 21:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2014/01/24 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2014/01/24 21:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2014/01/24 13:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stata 12
[2014/01/24 13:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\Stata12
[2014/01/21 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Warner
[2014/01/14 12:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\IBM

========== Files - Modified Within 30 Days ==========

[2014/02/12 19:29:31 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\user\Desktop\JRT.exe
[2014/02/12 19:25:14 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/02/12 19:23:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/12 19:17:59 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe
[2014/02/12 19:06:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2014/02/12 18:52:47 | 000,543,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/12 18:52:47 | 000,098,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/12 18:40:06 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/12 15:21:30 | 000,824,608 | ---- | M] () -- C:\Documents and Settings\user\Desktop\eduroamsetup.exe
[2014/02/12 14:51:29 | 000,000,407 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/10 20:13:13 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2014/02/10 19:04:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 17:26:03 | 000,001,851 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/09 15:50:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/06 00:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/06 00:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/06 00:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/06 00:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/06 00:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/06 00:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/06 00:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/06 00:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/06 00:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/06 00:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/06 00:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/06 00:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/06 00:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/06 00:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/06 00:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/06 00:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/06 00:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/06 00:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/06 00:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/06 00:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/06 00:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/06 00:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/06 00:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/06 00:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/06 00:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/06 00:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/06 00:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/06 00:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/06 00:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/06 00:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 23:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/02 21:41:12 | 000,068,407 | ---- | M] () -- C:\Documents and Settings\user\Desktop\leuven.jpg
[2014/01/31 15:35:21 | 000,009,074 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2014/01/30 20:45:16 | 000,447,008 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Awesome Materials for EMONS EXAM - ANNOTATED SPSS OUPTUT.pdf
[2014/01/26 23:50:01 | 000,218,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/26 23:44:19 | 000,098,345 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Making.Sense.of.Odds.pdf
[2014/01/24 21:57:39 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/24 21:54:54 | 024,489,269 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vlc-2-1-1-win32.exe
[2014/01/24 00:07:00 | 000,268,829 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Train tickets.pdf
[2014/01/19 19:15:18 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2014/01/19 10:17:39 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/14 21:43:27 | 000,267,129 | ---- | M] () -- C:\Documents and Settings\user\Desktop\TrainTickets JAN.pdf
[2014/01/14 14:54:09 | 000,057,313 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Solutions IMPALLA Exam Statistics and Research - November 2007 (1).pdf
[2014/01/14 13:49:06 | 000,264,728 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Factor Analysis explained.pdf

========== Files Created - No Company Name ==========

[2014/02/12 19:17:52 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\user\Desktop\AdwCleaner.exe
[2014/02/12 15:21:18 | 000,824,608 | ---- | C] () -- C:\Documents and Settings\user\Desktop\eduroamsetup.exe
[2014/02/09 22:13:18 | 000,000,407 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/09 15:50:50 | 000,001,851 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/09 15:50:50 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/02 21:41:11 | 000,068,407 | ---- | C] () -- C:\Documents and Settings\user\Desktop\leuven.jpg
[2014/01/30 20:45:16 | 000,447,008 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Awesome Materials for EMONS EXAM - ANNOTATED SPSS OUPTUT.pdf
[2014/01/26 23:44:17 | 000,098,345 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Making.Sense.of.Odds.pdf
[2014/01/26 15:51:59 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/01/25 14:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2014/01/25 14:07:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2014/01/24 21:57:39 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2014/01/24 21:54:36 | 024,489,269 | ---- | C] () -- C:\Documents and Settings\user\Desktop\vlc-2-1-1-win32.exe
[2014/01/24 00:06:57 | 000,268,829 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Train tickets.pdf
[2014/01/14 21:43:25 | 000,267,129 | ---- | C] () -- C:\Documents and Settings\user\Desktop\TrainTickets JAN.pdf
[2014/01/14 14:54:08 | 000,057,313 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Solutions IMPALLA Exam Statistics and Research - November 2007 (1).pdf
[2014/01/14 13:49:06 | 000,264,728 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Factor Analysis explained.pdf
[2013/11/23 22:21:03 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/06 14:59:21 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2013/04/30 15:41:38 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2013/04/30 15:41:38 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2013/03/20 13:43:22 | 000,216,994 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/23 19:58:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2012/07/23 19:58:15 | 000,543,560 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/23 19:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2012/07/23 19:58:15 | 000,098,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/23 19:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2012/07/23 19:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2012/07/23 19:58:13 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2012/07/23 19:58:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2012/07/23 19:58:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2012/07/23 19:58:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2012/07/23 19:57:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2012/07/23 19:57:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2012/07/23 19:57:21 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/07/23 19:57:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/07/23 19:57:20 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/23 15:49:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\sasperf.dll
[2012/07/23 13:47:01 | 000,009,074 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012/07/23 12:05:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/23 12:04:45 | 000,218,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/23 10:26:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/07/23 10:17:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 10:12:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/23 10:12:07 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2012/07/23 10:12:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2012/07/23 10:12:07 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini

========== ZeroAccess Check ==========

[2012/07/23 14:04:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/13 11:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Dropbox
[2013/12/19 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Spotify
[2012/07/23 16:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SAS
[2013/04/30 15:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2013/02/03 16:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SAS
[2013/04/30 15:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2013/12/20 23:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2013/12/04 20:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SAS
[2014/02/12 18:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spotify
[2013/12/15 02:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SPSSInc

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 14:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 13:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 07:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< MD5 for: RPCSS.DLL >
[2008/04/14 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 11:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2010/11/10 11:49:34 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/12/05 02:18:55 | 000,010,240 | ---- | M] () MD5=1D1FC65D03665DB6B6FDCA91DA7567A9 -- C:\Documents and Settings\user\Application Data\Adobe\Acrobat\10.0\Security\services.dat
[2014/02/04 08:04:22 | 000,004,168 | ---- | M] () MD5=96511F1626364F3ECB98A1D0D896CB30 -- C:\Documents and Settings\user\Local Settings\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.EXE-2F433351.PF >
[2014/02/12 14:57:38 | 000,032,118 | ---- | M] () MD5=E0903AE86041D00909A7CD62A4A5552A -- C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf

< MD5 for: SERVICES.LNK >
[2014/02/09 16:16:51 | 000,001,602 | ---- | M] () MD5=5DA34C0B868E40A78F42F55D05581449 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.XML >
[2011/05/18 22:26:52 | 000,000,975 | ---- | M] () MD5=0D2006133FE620F741B2193AE9B4A66E -- C:\Program Files\SASHome\InstallMisc\utilities\installqual\9.3\Services.xml
[2011/05/26 03:56:44 | 000,000,682 | ---- | M] () MD5=DCB7126E8D7502445187ED4266496724 -- C:\Program Files\SASHome\SASFoundation\9.3\dtest\sasoq\Services.xml

< MD5 for: SERVICES.XML.ORIG >
[2011/05/26 03:24:04 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\storprocsrv\config\StoredProcessServer\dtest\StoredProcessServer\Services.xml.orig
[2011/05/26 03:24:06 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\workspacesrv\config\WorkspaceServer\dtest\WorkspaceServer\Services.xml.orig
[2011/05/26 03:24:06 | 000,000,319 | ---- | M] () MD5=599E433BCFA7DD969D7FCD49C3546763 -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\workspacpool\config\PooledWorkspaceServer\dtest\PooledWorkspaceServer\Services.xml.orig
[2011/05/26 03:24:02 | 000,000,596 | ---- | M] () MD5=A1DE8AF6D4FF2816BB828832689A556F -- C:\Program Files\SASHome\SASFoundation\9.3\core\sasmisc\sasconf\olapcubesrv\config\OLAPServer\dtest\OLAPServer\Services.xml.orig

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINSOCK.DLL >
[2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 0AF3-9CDC
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/12/2014 06:49 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/12/2014 06:49 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/12/2014 06:53 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/12/2014 06:46 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 31,440,203,776 bytes free

< End of report >
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

:thumbsup: Things are already looking better. Computer and internet are running much quicker, and the adredirects are gone in all browsers.

That's good news. Let's reset the default search provider in Chrome and them look for any residual malware files.


Step-1.

Reset Chrome Search Provider

  • Open the Chrome browser.
  • Click the Chrome menu Chrome menu on the browser toolbar
    Posted Image
  • Select Settings. The Settings page will open.
  • In the "Search" section, click Manage search engines.
    Posted Image
  • Find all Conduit entries.
  • Mouse over them and click the X to remove them.
  • Make the search engine of your choice, like Google the (Default) search engine by mousing over it and clicking Make default.

Step-2.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

  • Double click the mbam-setup.exe file to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-3.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you had any problems changing the search provider in Chrome.
2. The MalwareBytes log
3. The ESET scan log (IF it found anything). If it didn't just let me know.
  • 0

#14
Kabouterke

Kabouterke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey again.

I've run into a problem at step 3 with the ESET scanner. I have tried to disable the MicroTrend AV, but I am unable to do that because I don't have a password for the program. I tried to kill the processes one by one in the task manager, but it didn't work. I looked up some commands to put in the RUN command window to kill the processes one by one, but that didn't work either.

Should I skip this step or is there a way around this problem?

Thanks!

Kabouterke

By the way, I'll go again and paste the other log here:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.13.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: LAPSTU02 [administrator]

Protection: Enabled

2/13/2014 11:36:20 AM
mbam-log-2014-02-13 (11-36-20).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328238
Time elapsed: 2 hour(s), 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 17
C:\System Volume Information\_restore{8DF7AB95-6E2B-4FF5-A55D-FE950B6B1227}\RP142\A0023845.exe (PUP.Optional.Amonetize.A) -> No action taken.
C:\System Volume Information\_restore{8DF7AB95-6E2B-4FF5-A55D-FE950B6B1227}\RP147\A0029118.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{8DF7AB95-6E2B-4FF5-A55D-FE950B6B1227}\RP147\A0029119.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{8DF7AB95-6E2B-4FF5-A55D-FE950B6B1227}\RP147\A0029120.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe (PUP.Optional.RocketFuel.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\My Documents\Downloads\Unconfirmed 186618.crdownload (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\02122014_190813\C_Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
  • 0

#15
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I've run into a problem at step 3 with the ESET scanner. I have tried to disable the MicroTrend AV, but I am unable to do that because I don't have a password for the program.

Why don't you have the password for the MicroTrend AV?
Is this not your computer?
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP