Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Had various viruses, am I now clean? [Solved]

Started by Channeal , Feb 25 2014 07:52 AM

  • This topic is locked This topic is locked

#1
Channeal
Posted 25 February 2014 - 07:52 AM

Channeal

    Member

  • Member
  • PipPipPip
  • 879 posts
We have an old Dell Dimension 9150 computer (Windows XP). The hard drive failed last year and was replaced. We use Avast Pro Antivirus and also use Malwarebytes to protect us.

A quick outlne of my problems forst of all..... Recently, we started getting problems with being redirected to a Japanese dating site and I started trying to eradicate the problem..... which sent me on a long journey, as I kept finding new problems! I don't have a lot of technical knowledge myself (I am a female in my 60s), but I have trawled through forums such as yours and gleaned various snippets of information. Along the way, I have used Rogue Killer, Hitmam Pro, adwcleaner etc. Hitman Pro found and sorted a couple of problems (I didn't touch the driver part). I also today ran Kaspersky Virus Removal Tool in safe mode.

I also ran a long scan from Kaspersky which came up with only one problem - Net-Worm.Win32.Kolabc.ixm - in a jasc paint shop file. I was unsure from searching the Internet whether this was a false positive or not, but as I no longer use this program, I deleted the program.

My biggest problem in doing all of the above occurred when trying to use adwcleaner. It froze and wouldn't continue and the only way I could get out of it was to turn off the computer at the main switch. When I restarted, scan disk ran and sent me messages about orphaned files. After that, the computer became extremely slow, especially in starting up when first turned on. When I ran a defrag program, it took hours - much longer that it would normally do. However, things do seem to have settled in the past couple of days and I haven't had any particular problems. I do need to find out if everything has been definitely sorted though. Although I do not understand the content of the various logs generated by some of the programs I ran, I have a feeling that all may still not be well!

Please can I start by giving you the 2 logs from OTL: -

~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 24/02/2014 23:36:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 58.52% Memory free
5.34 Gb Paging File | 3.89 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 324.42 Gb Free Space | 69.66% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 50.13 Gb Free Space | 33.65% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/02/24 19:12:05 | 000,106,248 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014/02/22 14:43:03 | 000,253,952 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
PRC - [2014/02/15 13:01:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 23:07:51 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/13 13:09:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/11 14:21:32 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/10 11:35:20 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/12/12 09:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/07/22 19:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/03/22 16:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/24 18:47:16 | 002,181,632 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14022401\algo.dll
MOD - [2014/02/15 13:01:38 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 14:30:55 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 14:30:10 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 14:29:58 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/13 14:27:23 | 000,688,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\276e1fc8b4f195925982f516b26defcd\System.Security.ni.dll
MOD - [2014/02/13 14:27:21 | 002,518,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e1fb9a0cee6464bc9df4bd6ec6adbf3e\System.Data.SqlXml.ni.dll
MOD - [2014/02/13 14:27:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 01:03:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 01:02:56 | 000,005,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
MOD - [2014/02/13 01:02:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 01:00:44 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\06b454361516e65eca55a743cd93cefc\Accessibility.ni.dll
MOD - [2014/02/13 00:58:34 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 00:58:19 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 00:57:37 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 00:56:52 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 00:56:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5d060f9be1d1e717d64643941241a202\PresentationFramework.Royale.ni.dll
MOD - [2014/02/13 00:55:30 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 00:54:41 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 00:54:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 00:53:19 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 00:52:59 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/03 10:29:53 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/10 19:11:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/12/07 15:15:16 | 007,422,392 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/12/07 15:15:12 | 002,126,264 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2012/12/07 15:15:12 | 001,270,200 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/12/07 15:15:12 | 000,192,952 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/12/07 15:15:10 | 002,453,944 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/12/07 15:15:10 | 000,795,064 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/10/20 09:36:04 | 000,086,304 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2009/10/20 09:13:56 | 000,147,456 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/08 19:30:00 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/22 06:35:12 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdHPEC.DLL
MOD - [2005/06/22 06:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdFLIB.DLL
MOD - [2005/06/21 20:27:02 | 001,183,744 | ---- | M] () -- C:\WINDOWS\system32\dlcdserv.dll
MOD - [2005/06/21 20:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\dlcdpplc.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll
MOD - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\WINDOWS\system32\dlcdcomc.dll
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll
MOD - [2005/06/21 20:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/21 20:12:48 | 001,134,592 | ---- | M] () -- C:\WINDOWS\system32\dlcdusb1.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll
MOD - [2005/05/17 22:17:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcnv4.dll
MOD - [2005/04/28 13:43:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2014/02/24 21:17:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/24 19:12:05 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/02/15 13:01:39 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/07 15:16:00 | 000,202,328 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\User\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2014/02/20 17:07:17 | 000,107,224 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/02/17 18:37:47 | 000,052,312 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/02/10 11:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 11:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/04 21:54:38 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/10 19:11:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/10 19:10:22 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/10/28 09:07:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/06/18 02:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2006/12/19 07:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 07:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 07:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 07:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 07:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 07:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/13 16:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{1E3691A2-B51D-4DA8-B072-435E8B77E70F}: "URL" = http://start.mysearc...=1346160172&ir=
IE - HKLM\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKCU\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...1I7SAVV_enGB539
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/13 13:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/03 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/02/15 13:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 13:01:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/13 13:09:58 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/03 08:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www1.delta-se...121240&tsp=4975
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.my.yahoo.com/
CHR - plugin: iTunes Application Detector (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/02/17 18:24:08 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1370086580859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1370086717752 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10191BB2-FF37-48CA-833D-6764C0A4FA75}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/01 10:48:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/03 01:01:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell - "" = AutoRun
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/24 23:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:09:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2014/02/24 19:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/02/24 19:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/02/24 18:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
[2014/02/24 18:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK Logs
[2014/02/24 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
[2014/02/24 11:50:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/02/20 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2014/02/20 18:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller
[2014/02/20 18:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Kaspersky Security Scan
[2014/02/20 18:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2014/02/20 18:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2014/02/20 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Old Firefox Data
[2014/02/20 10:56:31 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/20 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/02/19 22:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/02/18 17:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Labels
[2014/02/17 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/17 19:12:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/17 18:37:47 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/17 17:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/17 17:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/17 15:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/02/15 13:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 09:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/02/11 13:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/11 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/10 11:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/06 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/25 01:10:25 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/25 00:42:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/25 00:13:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 23:13:13 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/24 22:56:18 | 003,818,496 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 21:17:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/24 21:17:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/24 20:22:02 | 132,325,736 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 19:12:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/02/24 18:55:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/24 13:04:39 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/02/23 09:57:46 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/23 09:57:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/22 02:30:49 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/02/22 02:30:49 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/02/22 02:30:49 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/02/22 02:30:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/02/22 02:30:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/02/21 16:20:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/20 18:29:27 | 004,102,163 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/20 18:08:01 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Kaspersky Security Scan.lnk
[2014/02/20 17:07:17 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/19 22:37:01 | 000,035,528 | ---- | M] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/19 02:51:50 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2014/02/18 14:52:31 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/18 10:13:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/17 22:26:12 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/17 18:37:47 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/17 18:24:08 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/17 18:11:29 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140217-182408.backup
[2014/02/17 16:18:10 | 000,505,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/17 16:18:10 | 000,089,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/16 18:25:17 | 000,061,910 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Page.mht
[2014/02/14 09:12:11 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/14 07:54:18 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Greeting Card Factory Deluxe.lnk
[2014/02/13 13:10:44 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
[2014/02/13 13:10:44 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/13 13:09:54 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/13 13:09:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/12 22:56:17 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Santander Online Banking.url
[2014/02/11 13:57:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:30 | 003,818,150 | ---- | M] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 23:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 23:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 23:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 23:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 23:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 23:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 23:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 23:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 23:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 23:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 23:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 23:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 23:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 23:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 23:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 23:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 23:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 23:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 23:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 23:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 23:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 23:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 23:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 23:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 23:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 23:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 23:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 23:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 23:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 23:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 22:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/01/30 22:31:49 | 000,893,507 | ---- | M] () -- C:\Documents and Settings\User\Desktop\verbs.pdf
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/24 22:56:16 | 003,818,496 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:14:29 | 132,325,736 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 19:12:04 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/02/24 18:55:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:01 | 004,102,163 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/20 18:08:35 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Kaspersky Security Scan.lnk
[2014/02/19 22:36:53 | 000,035,528 | ---- | C] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/17 22:25:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/14 09:12:11 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/14 09:12:10 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/02/11 13:57:50 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:29 | 003,818,150 | ---- | C] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/08 13:01:11 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/30 22:31:49 | 000,893,507 | ---- | C] () -- C:\Documents and Settings\User\Desktop\verbs.pdf
[2014/01/16 17:04:46 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2013/12/16 01:15:04 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/18 20:51:46 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
[2013/09/18 20:51:42 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50.bmp
[2013/09/09 20:10:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SingleViewer.INI
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\9481
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2631
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1548
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1477
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0359
[2013/09/06 20:45:22 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2013/08/15 15:59:21 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2013/07/22 14:06:40 | 000,077,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/07/18 23:02:01 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2013/07/18 23:01:23 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2013/07/18 23:01:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2013/07/18 23:01:22 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2013/07/18 23:01:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2013/07/18 23:01:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2013/07/18 23:01:21 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2013/07/18 23:01:21 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2013/07/18 23:01:21 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2013/07/18 23:01:21 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2013/07/18 23:01:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2013/07/18 23:01:20 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2013/07/18 23:01:20 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2013/07/18 23:01:20 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2013/07/18 23:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2013/07/18 23:01:19 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2013/07/18 23:01:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2013/07/18 23:01:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2013/07/18 23:01:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2013/07/18 23:01:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2013/07/18 23:01:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2013/07/18 23:01:15 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2013/06/20 21:48:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/20 21:48:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/20 21:48:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2013/06/07 13:17:02 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2013/06/07 13:17:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2013/06/05 23:34:36 | 001,614,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1979792683-1801674531-1003-0.dat
[2013/06/05 23:34:36 | 000,311,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/04 18:37:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B39A30FC39.sys
[2013/06/04 18:37:36 | 000,002,828 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2013/06/04 16:05:51 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 15:05:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2013/06/03 20:37:05 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/03 20:37:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/01 12:02:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/01 10:50:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 10:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/06/01 10:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/06/01 09:59:12 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/06/01 10:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

~~~~~~~~~~~~~~~~~~~~~~~~


OTL Extras logfile created on: 24/02/2014 23:36:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 58.52% Memory free
5.34 Gb Paging File | 3.89 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 324.42 Gb Free Space | 69.66% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 50.13 Gb Free Space | 33.65% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\User\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\User\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\WINDOWS\system32\dlcdcoms.exe" = C:\WINDOWS\system32\dlcdcoms.exe:*:Enabled:Dell 944 Server -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{22E93747-AB1C-4809-9DFE-FE7518908A75}" = Imagic 5.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}" = Greeting Card Factory Deluxe 8.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}" = Media Go Video Playback Engine 2.0.114.09020
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4F8BD52F-E30A-4B2A-92AA-BB47781A490F}" = Imagic 5
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D92969D-A6A3-44C8-9D63-D377E94F44B5}" = Media Go
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.188
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Pro Antivirus
"AXIS Media Control SDK" = AXIS Media Control SDK
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Copernic Agent Personal" = Copernic Agent Personal
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"eCleaner 2.02" = eCleaner 2.02
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HitmanPro37" = HitmanPro 3.7
"ie8" = Windows Internet Explorer 8
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Internet Helper Anti-phishing" = Internet Helper Anti-phishing
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 27.0.1 (x86 en-GB)" = Mozilla Firefox 27.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.16.1860" = Opera 12.16
"PC-Doctor for Windows" = My Dell
"PROSet" = Intel® PRO Network Connections Drivers
"Rapport_msi" = Trusteer Endpoint Protection
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/02/2014 11:46:13 | Computer Name = USER-0868A33E33 | Source = Windows Search Service | ID = 3024
Description =

Error - 18/02/2014 13:32:51 | Computer Name = USER-0868A33E33 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6690.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2014 06:33:50 | Computer Name = USER-0868A33E33 | Source = Application Hang | ID = 1002
Description = Hanging application DellSystemDetect.exe, version 5.4.0.4, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2014 18:11:59 | Computer Name = USER-0868A33E33 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2014 20:45:35 | Computer Name = USER-0868A33E33 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/02/2014 19:46:54 | Computer Name = USER-0868A33E33 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 27.0.1.5156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/02/2014 05:06:42 | Computer Name = USER-0868A33E33 | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 24/02/2014 12:04:00 | Computer Name = USER-0868A33E33 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 27/12/2013 23:35:30 | Computer Name = USER-0868A33E33 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 230
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/02/2014 06:02:10 | Computer Name = USER-0868A33E33 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 23/02/2014 06:04:35 | Computer Name = USER-0868A33E33 | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 24/02/2014 14:52:42 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 14:52:20 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 15:16:42 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 15:26:33 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 15:26:40 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 15:26:54 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 15:27:04 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 24/02/2014 15:27:20 | Computer Name = USER-0868A33E33 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.


< End of report >
  • 0

Advertisements

#2
godawgs
Posted 26 February 2014 - 11:59 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Channeal, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's see what we can do for you.

First, I want to share G2G's opinions on a few of the programs I see on the computer.
You already know about the pitfalls of using the driver module in HitmanPro. However, HitmanPro has been known to alter the bootrecord when applying it's fixes on some systems, thus rendering the system unbootable. There are times when the program can be useful on unbootable systems, but unless you know exactly what is removing, and how that is gonna affect the system, I would recommend that you uninstall the program. If you decide to keep it please don't use until we have finished here.

I also see CCleaner on the computer. CCleaner is a very good program and we recommend its use here in certain situations. Except the Registry cleaning module of the program. G2G doesn't recommend the use of any dedicated Registry cleaning program or the Registry cleaning module of any program. They don't speed up the systems performance and they, like Hitman, can turn your computer into a doorstop. You can go HERE to get more information about why registry cleaners aren't needed.

I also see Trusteer Papport on the system. This is a necessary program used for on line banking and there isn't anything wrong with the program. I just wanted to make you aware, if you aren't already, that Microsoft will stop supporting Windows XP in April of this year. That means that there won't be anymore security updates and then the malware writers are going to start targeting XP computers for security breaches. I also understand that Microsoft is stopping support for IE 8 about the same time. So it will get targeted because XP can't run any versions of IE above version 8. I would recommend that you either do your on line banking from a computer with a newer operating system or make sure that you on line bank accounts have very strong passwords and change them frequently. I would also remove any personal information like account numbers, login in names, passwords etc; from the computer or put them in a file that has strong encryption.

I would like the reports from the tools you have already run (except Htiman).

For the Kaspersky Security scan you can find the log:

  • Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
  • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
  • Attach the HtmlReport zipped folder to your next post
    Posted Image
    Posted Image
    Posted Image
How to Attach a File to a Post:

  • Click the Add Reply button an the bottom of this post. That will load the Full Editor.
    • Type or copy and past any text you need in the post. When you get to the point where you want to attach a file:
  • Scroll down and click the Browse button. A new window will open where you can browse your computer for the file to upload..

    a. Select the file. This will put the file in the File Name box on the Choose File to Upload window.
    b. Click Open. This will put the file name and path in the Attachments section of the post editor.

  • Click the Attach This File button. This will open a new box under the Attachments section that has the file name.
  • To the right of the file name you will see Add to Post | Delete
  • Click on Add to Post. This will attach the file to the post.
  • Once you have completed your post and are ready to submit it, click the Add Reply button.
Some screen shots of the process can be seen here

For the RogueKiller log:
There should be a RKreport.txt file in the same place you ran RogueKiller from, (the desktop). Or maybe you put it in the RK Logs folder on the desktop.

I see an MBR.dat file on the desktop. That means that you ram aswMBR. There should be a aswMbr.txt file if you saved the scan results. Please post it if you have it.

I also see TDSSKiller on the computer. If you ran the tool there will be a log file named "TDSSKiller.[Version]_[Date]_[Time]_log.txt". It should be in the root folder...C:\


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The RKreport.txt log
2. The aswMBR log, if you saved it.
3. The TDSSKiller log, if you ran it.
4. The HtmlReport.zip folder
  • 0

#3
Channeal
Posted 27 February 2014 - 06:15 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Grateful thanks for your reply and for the helpful comments about the programs on my computer. I have deleted hitman pro (although I still have the report from it).

I am just about to rush off out..... but I am beginning by attaching the report from the Kaspersky scan.

Thanks again.

Chris.

Attached File  HtmlReport.zip   125.5KB   154 downloads

PS I don't know why, but the report I sent above does not mention the malware which the Kaspersky scan originally found. I only ran the scan once.... could the change somehow be connected to the fact I have now deleted the JASC program? Anyway, this is what the original scan showed: -

Malware (1)

Information about malware detected on the computer.

Kaspersky recommends
Net-Worm.Win32.Kolabc.ixm
Armadillo
C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Paint Shop Pro Studio.exe/

Edited by Channeal, 27 February 2014 - 06:30 AM.

  • 0

#4
Channeal
Posted 27 February 2014 - 06:41 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Hello again. I unexpectedly have a few more minutes before going out, so am posting the Rogue Killer log as follows: -

RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 02/24/2014 23:17:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[11] : NtAdjustPrivilegesToken @ 0x805EC440 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28690)
[Address] SSDT[25] : NtClose @ 0x805BC564 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28F94)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC29DC8)
[Address] SSDT[35] : NtCreateEvent @ 0x8060F0E0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A312)
[Address] SSDT[37] : NtCreateFile @ 0x805790A2 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC29270)
[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC27500)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A1F8)
[Address] SSDT[44] : NtCreateNamedPipeFile @ 0x805790DC -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2827E)
[Address] SSDT[46] : NtCreatePort @ 0x805A5120 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A0CC)
[Address] SSDT[50] : NtCreateSection @ 0x805AB3FC -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28426)
[Address] SSDT[51] : NtCreateSemaphore @ 0x806151E0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A432)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28C1C)
[Address] SSDT[56] : NtCreateWaitablePort @ 0x805A5144 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A162)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2BB1A)
[Address] SSDT[63] : NtDeleteKey @ 0x80624706 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC27B0A)
[Address] SSDT[65] : NtDeleteValueKey @ 0x806248D6 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC27EBE)
[Address] SSDT[66] : NtDeviceIoControlFile @ 0x80579268 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC296F2)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2CD26)
[Address] SSDT[71] : NtEnumerateKey @ 0x80624AB6 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2800A)
[Address] SSDT[73] : NtEnumerateValueKey @ 0x80624D20 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC280A2)
[Address] SSDT[84] : NtFsControlFile @ 0x8057929C -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC29500)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2BC0C)
[Address] SSDT[98] : NtLoadKey @ 0x8062648E -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC274DC)
[Address] SSDT[99] : NtLoadKey2 @ 0x8062609A -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC274EE)
[Address] SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2C374)
[Address] SSDT[111] : NtNotifyChangeKey @ 0x80626458 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC281CE)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A3A8)
[Address] SSDT[116] : NtOpenFile @ 0x8057A1A0 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC29016)
[Address] SSDT[119] : NtOpenKey @ 0x80625648 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC276C0)
[Address] SSDT[120] : NtOpenMutant @ 0x806178FA -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A288)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC288CC)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2C10E)
[Address] SSDT[126] : NtOpenSemaphore @ 0x806152DA -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A4C8)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC287BE)
[Address] SSDT[160] : NtQueryKey @ 0x8062598A -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2813A)
[Address] SSDT[161] : NtQueryMultipleValueKey @ 0x806233B8 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC27D72)
[Address] SSDT[167] : NtQuerySection @ 0x805B8614 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2C6AE)
[Address] SSDT[177] : NtQueryValueKey @ 0x8062248E -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2799C)
[Address] SSDT[180] : NtQueueApcThread @ 0x805D2786 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2BFA0)
[Address] SSDT[192] : NtRenameKey @ 0x80623C8C -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC27C2C)
[Address] SSDT[193] : NtReplaceKey @ 0x8062633E -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC26F16)
[Address] SSDT[194] : NtReplyPort @ 0x805A5520 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A82C)
[Address] SSDT[195] : NtReplyWaitReceivePort @ 0x805A64E8 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2A6F2)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2DAA -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2B8B4)
[Address] SSDT[204] : NtRestoreKey @ 0x80625C4A -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2728E)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2CBC8)
[Address] SSDT[207] : NtSaveKey @ 0x80625D46 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC26EAE)
[Address] SSDT[210] : NtSecureConnectPort @ 0x805A3D98 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC29B0E)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28E38)
[Address] SSDT[230] : NtSetInformationToken @ 0x805FA790 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2B154)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805C0662 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2BDAA)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2C7FE)
[Address] SSDT[247] : NtSetValueKey @ 0x806227DC -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC27816)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2C8F0)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2CA2A)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8061823E -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2BA3E)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28A68)
[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC289C8)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC2C552)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC28B52)
[Address] Shadow SSDT[13] : NtGdiBitBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC39118)
[Address] Shadow SSDT[227] : NtGdiMaskBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC391EE)
[Address] Shadow SSDT[237] : NtGdiPlgBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC3925E)
[Address] Shadow SSDT[292] : NtGdiStretchBlt -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC39182)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC397E6)
[Address] Shadow SSDT[312] : NtUserBuildHwndList -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC392C6)
[Address] Shadow SSDT[378] : NtUserFindWindowEx -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38F3C)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38D4A)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC3904A)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38D96)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38E8E)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38DE2)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38E36)
[Address] Shadow SSDT[491] : NtUserRegisterRawInputDevices -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38FD2)
[Address] Shadow SSDT[502] : NtUserSendInput -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38EEE)
[Address] Shadow SSDT[529] : NtUserSetParent -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC39698)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38C90)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (C:\WINDOWS\system32\DRIVERS\8375695drv.sys @ 0x8CC38CE8)
[Inline] EAT @firefox.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Mozilla Firefox\mozglue.dll @ 0x003D1FFD)
[Inline] EAT @firefox.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x71A20022)
[Inline] EAT @firefox.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x71A20022)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 +++++
--- User ---
[MBR] 0a7009d9dfcb041e4c31bc6b090ebb69
[BSP] fd5f230eb9ceb617afcd7ec00aff9674 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD1600AAJS-75WAA0 +++++
--- User ---
[MBR] 26fe961f4c36ef3868f870766491f461
[BSP] 8eb943e683c8fb1cfe446c6d3c79022a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152570 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02242014_231718.txt >>
  • 0

#5
godawgs
Posted 27 February 2014 - 07:23 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thank you for the logs. I don't know why Kaspersky would find the worm but not list it.
You didn't answer my questions about aswMBr and TDSSKiller. Please answer them.


Step-1.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\WINDOWS\system32\DRIVERS\8375695drv.sys
    C:\WINDOWS\System32\B39A30FC39.sys    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Virustotal URL links
2. Answer my questions above.
  • 0

#6
Channeal
Posted 28 February 2014 - 05:33 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Thank you for your reply.

1. Virustotal told me that the first file could not be found. I did a search for it on my computer and it no longer seems to be there. (Could that be do do with me deleting the JASC program?)

The link to the results of the scan on the second file is: -

My link

2. I couldn't find any log for the TDSSKiller, though I will look again later. I have found the log for aswMBR and am posting it below. Thanks again for your help.




aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-24 17:57:08
-----------------------------
17:57:08.906 OS Version: Windows 5.1.2600 Service Pack 3
17:57:08.906 Number of processors: 2 586 0x403
17:57:08.906 ComputerName: USER-0868A33E33 UserName: User
17:57:24.843 Initialize success
17:57:30.031 AVAST engine defs: 14022400
17:57:40.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18
17:57:40.375 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
17:57:40.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-20
17:57:40.375 Disk 1 Vendor: WDC_WD1600AAJS-75WAA0 58.01D58 Size: 152587MB BusType: 3
17:57:40.953 Disk 0 MBR read successfully
17:57:40.953 Disk 0 MBR scan
17:57:40.968 Disk 0 Windows XP default MBR code
17:57:40.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
17:57:40.984 Disk 0 scanning sectors +976752000
17:57:41.234 Disk 0 scanning C:\WINDOWS\system32\drivers
17:58:05.453 Service scanning
17:58:47.781 Modules scanning
17:59:11.671 Disk 0 trace - called modules:
17:59:12.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
17:59:12.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0efab8]
17:59:12.187 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8b12fb00]
17:59:25.812 AVAST engine scan C:\WINDOWS
17:59:44.515 AVAST engine scan C:\WINDOWS\system32
18:07:42.406 AVAST engine scan C:\WINDOWS\system32\drivers
18:08:25.906 AVAST engine scan C:\Documents and Settings\User
18:49:53.625 AVAST engine scan C:\Documents and Settings\All Users
18:54:57.359 Scan finished successfully
18:55:58.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
18:55:58.765 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

Edited by Channeal, 28 February 2014 - 05:57 AM.

  • 0

#7
godawgs
Posted 28 February 2014 - 10:11 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome. Let's get started.


Step-1.

Uninstall Programs

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Kaspersky Security Scan
eCleaner 2.02

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
IE - HKLM\..\SearchScopes\{1E3691A2-B51D-4DA8-B072-435E8B77E70F}: "URL" = http://start.mysearc...=1346160172&ir=
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell - "" = AutoRun
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell\AutoRun\command - "" = L:\Startme.exe
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\9481
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2631
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1548
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1477
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0359
[2014/02/26 14:56:27 | 000,013,046 | ---- | M] ()(C:\Documents and Settings\User\Desktop\S????t?sa t?? ?????? st? s??pe?µ???et.docx) -- C:\Documents and Settings\User\Desktop\Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx
[2014/02/26 14:56:27 | 000,013,046 | ---- | C] ()(C:\Documents and Settings\User\Desktop\S????t?sa t?? ?????? st? s??pe?µ???et.docx) -- C:\Documents and Settings\User\Desktop\Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx

:FILES
ipconfig /flushdns /c
C:\Documents and Settings\All Users\Application Data\BrowserDefender
C:\Program Files\Babylon
C:\Program Files\Kaspersky Lab

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Close all open windows and browsers.
  • XP users, double click the AdwCleaner icon Posted Image on the desktop to run AdwCleaner. Allow the program to update if asked. You will see the following console:

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
prcss.dll
explorer.exe
winlogon.exe
Userinit.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-5

Check Hard Disk For Errors:

  • Click on Start >> Run..., then copy/paste the following command into the box and press OK:

    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
  • A blank command window will open on your desktop, then close in a few minutes. This is normal.
  • A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the uninstalls went.
2. The OTL fixes log
3. The newest AdwCleaner[Rx].txt log
4. The checkup.txt log
  • 0

#8
Channeal
Posted 28 February 2014 - 12:55 PM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
I am writing this on my phone. I successfully completed stage 1 and moved on to stage 2. The OTL thing seemed to be taking hours and I was wondering if it had frozen the computer. I had stupidly left a browser window open and so tried to close it. It immediately brought up a box with the heading Warning Unresponsive Script. Now the OTL box is no longer visible. Please help!

--------------
UPDATE. I tried again to get rid of the browser window...... this time it went and the OTL screen is again visible. It still says ' Killing Processes' - but there is no sign that anything is actually happening. It has been running for almost two hours now. The sand timer is still there, but doesn't flash or anything. The green light on the tower was flashing before, but isn't now. I think I will probably leave the computer on all night to see if anything happens!

--------------
UPDATE 2. I left the computer on all night.... but as nothing had happened by morning, I turned it off at the main switch. Amazingly, the computer restarted when I turned it on again!!!! I can only assume that the OTL thing was still running (how long would it normally take?) and that my trying to close the browser page that I had (stupidly) left open resulted in the OTL process being terminated. Mind you, the same thing happened previously when I attempted to run the adwcleaner program.

Is it okay for me to try to run the OTL thing again? I won't do anything until I hear from you again.

Edited by Channeal, 01 March 2014 - 04:55 AM.

  • 0

#9
godawgs
Posted 01 March 2014 - 12:17 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
When you turned the computer off did OTL still have "Killing Processes" in the window at the bottom or had it changed to "Emptying Temporary files"? If you haven't ever cleaned the Temp files from Windows and IE and the other browsers OTL can take hours to complete.
Please do Step 5. of the instructions in post #7.
Then do Step 4.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my questions please.
2. The checkhd.txt log
3. the new OTL.txt log
  • 0

#10
Channeal
Posted 02 March 2014 - 10:36 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Hello again!

I was using the computer earlier today - copying a file over to Drive D as I wasn't sure if it had been backed up - when the computer turned itself off and restarted, telling me that the system had recovered from a serious error.

The answers to your points are: -





1) OTL was definitely showing "Killing Processes" the whole time it was running and never changed to "Emptying Temporary Files". In any case, it is not long since I used CCleaner to clean up the temporary files.





2)
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry APP-CO~1.DAT in index $I30 of file 101188.
Deleting index entry fsm_service_var_0.js.data in index $I30 of file 101225.
Deleting index entry FSM_SE~1.DAT in index $I30 of file 101225.
Deleting index entry fsm_service_var_1.js.data in index $I30 of file 101916.
Deleting index entry FSM_SE~2.DAT in index $I30 of file 101916.

Errors found. CHKDSK cannot continue in read-only mode.





3)
OTL logfile created on: 02/03/2014 15:48:28 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 78.42% Memory free
5.34 Gb Paging File | 4.72 Gb Available in Paging File | 88.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 329.22 Gb Free Space | 70.69% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/02/22 14:43:03 | 000,253,952 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
PRC - [2014/02/14 23:07:51 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/13 13:09:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/11 14:21:32 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/10 11:35:20 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/12/12 09:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/07/22 19:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/03/22 16:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/01 18:29:16 | 002,186,240 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14030102\algo.dll
MOD - [2014/02/13 14:30:55 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 14:30:10 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 14:29:58 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/13 14:27:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 01:03:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 01:02:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 00:58:34 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 00:58:19 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 00:57:37 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 00:56:52 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 00:56:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5d060f9be1d1e717d64643941241a202\PresentationFramework.Royale.ni.dll
MOD - [2014/02/13 00:55:30 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 00:54:41 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 00:54:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 00:53:19 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 00:52:59 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/03 10:29:53 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/10 19:11:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/07/05 09:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/10/20 09:36:04 | 000,086,304 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2009/10/20 09:13:56 | 000,147,456 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/08 19:30:00 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/21 20:27:02 | 001,183,744 | ---- | M] () -- C:\WINDOWS\system32\dlcdserv.dll
MOD - [2005/06/21 20:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll
MOD - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll
MOD - [2005/06/21 20:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/21 20:12:48 | 001,134,592 | ---- | M] () -- C:\WINDOWS\system32\dlcdusb1.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll
MOD - [2005/05/17 22:17:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcnv4.dll
MOD - [2005/04/28 13:43:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2014/02/24 21:17:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 13:01:39 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/02/20 17:07:17 | 000,107,224 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/02/17 18:37:47 | 000,052,312 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/02/10 11:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 11:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/04 21:54:38 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/10 19:11:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/10 19:10:22 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/10/28 09:07:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/06/18 02:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2006/12/19 07:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 07:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 07:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 07:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 07:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 07:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/13 16:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{1E3691A2-B51D-4DA8-B072-435E8B77E70F}: "URL" = http://start.mysearc...=1346160172&ir=
IE - HKLM\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...1I7SAVV_enGB539
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/13 13:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/03 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/02/15 13:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 13:01:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/13 13:09:58 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/03 08:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www1.delta-se...121240&tsp=4975
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/02/17 18:24:08 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O4 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003..\Run: [Spotify Web Helper] C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1370086580859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1370086717752 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10191BB2-FF37-48CA-833D-6764C0A4FA75}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/01 10:48:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/03 01:01:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell - "" = AutoRun
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2014/03/02 15:12:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2014/02/28 17:44:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 23:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:09:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2014/02/24 18:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
[2014/02/24 18:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK Logs
[2014/02/24 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
[2014/02/20 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2014/02/20 18:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller
[2014/02/20 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Old Firefox Data
[2014/02/20 10:56:31 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/20 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/02/19 22:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/02/18 17:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Labels
[2014/02/17 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/17 19:12:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/17 18:37:47 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/17 17:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/17 17:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/17 15:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/02/15 13:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 09:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/02/11 13:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/11 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/10 11:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/06 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/02 16:13:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/02 15:42:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/02 15:18:02 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/02 15:12:43 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 15:12:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/02 13:01:05 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/03/02 01:10:36 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/02 01:10:36 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/02 01:10:36 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/02 01:10:36 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/03/02 01:10:36 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/02/28 16:27:29 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2014/02/28 09:58:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/27 12:08:25 | 000,128,509 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 12:03:29 | 374,838,127 | ---- | M] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/26 22:58:58 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel.lnk
[2014/02/25 14:04:14 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/25 10:13:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/25 04:02:09 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:56:18 | 003,818,496 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 21:17:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/24 21:17:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/24 20:22:02 | 132,325,736 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/21 16:20:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/20 18:29:27 | 004,102,163 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/20 17:07:17 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/02/19 22:37:01 | 000,035,528 | ---- | M] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/18 14:52:31 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/17 22:26:12 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/17 18:37:47 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/17 18:24:08 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/17 18:11:29 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140217-182408.backup
[2014/02/17 16:18:10 | 000,505,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/17 16:18:10 | 000,089,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/16 18:25:17 | 000,061,910 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Page.mht
[2014/02/14 07:54:18 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Greeting Card Factory Deluxe.lnk
[2014/02/13 13:10:44 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
[2014/02/13 13:10:44 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/13 13:09:54 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/13 13:09:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/12 22:56:17 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Santander Online Banking.url
[2014/02/11 13:57:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:30 | 003,818,150 | ---- | M] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 23:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 23:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 23:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 23:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 23:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 23:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 23:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 23:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 23:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 23:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 23:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 23:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 23:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 23:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 23:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 23:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 23:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 23:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 23:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 23:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 23:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 23:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 23:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 23:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 23:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 23:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 23:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 23:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 23:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 23:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 22:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/27 12:08:25 | 000,128,509 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 11:57:11 | 374,838,127 | ---- | C] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/25 14:02:47 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/24 22:56:16 | 003,818,496 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:14:29 | 132,325,736 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:01 | 004,102,163 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:36:53 | 000,035,528 | ---- | C] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/17 22:25:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/14 09:12:11 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/14 09:12:10 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/02/11 13:57:50 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:29 | 003,818,150 | ---- | C] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/08 13:01:11 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/16 17:04:46 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2013/12/16 01:15:04 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/18 20:51:46 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
[2013/09/18 20:51:42 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50.bmp
[2013/09/09 20:10:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SingleViewer.INI
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\9481
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\2631
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1548
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1477
[2013/09/06 21:09:56 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0359
[2013/09/06 20:45:22 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2013/08/15 15:59:21 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2013/07/22 14:06:40 | 000,077,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/07/18 23:02:01 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2013/07/18 23:01:23 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2013/07/18 23:01:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2013/07/18 23:01:22 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2013/07/18 23:01:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2013/07/18 23:01:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2013/07/18 23:01:21 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2013/07/18 23:01:21 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2013/07/18 23:01:21 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2013/07/18 23:01:21 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2013/07/18 23:01:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2013/07/18 23:01:20 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2013/07/18 23:01:20 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2013/07/18 23:01:20 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2013/07/18 23:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2013/07/18 23:01:19 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2013/07/18 23:01:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2013/07/18 23:01:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2013/07/18 23:01:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2013/07/18 23:01:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2013/07/18 23:01:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2013/07/18 23:01:15 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2013/06/20 21:48:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/20 21:48:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/20 21:48:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2013/06/07 13:17:02 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2013/06/07 13:17:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2013/06/05 23:34:36 | 001,614,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1979792683-1801674531-1003-0.dat
[2013/06/05 23:34:36 | 000,311,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/04 18:37:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B39A30FC39.sys
[2013/06/04 18:37:36 | 000,002,828 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2013/06/04 16:05:51 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 15:05:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2013/06/03 20:37:05 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/03 20:37:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/01 12:02:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/01 10:50:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 10:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/06/01 10:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/06/01 09:59:12 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/06/01 10:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/11 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/10 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/08/17 20:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserDefender
[2014/02/24 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/20 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
[2013/06/03 10:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2014/02/20 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/13 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/09/06 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2013/06/10 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/06/11 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/12/11 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/01/16 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Copernic
[2013/12/03 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/08/15 15:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/09/06 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Imagic507N
[2013/07/01 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/09/13 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2013/06/05 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/09/13 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2014/02/11 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/06/04 17:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 04:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 04:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 04:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 13:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 04:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 04:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 17:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 04:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 04:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 04:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 04:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 04:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 04:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 04:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 04:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 04:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 04:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 04:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 04:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 04:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 04:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 05:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 04:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 04:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 04:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 04:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 04:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 04:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 04:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 04:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 04:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 00:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 04:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 12:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 04:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 04:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 06:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/10 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is DCE3-CEE7
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
13/02/2014 01:02 <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
13/02/2014 01:03 <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/06/2013 15:50 <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
07/06/2013 15:58 <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 353,449,193,472 bytes free

========== Files - Unicode (All) ==========
[2014/02/26 14:56:27 | 000,013,046 | ---- | M] ()(C:\Documents and Settings\User\Desktop\S????t?sa t?? ?????? st? s??pe?µ???et.docx) -- C:\Documents and Settings\User\Desktop\Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx
[2014/02/26 14:56:27 | 000,013,046 | ---- | C] ()(C:\Documents and Settings\User\Desktop\S????t?sa t?? ?????? st? s??pe?µ???et.docx) -- C:\Documents and Settings\User\Desktop\Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx

< End of report >

Edited by Channeal, 02 March 2014 - 10:37 AM.

  • 0

Advertisements

#11
godawgs
Posted 02 March 2014 - 11:21 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Your hard drive has errors on it. Let's run a disk repair.

Step-1.

Clear Event Logs

  • Click Start then click Run.
  • Type eventvwr.msc in the Open box and click the OK button.. The Computer Management window will come up.
  • On the left side of the window, Right click on System and click Clear All Events
  • Click No when asked if you want to save the old logs and click OK.
  • Repeat for the Applications
  • Close the Computer Management window and Reboot.

Step-2.

Run the Disk Checker

NOTE: Before running the disk checker to repair a volume, you must do the following:
  • Be prepared to let the process complete.
    • If you check either or both of the boxes on the Check Disk window...
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors
    ...on a large volume (for example, 450 GB) or on a volume with a very large number of files (in the millions), Chkdsk can take a long time to complete.
    NOTE: My record so far was a 450GB hard drive that took 20 hours for Chdsk to complete, but that hard drive was failing. When it gets to Stage 4 (Verifying file data) it may stay on the same file number for hours. Chkdsk is still running even though it looks like it has quit responding and stalled. Just let it run.
  • The volume is not available during this time because Chkdsk does not relinquish control until it is done. If a volume is being checked during the startup process, the computer is not available until the disk checking process is complete.
  • The disk checker does not include parameters that let you cancel the process.
The image below is from a Vista machine but the screens look similar and operate the same in all versions of Windows.
  • On the desktop click the Computer icon
  • Right click your main drive (I am on C:) and select Properties
  • Select the Tools tab
  • Select Error Checking
  • Click Check Now and OK any UAC prompts.
  • Place a tick in both boxes in the Check Disk (OS) window:
    • Automatically fix file system errors.
    • Scan for and attempt recovery of bad sectors
  • Press Start

    Posted Image

    Note: If one or more of the files on the hard disk are open, you will receive the following message:

    Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

  • Type Y, and then press ENTER to schedule the disk check, and then restart, not reboot, your computer to start the disk check.
    To restart the computer:
    • Shutdown the computer
    • Re-start the computer
    • When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
    • Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.
    • You will get a warning that it needs to reboot to continue
    • Allow it to do so

Get the Chkdsk log

  • Click Start > Run. In the Run box type eventvwr.msc and press the Enter key.
  • On the left side of the window click the arrow beside Event Viewer and click Windows Logs
  • Click Application. The Application logs will appear in the center window.
  • The chkdsk log should be the first entry, or near the top. The source column will have an entry of Winlogon.
    If it is not the first log:
    • Click on View, and then on Sort by > Date and Time.
    • This should place the chkdsk log at or near the top of the list.
  • Click on the entry once
  • Now right-click on the entry and choose Properties.
  • In the window that pops-up, click on Posted Image (this will copy the log).
  • Open a notepad file. Right click inside the file and click Paste. This will put the contents of the Event log into the text file.
  • Save the file as chkdsk log.txt
Post the log in a Reply to this topic.
  • 0

#12
Channeal
Posted 03 March 2014 - 04:10 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Okay, I am familiar with running checkdisk so should have had no problem doing this.... though oddly the first time I tried to run it, it told me that checkdisk had finished after about one minute and hadn't found anything when quite clearly it hadn't had a chance to check anything. I have never had that happen before!

Anyway, my second attempt to run it was successful and here is the log: -

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 03/03/2014
Time: 09:35:58
User: N/A
Computer: USER-0868A33E33
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 54 unused index entries from index $SII of file 0x9.
Cleaning up 54 unused index entries from index $SDH of file 0x9.
Cleaning up 54 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

488375968 KB total disk space.
142713192 KB in 219676 files.
85952 KB in 15257 indexes.
0 KB in bad sectors.
417148 KB in use by the system.
65536 KB occupied by the log file.
345159676 KB available on disk.

4096 bytes in each allocation unit.
122093992 total allocation units on disk.
86289919 allocation units available on disk.

Internal Info:
e0 01 04 00 c1 95 03 00 a5 fa 05 00 00 00 00 00 ................
a5 33 00 00 04 00 00 00 d7 09 00 00 00 00 00 00 .3..............
f6 e0 56 4f 00 00 00 00 64 83 0f 3a 01 00 00 00 ..VO....d..:....
7e a7 3a 7c 00 00 00 00 de cc 04 b7 75 00 00 00 ~.:|........u...
f4 c6 0c 49 08 00 00 00 cc f4 da 38 80 00 00 00 ...I.......8....
10 a6 44 be 00 00 00 00 a8 39 07 00 1c 5a 03 00 ..D......9...Z..
00 00 00 00 00 a0 85 06 22 00 00 00 99 3b 00 00 ........"....;..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.
  • 0

#13
godawgs
Posted 03 March 2014 - 09:30 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's see if OTL and AdwCleaner will run now.


Step-1.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image


Step-2.

Download AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.


Step-3.

Please go back to post #7 and see if Steps 2 and 3 will run now. Please remember to close all open windows and browsers before running the steps.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[R0].txt log
  • 0

#14
Channeal
Posted 04 March 2014 - 06:52 AM

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
I tried to run the OTL fix again.... I ran it for over 12 hours, but nothing seemed to be happening and it was still on 'Killing Processes'. I have to go out now, so I just turned off and restarted. Would the OTL fix be likely to take longer than 12 hours? It gave no sign of doing anything at all....

I haven't tried to run the adwCleaner yet. Should I try to run it?

I am not going to be available for a couple of days now, but will be back on Thursday.

Thanks again for helping me.

Chris.

Edited by Channeal, 04 March 2014 - 06:55 AM.

  • 0

#15
godawgs
Posted 04 March 2014 - 12:27 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Chris,

I am not going to be available for a couple of days now, but will be back on Thursday.

Acknowledged.

Thanks again for helping me.

You are welcome.
I know it doesn't seem like I'm doing much to help, but this issue with the OTL fix has me perplexed. I'm sorry that we are having this problem. The only times I have seen OTL take hours on a fix were instances when there were loads of TEMP files to clean. But in those cases OTL gets stuck for a long time on the "Emptying Temporary Files" command.

There was an issue a little over a year ago with OTL hanging while killing all processes. This was traced to the MalwareBytes process. And killing the MalwareBytes process from the task manager just froze that machine. But I haven't seen it happen in a year or so.

When you installed MalwareBytes did you opt for the 2 week trial period for the Pro version? There have been instances where MalwareBytes didn't revert from the trial Pro version back to the unpaid version and that caused problems.
MalwareBytes is an excellent program and we will be using it later. But for now I want to uninstall it and run a dedicated MalwareBytes clean up tool to be sure that we remove everything. Then we will try the OTL fix and AdwCleaner again.

I don't think there is any point in running the AdwCleaner program until this issue is resolved because the process that is hanging OTL is likely doing the same thing to AdwCleaner since it also trys to kill processes before it runs.

If this doesn't work we will try a different tool.


Step-1.

1.
Download and save MBAM Cleanup Utility to your desktop.

2.
Please click here to go to the Farbar Recovery Scan Tool download page.
Click the Download Now(32bit Version) button and save it to your desktop.


Step-2.

A.
Uninstall MalwareBytes

  • Click Start, then Control Panel, then Add/Remove Programs. The list of installed programs will populate.
  • Find Malwarebytes Anti-Malware version 1.75.0.1300 in the list..
  • Click the program to highlight it and click Change/Remove and uninstall the program.
  • Reboot the computer

B.
Run the MBAM cleanup tool

  • Double click the mbam-clean.exe file to run it.

    Posted Image

    NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so as it is very important.

Step-3.

Go back to post #7 and try the OTL fix again. IF it runs, then run AdwCleaner and post the OTL fixes log and the AdwCleaner[R0].txt log in your next reply. IF it doesn't run, don't bother with running AdwCleaner.


Step-4.

Fabar Recovery Scan

Close all open Windows and browsers
  • Double-click the FRST.exe file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log (IF it ran)
2. The AdwCleaner[R0].txt log
3. The FRST.txt log
4. The Addition.txt log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP