Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Had various viruses, am I now clean? [Solved]


  • This topic is locked This topic is locked

#16
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Okay....I am back on this troublesome computer again!

This time everything worked okay, so it obviously was to do with Malwarebytes. I used to have the paid-for Pro version. I have an email saying that I paid for that in 2012, but nothing to say that I renewed it in 2013.... I was under the impression that I had done so, but maybe I didn't. So, perhape the problem was somehow caused by that!

Anyway.... here are the logs you requested: -




1)OTL fixes log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service BrowserDefendert stopped successfully!
Service BrowserDefendert deleted successfully!
File C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E3691A2-B51D-4DA8-B072-435E8B77E70F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E3691A2-B51D-4DA8-B072-435E8B77E70F}\ not found.
Prefs.js: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected] not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KSS not found.
File C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57c40fd6-1c5d-11e3-984c-00137216c65c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57c40fd6-1c5d-11e3-984c-00137216c65c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57c40fd6-1c5d-11e3-984c-00137216c65c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57c40fd6-1c5d-11e3-984c-00137216c65c}\ not found.
File L:\Startme.exe not found.
C:\Documents and Settings\User\Application Data\9481 moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\2631 moved successfully.
C:\Documents and Settings\All Users\Application Data\1548 moved successfully.
C:\Documents and Settings\All Users\Application Data\1477 moved successfully.
C:\Documents and Settings\All Users\Application Data\0359 moved successfully.
C:\Documents and Settings\User\Desktop\Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx moved successfully.
File C:\Documents and Settings\User\Desktop\Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\All Users\Application Data\BrowserDefender folder moved successfully.
File\Folder C:\Program Files\Babylon not found.
File\Folder C:\Program Files\Kaspersky Lab not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 7513027 bytes

User: NetworkService
->Temp folder emptied: 112908 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: User
->Temp folder emptied: 38971881 bytes
->Temporary Internet Files folder emptied: 28678605 bytes
->FireFox cache emptied: 222915020 bytes
->Google Chrome cache emptied: 6444597 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 977 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 368832 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95450035 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 181238783 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 555.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03062014_142549

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






2)AdwCleaner log

# AdwCleaner v3.020 - Report created 06/03/2014 at 14:50:17
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-0868A33E33
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zc8wxp68.default-1392919065375\invalidprefs.js
Folder Found : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\f558bdae769b946
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\f558bdae769b946
Key Found : HKLM\Software\mysearchdial
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCtAyBtBtCyC0CyCyD0C0C0E0EyBtN0D0Tzu0CyDzytDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1346160172&ir=

-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zc8wxp68.default-1392919065375\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R3].txt - [2559 octets] - [06/03/2014 14:50:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2619 octets] ##########








3) FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2014
Ran by User (administrator) on USER-0868A33E33 on 06-03-2014 14:55:04
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\WINDOWS\system32\PSIService.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTXFIHLP.EXE
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Dell) C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
() C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
() C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\WINDOWS\system32\dlcdcoms.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Dell) C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
(Spotify Ltd) C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [CTHelper] - C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [8491008 2007-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [DLCDCATS] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll [69632 2005-06-07] ()
HKLM\...\Run: [dlcdmon.exe] - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe [430080 2005-07-22] (Dell)
HKLM\...\Run: [MemoryCardManager] - C:\Program Files\Dell Photo AIO Printer 944\memcard.exe [282624 2005-06-27] ()
HKLM\...\Run: [ReminderApp] - C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe [144672 2009-10-20] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-13] (AVAST Software)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [DellSystemDetect] - C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-02-22] (Dell)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [Spotify Web Helper] - C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-11] (Spotify Ltd)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-06-03] (Google Inc.)
HKU\S-1-5-21-220523388-1979792683-1801674531-1003\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1E3691A2-B51D-4DA8-B072-435E8B77E70F} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1370086580859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1370086717752
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zc8wxp68.default-1392919065375
FF Homepage: hxxp://uk.my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-03]

Chrome:
=======
CHR HomePage: hxxp://uk.my.yahoo.com/
CHR DefaultSearchKeyword: delta-search.com
CHR DefaultSearchProvider: Delta Search
CHR DefaultSearchURL: http://www1.delta-se...121240&tsp=4975
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-13] (AVAST Software)
R3 dlcd_device; C:\WINDOWS\system32\dlcdcoms.exe [491520 2005-06-21] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2013-12-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-13] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-12-10] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] ()
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-03-06 14:55 - 2014-03-06 14:55 - 00015482 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-06 14:54 - 2014-03-06 14:55 - 00000000 ____D () C:\FRST
2014-03-06 14:53 - 2014-03-06 14:53 - 00002699 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner[R3].txt
2014-03-06 14:49 - 2014-03-06 14:51 - 00000000 ____D () C:\AdwCleaner
2014-03-06 14:39 - 2014-03-06 14:39 - 00009318 _____ () C:\Documents and Settings\User\Desktop\03062014_142549.log
2014-03-06 14:06 - 2014-03-06 14:05 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030614-01.dmp
2014-03-06 13:35 - 2014-03-06 13:36 - 01145344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-06 13:34 - 2014-03-06 13:34 - 00080456 _____ (Malwarebytes Corporation) C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
2014-03-03 20:42 - 2014-03-03 20:42 - 01244192 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-03-02 15:28 - 2014-03-02 15:41 - 00000618 _____ () C:\Documents and Settings\User\Desktop\checkhd.txt
2014-03-02 15:12 - 2014-03-06 14:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-02 15:12 - 2014-03-02 15:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030214-01.dmp
2014-02-28 17:44 - 2014-02-28 17:44 - 00000000 ____D () C:\_OTL
2014-02-27 12:08 - 2014-02-27 12:08 - 00128509 _____ () C:\Documents and Settings\User\Desktop\HtmlReport.zip
2014-02-25 14:02 - 2014-02-25 14:04 - 00000262 _____ () C:\Documents and Settings\User\Desktop\GeeksToGo.url
2014-02-25 04:05 - 2014-03-06 13:03 - 00045003 _____ () C:\WINDOWS\setupapi.log
2014-02-25 01:17 - 2014-02-25 10:01 - 00043532 _____ () C:\Documents and Settings\User\Desktop\Extras.Txt
2014-02-25 01:15 - 2014-03-02 16:19 - 00132852 _____ () C:\Documents and Settings\User\Desktop\OTL.Txt
2014-02-24 23:35 - 2014-02-24 23:35 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-02-24 23:17 - 2014-02-24 23:17 - 00012127 _____ () C:\Documents and Settings\User\Desktop\RKreport[0]_S_02242014_231718.txt
2014-02-24 22:56 - 2014-02-24 22:56 - 03818496 _____ () C:\Documents and Settings\User\Desktop\RogueKiller.exe
2014-02-24 20:14 - 2014-02-24 20:22 - 132325736 _____ () C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
2014-02-24 19:37 - 2014-02-24 19:37 - 00014144 _____ () C:\Documents and Settings\User\Desktop\HitmanPro_20140224_1936.log
2014-02-24 18:55 - 2014-02-24 18:55 - 00001998 _____ () C:\Documents and Settings\User\Desktop\aswMBR.txt
2014-02-24 18:55 - 2014-02-24 18:55 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-02-24 18:16 - 2014-02-24 18:16 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
2014-02-24 16:02 - 2014-02-24 21:37 - 00000000 ____D () C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
2014-02-20 18:33 - 2014-02-20 18:45 - 00000000 ____D () C:\Documents and Settings\User\Desktop\RK_Quarantine
2014-02-20 18:29 - 2014-02-20 18:29 - 04102163 _____ () C:\Documents and Settings\User\Desktop\tdsskiller.zip
2014-02-20 18:29 - 2014-02-20 18:29 - 00000000 ____D () C:\Documents and Settings\User\Desktop\tdsskiller
2014-02-20 17:58 - 2014-02-20 17:58 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Old Firefox Data
2014-02-20 10:46 - 2014-02-20 10:47 - 00000000 ____D () C:\Documents and Settings\User\Desktop\mbar
2014-02-19 22:36 - 2014-02-19 22:37 - 00035528 _____ () C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
2014-02-19 22:15 - 2014-02-19 22:32 - 00000000 ____D () C:\Program Files\stinger
2014-02-18 17:38 - 2014-02-18 17:38 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Labels
2014-02-17 22:25 - 2014-02-17 22:26 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-02-17 20:00 - 2014-02-24 19:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-02-17 18:24 - 2014-02-17 18:11 - 00450613 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-182408.backup
2014-02-17 18:11 - 2004-08-10 12:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-181129.backup
2014-02-17 17:44 - 2014-02-17 22:54 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-17 17:44 - 2014-02-17 22:26 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-02-17 17:44 - 2014-02-17 22:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-17 15:46 - 2014-02-17 15:46 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-02-15 13:01 - 2014-02-15 13:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 09:12 - 2014-03-06 13:01 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-02-14 09:12 - 2014-02-25 04:02 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-14 09:11 - 2014-02-14 09:11 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 00:53 - 2014-02-13 00:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904878$
2014-02-11 13:57 - 2014-02-11 13:57 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-02-11 13:57 - 2014-02-11 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-11 13:56 - 2014-02-11 13:57 - 00000000 ____D () C:\Program Files\iTunes
2014-02-11 13:56 - 2014-02-11 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-11 13:56 - 2014-02-11 13:56 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 11:35 - 2014-02-10 11:35 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-02-08 13:01 - 2014-03-06 14:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-06 20:40 - 2014-02-15 18:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

2014-03-06 14:55 - 2014-03-06 14:55 - 00015482 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-06 14:55 - 2014-03-06 14:54 - 00000000 ____D () C:\FRST
2014-03-06 14:53 - 2014-03-06 14:53 - 00002699 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner[R3].txt
2014-03-06 14:51 - 2014-03-06 14:49 - 00000000 ____D () C:\AdwCleaner
2014-03-06 14:49 - 2013-06-01 10:46 - 01787659 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-06 14:42 - 2014-02-08 13:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-06 14:39 - 2014-03-06 14:39 - 00009318 _____ () C:\Documents and Settings\User\Desktop\03062014_142549.log
2014-03-06 14:39 - 2013-06-04 15:33 - 00000000 ____D () C:\Program Files\Dl_cats
2014-03-06 14:39 - 2013-06-01 10:44 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-06 14:36 - 2013-06-04 15:05 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-06 14:36 - 2013-06-03 20:37 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-06 14:35 - 2013-06-04 15:05 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-03-06 14:35 - 2013-06-03 20:37 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 14:35 - 2013-06-01 10:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-06 14:32 - 2013-06-07 13:18 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-03-06 14:32 - 2013-06-07 13:18 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-03-06 14:32 - 2013-06-01 10:57 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-06 14:13 - 2013-06-03 20:37 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 14:06 - 2014-03-02 15:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-06 14:05 - 2014-03-06 14:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030614-01.dmp
2014-03-06 13:53 - 2013-06-05 23:37 - 00046252 _____ () C:\dlcd.log
2014-03-06 13:40 - 2013-06-05 23:34 - 01614242 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1979792683-1801674531-1003-0.dat
2014-03-06 13:40 - 2013-06-05 23:34 - 00311730 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-06 13:36 - 2014-03-06 13:35 - 01145344 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-06 13:34 - 2014-03-06 13:34 - 00080456 _____ (Malwarebytes Corporation) C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
2014-03-06 13:03 - 2014-02-25 04:05 - 00045003 _____ () C:\WINDOWS\setupapi.log
2014-03-06 13:01 - 2014-02-14 09:12 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-03-05 20:45 - 2004-08-10 12:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-04 12:37 - 2014-01-16 17:16 - 00064106 _____ () C:\Documents and Settings\User\My Documents\Page.mht
2014-03-04 12:23 - 2013-06-03 20:39 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-03 20:42 - 2014-03-03 20:42 - 01244192 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-03-03 13:26 - 2013-06-13 16:08 - 00042414 _____ () C:\dlcdscan.log
2014-03-02 16:19 - 2014-02-25 01:15 - 00132852 _____ () C:\Documents and Settings\User\Desktop\OTL.Txt
2014-03-02 15:41 - 2014-03-02 15:28 - 00000618 _____ () C:\Documents and Settings\User\Desktop\checkhd.txt
2014-03-02 15:22 - 2013-06-08 09:54 - 00000000 ____D () C:\Documents and Settings\User\My Documents\B) Vince
2014-03-02 15:11 - 2014-03-02 15:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030214-01.dmp
2014-02-28 17:44 - 2014-02-28 17:44 - 00000000 ____D () C:\_OTL
2014-02-27 12:08 - 2014-02-27 12:08 - 00128509 _____ () C:\Documents and Settings\User\Desktop\HtmlReport.zip
2014-02-26 22:58 - 2013-06-09 19:52 - 00002473 _____ () C:\Documents and Settings\User\Desktop\Excel.lnk
2014-02-25 22:54 - 2013-11-07 12:27 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Translators
2014-02-25 14:04 - 2014-02-25 14:02 - 00000262 _____ () C:\Documents and Settings\User\Desktop\GeeksToGo.url
2014-02-25 10:50 - 2013-06-01 10:59 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-02-25 10:13 - 2013-06-03 18:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-25 10:01 - 2014-02-25 01:17 - 00043532 _____ () C:\Documents and Settings\User\Desktop\Extras.Txt
2014-02-25 04:02 - 2014-02-14 09:12 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-02-24 23:35 - 2014-02-24 23:35 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-02-24 23:17 - 2014-02-24 23:17 - 00012127 _____ () C:\Documents and Settings\User\Desktop\RKreport[0]_S_02242014_231718.txt
2014-02-24 22:56 - 2014-02-24 22:56 - 03818496 _____ () C:\Documents and Settings\User\Desktop\RogueKiller.exe
2014-02-24 21:37 - 2014-02-24 16:02 - 00000000 ____D () C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
2014-02-24 21:18 - 2013-06-03 10:27 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2014-02-24 21:17 - 2013-12-13 12:44 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-24 21:17 - 2013-12-13 12:44 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-24 20:22 - 2014-02-24 20:14 - 132325736 _____ () C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
2014-02-24 19:37 - 2014-02-24 19:37 - 00014144 _____ () C:\Documents and Settings\User\Desktop\HitmanPro_20140224_1936.log
2014-02-24 19:10 - 2014-02-17 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-02-24 18:55 - 2014-02-24 18:55 - 00001998 _____ () C:\Documents and Settings\User\Desktop\aswMBR.txt
2014-02-24 18:55 - 2014-02-24 18:55 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-02-24 18:16 - 2014-02-24 18:16 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
2014-02-24 12:22 - 2013-06-04 15:36 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Jasc Software Inc
2014-02-24 12:22 - 2013-06-04 15:35 - 00000000 ____D () C:\Program Files\Jasc Software Inc
2014-02-24 12:18 - 2013-06-04 15:36 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dell Picture Studio 3
2014-02-22 14:44 - 2013-06-05 16:28 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Deployment
2014-02-22 09:13 - 2013-09-20 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-02-21 22:22 - 2013-06-08 09:58 - 00000000 ____D () C:\Documents and Settings\User\My Documents\C) Matt
2014-02-20 21:53 - 2013-06-03 20:26 - 00000000 ____D () C:\Documents and Settings\User\Desktop\COMPUTER HEALTH
2014-02-20 18:45 - 2014-02-20 18:33 - 00000000 ____D () C:\Documents and Settings\User\Desktop\RK_Quarantine
2014-02-20 18:29 - 2014-02-20 18:29 - 04102163 _____ () C:\Documents and Settings\User\Desktop\tdsskiller.zip
2014-02-20 18:29 - 2014-02-20 18:29 - 00000000 ____D () C:\Documents and Settings\User\Desktop\tdsskiller
2014-02-20 17:58 - 2014-02-20 17:58 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Old Firefox Data
2014-02-20 17:45 - 2013-12-23 00:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
2014-02-20 17:09 - 2013-09-11 16:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-20 15:38 - 2013-06-03 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-02-20 15:37 - 2013-06-05 22:15 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 10:47 - 2014-02-20 10:46 - 00000000 ____D () C:\Documents and Settings\User\Desktop\mbar
2014-02-20 10:23 - 2013-06-01 09:46 - 00000000 ____D () C:\WINDOWS\Cursors
2014-02-19 22:37 - 2014-02-19 22:36 - 00035528 _____ () C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
2014-02-19 22:32 - 2014-02-19 22:15 - 00000000 ____D () C:\Program Files\stinger
2014-02-18 17:38 - 2014-02-18 17:38 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Labels
2014-02-18 15:11 - 2013-06-03 20:24 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Chris' Websites
2014-02-18 14:52 - 2013-06-04 16:05 - 00122880 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-17 22:54 - 2014-02-17 17:44 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-17 22:26 - 2014-02-17 22:25 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-02-17 22:26 - 2014-02-17 17:44 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-02-17 22:26 - 2014-02-17 17:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-17 18:11 - 2014-02-17 18:24 - 00450613 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140217-182408.backup
2014-02-17 16:19 - 2013-06-01 12:10 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-02-17 15:46 - 2014-02-17 15:46 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-02-17 15:45 - 2013-06-01 10:02 - 00629766 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-16 13:36 - 2013-06-03 17:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 18:19 - 2014-02-06 20:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-02-15 13:01 - 2014-02-15 13:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 09:11 - 2014-02-14 09:11 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-02-14 09:11 - 2013-06-05 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-02-14 08:24 - 2013-06-08 09:51 - 00000000 ____D () C:\Documents and Settings\User\My Documents\A) Chris
2014-02-14 07:54 - 2013-08-09 11:36 - 00002573 _____ () C:\Documents and Settings\All Users\Desktop\Greeting Card Factory Deluxe.lnk
2014-02-13 14:36 - 2013-06-01 10:43 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 13:10 - 2014-01-04 21:55 - 00001791 _____ () C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
2014-02-13 13:10 - 2014-01-04 21:55 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
2014-02-13 13:10 - 2013-06-03 20:37 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-02-13 13:09 - 2013-06-03 20:37 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-02-13 13:09 - 2013-06-03 20:37 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-02-13 13:09 - 2013-06-03 20:37 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-13 13:09 - 2013-06-03 20:37 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-02-13 13:09 - 2013-06-03 20:37 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-02-13 13:09 - 2013-06-03 20:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-13 01:08 - 2014-02-13 01:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 00:58 - 2013-08-14 09:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 00:54 - 2013-06-01 12:34 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 00:53 - 2014-02-13 00:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904878$
2014-02-13 00:53 - 2013-06-01 12:38 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-12 22:56 - 2013-07-16 12:07 - 00000396 _____ () C:\Documents and Settings\User\Desktop\Santander Online Banking.url
2014-02-11 14:22 - 2013-06-12 21:07 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Spotify
2014-02-11 13:57 - 2014-02-11 13:57 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-02-11 13:57 - 2014-02-11 13:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-02-11 13:57 - 2014-02-11 13:56 - 00000000 ____D () C:\Program Files\iTunes
2014-02-11 13:57 - 2014-02-11 13:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-11 13:56 - 2014-02-11 13:56 - 00000000 ____D () C:\Program Files\iPod
2014-02-11 13:56 - 2013-06-03 18:06 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-11 13:35 - 2013-06-03 18:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-02-10 11:35 - 2014-02-10 11:35 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-02-08 14:00 - 2013-06-12 21:08 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Spotify
2014-02-06 03:54 - 2009-03-08 03:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-10 12:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 23:26 - 2013-06-01 12:39 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 23:26 - 2013-06-01 12:38 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 23:26 - 2009-03-08 13:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 23:26 - 2009-03-08 03:41 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 23:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 23:26 - 2009-03-08 03:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 23:26 - 2009-03-08 03:34 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 23:26 - 2009-03-08 03:34 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 23:26 - 2009-03-08 03:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 23:26 - 2009-03-08 03:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 23:26 - 2009-03-08 03:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 23:26 - 2009-03-08 03:33 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 23:26 - 2009-03-08 03:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 23:26 - 2009-03-08 03:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 23:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 23:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 23:26 - 2009-03-08 03:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 23:26 - 2009-03-08 03:31 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 23:26 - 2009-03-08 03:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 23:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 23:26 - 2004-08-10 12:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 23:26 - 2004-08-10 12:00 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 22:24 - 2004-08-10 12:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================





The Addition.txt log is attached as requested.


I hope I haven't forgotten anything!
Chris.

Attached Files


Edited by Channeal, 06 March 2014 - 12:15 PM.

  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. Yep, it looks like MBAM was the culprit. We will reinstall it during the cleanup process. If you have paid for the Pro version and it is a lifetime liscense you can install the Pro version when we get there. But if you aren't sure, we will install the free version. It is the full MBAM program, it just dosen't include some of the bells and whistles of the Pro version.

Please tell me how the compter is behaving after this run.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the AdwCleaner icon to run the program.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Doube-click the JRT icon Posted Image to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The AdwCleaner[S0][txt.log
2. The JRT.txt log
3. The new OTL.txt log
  • 0

#18
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Hello again.

I have completed the latest three steps - although there were a couple of hitches.....

When I restarted after running AdwCleaner, it came up with a message saying something like: 'Google has blocked an attempt by another program to change your search settings' (I think it might have mentioned Google Chrome, but am not sure). Almost as soon as I had spotted this and was beginning to think what to do about it, the message disappeared so I couldn't do anything about it! :-(

The other problem was that after running the JRT tool, I restarted as instructed and was waiting for everything to load and just as this process was almost completed, the computer suddenly turned itself off and restarted again all by itself. Other than that, I have not so far encountered any problems.... although it still seems to take much longer than it used to to start up when first tuned on, i.e. before it gets to the screen where it says 'Welcome' and then goes on to the Desktop.

Anyway, here are the logs I collected: -





1)AdwCleaner

# AdwCleaner v3.020 - Report created 06/03/2014 at 20:44:23
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-0868A33E33
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zc8wxp68.default-1392919065375\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Key Deleted : HKCU\Software\f558bdae769b946
Key Deleted : HKLM\SOFTWARE\f558bdae769b946
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zc8wxp68.default-1392919065375\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R3].txt - [2699 octets] - [06/03/2014 14:50:17]
AdwCleaner[R4].txt - [2759 octets] - [06/03/2014 20:40:49]
AdwCleaner[S3].txt - [2544 octets] - [06/03/2014 20:44:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2604 octets] ##########







2)JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 06/03/2014 at 21:05:45.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-220523388-1979792683-1801674531-1003\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\bomlabio"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/03/2014 at 21:20:00.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






3)OTL logfile created on: 06/03/2014 21:36:28 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 82.30% Memory free
5.34 Gb Paging File | 4.86 Gb Available in Paging File | 91.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 330.72 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/02/22 14:43:03 | 000,253,952 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
PRC - [2014/02/14 23:07:51 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/13 13:09:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/11 14:21:32 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/10 11:35:20 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/12/12 09:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/07/22 19:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/03/22 16:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/06 17:04:58 | 002,186,752 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14030601\algo.dll
MOD - [2014/02/13 14:30:55 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 14:30:10 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 14:29:58 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/13 14:27:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 01:03:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 01:02:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 00:58:34 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 00:58:19 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 00:57:37 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 00:56:52 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 00:56:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5d060f9be1d1e717d64643941241a202\PresentationFramework.Royale.ni.dll
MOD - [2014/02/13 00:55:30 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 00:54:41 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 00:54:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 00:53:19 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 00:52:59 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/03 10:29:53 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/10 19:11:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/07/05 09:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/10/20 09:36:04 | 000,086,304 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2009/10/20 09:13:56 | 000,147,456 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/08 19:30:00 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/21 20:27:02 | 001,183,744 | ---- | M] () -- C:\WINDOWS\system32\dlcdserv.dll
MOD - [2005/06/21 20:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll
MOD - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll
MOD - [2005/06/21 20:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/21 20:12:48 | 001,134,592 | ---- | M] () -- C:\WINDOWS\system32\dlcdusb1.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll
MOD - [2005/05/17 22:17:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcnv4.dll
MOD - [2005/04/28 13:43:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll


========== Services (SafeList) ==========

SRV - [2014/02/24 21:17:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 13:01:39 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/02/10 11:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 11:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/04 21:54:38 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/10 19:11:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/10 19:10:22 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/10/28 09:07:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2007/06/18 02:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2006/12/19 07:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 07:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 07:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 07:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 07:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 07:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/13 16:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKCU\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...1I7SAVV_enGB539
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/13 13:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/03 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/02/15 13:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 13:01:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/13 13:09:58 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/03 08:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/02/17 18:24:08 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1370086580859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1370086717752 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10191BB2-FF37-48CA-833D-6764C0A4FA75}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/01 10:48:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/03 01:01:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/06 21:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/06 21:04:22 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/03/06 20:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\logs
[2014/03/06 14:54:34 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/06 14:49:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/06 13:35:57 | 001,145,344 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/03/06 13:34:41 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
[2014/03/02 15:12:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2014/02/28 17:44:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 23:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:09:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2014/02/24 18:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
[2014/02/24 18:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK Logs
[2014/02/24 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
[2014/02/20 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2014/02/20 18:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller
[2014/02/20 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Old Firefox Data
[2014/02/20 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/02/19 22:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/02/18 17:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Labels
[2014/02/17 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/17 17:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/17 17:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/17 15:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/02/15 13:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 09:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/02/11 13:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/11 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/10 11:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/06 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/06 21:42:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/06 21:32:45 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/06 21:30:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/06 21:30:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/06 21:22:33 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/06 21:22:33 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/06 21:22:33 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/06 21:22:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/03/06 21:22:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/03/06 21:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/06 21:04:25 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/03/06 20:36:51 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2014/03/06 13:36:03 | 001,145,344 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/03/06 13:34:43 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
[2014/03/06 13:01:05 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/03/05 20:45:27 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/04 12:37:06 | 000,064,106 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Page.mht
[2014/03/04 12:23:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/03 20:42:51 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/02/27 12:08:25 | 000,128,509 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 12:03:29 | 374,838,127 | ---- | M] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/26 22:58:58 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel.lnk
[2014/02/25 14:04:14 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/25 10:13:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/25 04:02:09 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:56:18 | 003,818,496 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:22:02 | 132,325,736 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:27 | 004,102,163 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:37:01 | 000,035,528 | ---- | M] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/18 14:52:31 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/17 22:26:12 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/17 18:24:08 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/17 18:11:29 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140217-182408.backup
[2014/02/17 16:18:10 | 000,505,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/17 16:18:10 | 000,089,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/14 07:54:18 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Greeting Card Factory Deluxe.lnk
[2014/02/13 13:10:44 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
[2014/02/13 13:10:44 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/13 13:09:54 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/13 13:09:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/12 22:56:17 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Santander Online Banking.url
[2014/02/11 13:57:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:30 | 003,818,150 | ---- | M] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 20:42:45 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/02/27 12:08:25 | 000,128,509 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 11:57:11 | 374,838,127 | ---- | C] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/25 14:02:47 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/24 22:56:16 | 003,818,496 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:14:29 | 132,325,736 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:01 | 004,102,163 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:36:53 | 000,035,528 | ---- | C] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/17 22:25:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/14 09:12:11 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/14 09:12:10 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/02/11 13:57:50 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:29 | 003,818,150 | ---- | C] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/08 13:01:11 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/16 17:04:46 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2013/12/16 01:15:04 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/18 20:51:46 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
[2013/09/18 20:51:42 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50.bmp
[2013/09/09 20:10:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SingleViewer.INI
[2013/09/06 20:45:22 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2013/08/15 15:59:21 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2013/07/22 14:06:40 | 000,077,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/07/18 23:02:01 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2013/07/18 23:01:23 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2013/07/18 23:01:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2013/07/18 23:01:22 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2013/07/18 23:01:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2013/07/18 23:01:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2013/07/18 23:01:21 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2013/07/18 23:01:21 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2013/07/18 23:01:21 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2013/07/18 23:01:21 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2013/07/18 23:01:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2013/07/18 23:01:20 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2013/07/18 23:01:20 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2013/07/18 23:01:20 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2013/07/18 23:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2013/07/18 23:01:19 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2013/07/18 23:01:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2013/07/18 23:01:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2013/07/18 23:01:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2013/07/18 23:01:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2013/07/18 23:01:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2013/07/18 23:01:15 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2013/06/20 21:48:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/20 21:48:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/20 21:48:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2013/06/07 13:17:02 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2013/06/07 13:17:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2013/06/05 23:34:36 | 001,614,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1979792683-1801674531-1003-0.dat
[2013/06/05 23:34:36 | 000,311,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/04 18:37:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B39A30FC39.sys
[2013/06/04 18:37:36 | 000,002,828 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2013/06/04 16:05:51 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 15:05:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2013/06/03 20:37:05 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/03 20:37:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/01 12:02:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/01 10:50:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 10:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/06/01 10:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/06/01 09:59:12 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/06/01 10:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/11 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/10 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/24 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/20 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
[2013/06/03 10:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2014/02/20 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/13 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/09/06 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2013/06/10 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/06/11 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/12/11 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/01/16 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Copernic
[2013/12/03 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/08/15 15:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/09/06 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Imagic507N
[2013/07/01 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/09/13 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2013/06/05 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/09/13 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2014/02/11 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/06/04 17:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



< End of report >

Thanks again,
Chris.
  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome. I'm glad the tools ran. The message that you got was most likely from chrome and it's probably because the default search provider is still showing as Delta Search. Let's see if we can change that manually. Then we will install MalwareBytes again and scan with that. Then get an online scan to search for any residual malware files. And check for out of date programs. Then, if the start up time is still slow we will see what we can do.


Step-1.

Reset/Delete a Search engine in Chrome

Open the Chrome browser

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Select Settings and find the "Search" section.
  • Click Manage search engines then Remove a search engine:
  • Select the Delta Search search engine and click the x or trash can that appears at the end of the row.
  • Select the search engine you want to use from the menu (like Google).
  • Click the Make default button that appears at the end of the row or mouse over it and click Make Default.
  • Close the browser

Before running Steps 2 and 3 please disable any screen saver that you might have running.


Step-2.

Posted ImageMalwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Double Click the mbam-setup.exe file to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-3.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-4.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Double click the SecurityCheck icon Posted Image to run the application.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The MBAM log
2. The ESET scan log (IF it found anything). If it didn't just let me know.
3. The checkup.txt.log
  • 0

#20
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Hello again..... I have now finished the 3 scans you asked me to do.

1)Malwarebytes.

This found nothing, as I expected. I did a malwarebytes scan as soon as I first suspected that all was not well and it found nothing then - although I believe that the previous time I did this scan it did come up with some problems and deleted them. By the way, I notice that you told me not to delete any malware found in the system restore files. Why is that? I usually delete everything it finds.

You possibly may not want to see the log as it found nothing, but here it is anyway! It is fairly short....

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-0868A33E33 [administrator]

07/03/2014 17:42:47
mbam-log-2014-03-07 (17-42-47).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470961
Time elapsed: 6 hour(s), 27 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





2)ESET Scan

This did find some problems, although these seem mostly to be in the download folder (and in the back-up of the download folder on drive D). I have been meaning to clear out the download folder for some time, as I am most unlikely to need any of the files there. If I ever need to download something a second time for any reason, I usually do so via the source from which it originally came.

I notice too that a file on a 'Carlton Cards' program is also mentioned. I have just found a Carlton Cards folder on here..... and again it is something which should have been deleted a while ago, as I no longer use the program. A bit of computer housekeeping is obviously well overdue....... :-(

C:\Documents and Settings\User\My Documents\A) Chris\Carlton Cards\surfer-10\functions.php PHP/Obfuscated.F potentially unwanted application
C:\Documents and Settings\User\My Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\User\My Documents\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\User\My Documents\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\User\My Documents\Downloads\gimp-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Documents and Settings\User\My Documents\Downloads\OffercastInstaller_AVR_U-0313-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Documents and Settings\User\My Documents\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\a) Chris\Carlton Cards\surfer-10\functions.php PHP/Obfuscated.F potentially unwanted application
D:\My Documents\Downloads\ccsetup402(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\RECYCLER\S-1-5-21-527237240-606747145-725345543-1003\A) Chris\Carlton Cards\surfer-10\functions.php PHP/Obfuscated.F potentially unwanted application






3)checkup.txt

Results of screen317's Security Check version 0.99.80
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.75.0.1300
eCleaner 2.02
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.117
Google Chrome 33.0.1750.146
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````




I think that is everything you asked for!
Cheers,
Chris.

P.S. I forgot to mention that I amended the search engine settings in Google Chrome successfully.

Edited by Channeal, 09 March 2014 - 08:21 AM.

  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

By the way, I notice that you told me not to delete any malware found in the system restore files. Why is that? I usually delete everything it finds.

Because we will use the Windows operating system to set a fresh restore point and clear the old restore points when we clean up :thumbsup:

For the Carlton Cards program, just check the Add\Remove programs first and if the program is listed uninstall it from there and then delete the folders on the hard drive. I will remove the files that ESET found during the OTL clean up. Most of the files were program set up files that you don't need to keep. Thanks for the info about the Chrome search engine.

Are the issues with the browser being re-directed gone now? Do you have any other issues?

Please make sure that the Avast antivirus is turned on.
  • 0

#22
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Hello there,

The Carlton Cards program hasn't been on the computer since we had the new hard drive put in. (I think the program CD stopped working or something). The file which is still on here has greetings cards made by the old program, but is actually useless now as I can't access them without the program - so it can just be deleted.

I can confirm that the Avast antivirus is up and running okay.

Yes, the browser redirection issue is fixed now. Actually, I think it has been okay since I used the Hitman Pro program. I then tried to use the adwcleaner program and after it stalled (presumably because of the Malwarebytes problem) I started to have big problems with everything running really slowly and generally behaving oddly. It all seems much faster now, although it is still slower than before at starting up when first turned on. I can put up with that though! I haven't had the strange problem of it restarting all by itself for a couple of days now.

The only problem I do get now is that I quite often get the message: 'A script on this page may be busy or it may have stopped responding' etc. I think this is mainly a problem when using Firefox.

One thing I find strange is that in the middle of my computer woes, a problem developed with the sound. I could still hear music etc, but there was a lot of crackling and interference as well. I actually thought that the sound card had gone, as the problem persisted even if I tried to listen via headphones. All has gone back to normal now though - the interference has gone!

I am really grateful for all the time and effort you have put into helping me. It is very much appreciated.

Chris.
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
It has been my pleasure and you are welcome.

...It all seems much faster now, although it is still slower than before at starting up when first turned on. I can put up with that though!

You have plenty of RAM and I don't see an extraordinary amount of programs loading at start up. We can run chkdsk again and run the system file checker. But any system is gonna get slower to load the older it gets. Expecially XP. It has been around for so long and had so many M/soft updates etc; that it just slows down. There is also a program that you can run that will look for items that load when the system boots up and it will tell you which items can be disabled without harming the operating system. Those programs can always be run by double clicking the file or icon in the Start >>All Programs menu.

...I haven't had the strange problem of it restarting all by itself for a couple of days now.

Hadn't heard that one before. That sounds more like a system or hardware problem than malware.

The only problem I do get now is that I quite often get the message: 'A script on this page may be busy or it may have stopped responding' etc. I think this is mainly a problem when using Firefox.

We can clean the cache and see if that helps :)

Step-1.

Open the Firefox browser.
A.
  • Click the down arrow next to Firefox in the upper left corner of the screen.
  • Highlight History and click Clear Recent History... on the context menu. The Clear All History window will open.
  • In the Time range to clear: box, click the down arrow and select Everything
  • In the box below the Details button, check the following:
    • Browsing & Download History
    • Form & Search History
    • Cookies
    • Cache
  • Click the Clear Now button.
  • If the window doesn't close by itself, close it.
B.
  • Click the down arrow beside Firefox again.
  • Highlight Options and click Options on the context menu. The Options window will open.
  • Click the Advanced icon at the upper right of the window.
  • Click the Network tab.
  • In the Cached Web Content section click the Clear Now[/b] button
  • In the Offline Web Content and User Data section, If there is a number higher than 0 in the Your application cache is currently using X bytes of disk space, click the Clear Now button.
  • Click the OK button to close the window.
  • Close the browser and re-open it and see if the issue is resolved.


Step-2.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to a tutorial by Dakeyras, found here and follow the instructions for Graphical Mode if you so wish.
NOTE: If you decide to use the Graphical Mode, close the Command window after Defrag has finished by typing Exit at the blinking cursor and pressing the Enter key.

  • Click Start , then click Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and press the Enter key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
    NOTE: If you chose to use the Graphical Mode, this would be where you close the Command window. If you want to continue in the Command window, complete the remaining steps.
  • Now type in CHKDSK C: /R and press the Enter key.
  • When prompted with:

    CHKDSK cannot run because the volume is in use by another process
    Would you like to schedule this volume to be checked next time the system
    restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and press the Enter key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

Run SFC

First let's make sure the OS hidden files can be viewed:

  • Click My Computer
  • Click Tools
  • Click Folder Options
  • Click View
  • "Uncheck" Hide protected operating system files and close the My Computer window.

NEXT:
Close all open applications/windows etc.

Clear the Old Event Logs:

  • Click Start, then Run. The Run dialouge box will open.
  • In the Run box type eventvwr.msc and press the Enter key. The Event Viewer will open.

    Posted Image
  • In the left column, right click Application and click Clear log... (No we don't want to save them)
  • In the left cloumn, right click System and click Clear log... (No we don't want to save them)
  • Close the Event Viewer and reboot the computer

Once the computer has been rebooted:

  • Click on Start , then click Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.

    Note: This will take some time. Also you may be prompted to place your XP installation CD-ROM in the CD-Drive if required. If the scan asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled), just click retry (may have to several times) and see if it can finish.
    If that doesn't work, post back for more tips.
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them.
    • Windows Resource Protection found corrupt files but was unable to fix some of them.
  • Write down the results of the scan so you can post in your next reply.
  • Type exit and press the ENTER key to close the command window.

Step-3.

PC Decrapifier

A tool to uninstall unwanted software is PC Decrapifier which is a free to use and will help decide which programs you can remove that will not interfere with the function of the computer. It points out unnecessary startup items and icons that can slow down your PC. as well. It will also provide the user step by step instructions, and gives you recommendations on what to remove if the user is unsure. Nifty little program to have. There are some screen shots showing the program in operation here

After downloading the file just double click the file to run it.

If you have any questions concerning the programs you are not familiar with, don't hesitate to ask.

Please let me know if any of these things helped.
  • 0

#24
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Hello again!

With regard to the computer being slow to start up, I take your point about this happening over time and that it might be worse because of XP being old. The thing is though.... although it might have been a bit slow before the recent problems, it got decidedly worse immediately after the time (before I contacted you) when I was trying unsuccessfully to run the adwcleaner program. The only thing I could do when it stalled was turn off the computer at the main switch on the tower and when I did so, it seemed as if something catastrophic had happened to the computer! There was kind of a boom in the speakers and the computer took ages to turn on again when I tried to boot up. Then it told me there were inconsistancies on the disc and mentioned something about orphaned files - and scandisc started to run. After it had finished, the computer restarted okay.... but after that there were quite a few times when it wouldn't start up at all, but hung up at the point where just the wallpaper was showing, but no icons. It does all seem to have settled down a lot now, but the initial start-up time is still quite a bit longer than it was before the adwcleaner event!

By the way, the problem with lots of interference when trying to play music etc (which again only seemed to happen after the adwcleaner event) reoccurred today, although it cleared again the next time I restarted.



Step 1.

I followed your instructions re Firefox - although I do not actually think there was anything to clear anyway. I have not actually had the message about the unresponsive script any more though, so I am hoping that perhaps the problem has gone now away.



Step 2.

I ran CHKDSK again: it took 15 hours to run and didn't come up with any more errors.

When I attempted to run the System File Checker, I got the message telling me to insert my Windows XP Professional CD Rom. Here's the thing.... when we got this computer, it came without a disc but we requested (and got sent) one later. So, I got out my 'Microsoft Windows XP Media Center Version 2005' disc and put it into the CD Rom - only to be told that it was the wrong disc! Then I realised that when we had the new hard drive put in last year the guy in the shop didn't take our CD, but presumably used his own. It wouldn't let me proceed any further without the correct CD.


Step 3.

I haven't tried the Decrapifier thing yet (love the name though!!!!).... am tired and off to have an early night now!!!!


Chris.
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

...The thing is though.... although it might have been a bit slow before the recent problems, it got decidedly worse immediately after the time (before I contacted you) when I was trying unsuccessfully to run the adwcleaner program. The only thing I could do when it stalled was turn off the computer at the main switch on the tower and when I did so, it seemed as if something catastrophic had happened to the computer! There was kind of a boom in the speakers and the computer took ages to turn on again when I tried to boot up. Then it told me there were inconsistancies on the disc and mentioned something about orphaned files - and scandisc started to run. After it had finished, the computer restarted okay.... but after that there were quite a few times when it wouldn't start up at all, but hung up at the point where just the wallpaper was showing, but no icons. It does all seem to have settled down a lot now, but the initial start-up time is still quite a bit longer than it was before the adwcleaner event!

By the way, the problem with lots of interference when trying to play music etc (which again only seemed to happen after the adwcleaner event) reoccurred today, although it cleared again the next time I restarted.

Understood. But I really don't think that AdwCleaner did anything. Form your description, boom in the speakers, orphaned files and hanging it sounds like something in the system. It could be a piece of hardware failing. Or system files or maybe a hardware driver file got corrupted. That was why I wanted to run the SFC scan.

I want t o do an OTL scan and look for the i386 folder and a couple of other files. The i386 folder contains the XP set up files.

Hopefully the issue with FF and scripts is resolved.


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
c:\windows|documents;true;true;false /FP
/md5start
IntelIde.sys
ws2ifsl.sys
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

  • 0

Advertisements


#26
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Okay.... I have done the OTL scan and the results are as follows: -

OTL logfile created on: 12/03/2014 10:46:31 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 80.23% Memory free
5.34 Gb Paging File | 4.80 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 330.05 Gb Free Space | 70.86% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/02/22 14:43:03 | 000,253,952 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
PRC - [2014/02/14 23:07:51 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/13 13:09:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/11 14:21:32 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/10 11:35:20 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/12/12 09:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/07/22 19:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/03/22 16:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/12 08:40:22 | 002,186,752 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14031200\algo.dll
MOD - [2014/02/13 14:30:55 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 14:30:10 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 14:29:58 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/13 14:27:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 01:03:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 01:02:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 00:58:34 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 00:58:19 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 00:57:37 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 00:56:52 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 00:56:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5d060f9be1d1e717d64643941241a202\PresentationFramework.Royale.ni.dll
MOD - [2014/02/13 00:55:30 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 00:54:41 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 00:54:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 00:53:19 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 00:52:59 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/03 10:29:53 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/10 19:11:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/07/05 09:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/10/20 09:36:04 | 000,086,304 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2009/10/20 09:13:56 | 000,147,456 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/08 19:30:00 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/22 06:35:12 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdHPEC.DLL
MOD - [2005/06/22 06:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdFLIB.DLL
MOD - [2005/06/21 20:27:02 | 001,183,744 | ---- | M] () -- C:\WINDOWS\system32\dlcdserv.dll
MOD - [2005/06/21 20:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\dlcdpplc.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll
MOD - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\WINDOWS\system32\dlcdcomc.dll
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll
MOD - [2005/06/21 20:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/21 20:12:48 | 001,134,592 | ---- | M] () -- C:\WINDOWS\system32\dlcdusb1.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll
MOD - [2005/05/17 22:17:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcnv4.dll
MOD - [2005/04/28 13:43:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll


========== Services (SafeList) ==========

SRV - [2014/02/24 21:17:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 13:01:39 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/10 11:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/02/10 11:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 11:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/01/04 21:54:38 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/10 19:11:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/10 19:10:22 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/10/28 09:07:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2007/06/18 02:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2006/12/19 07:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 07:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 07:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 07:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 07:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 07:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/13 16:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...1I7SAVV_enGB539
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/13 13:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/03 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/02/15 13:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 13:01:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/13 13:09:58 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/03 08:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/02/17 18:24:08 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O4 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003..\Run: [Spotify Web Helper] C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-220523388-1979792683-1801674531-1003\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1370086580859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1370086717752 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10191BB2-FF37-48CA-833D-6764C0A4FA75}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/01 10:48:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/03 01:01:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/03/07 17:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2014/03/07 17:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/03/07 17:40:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/07 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/06 21:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/06 21:04:22 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/03/06 20:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\logs
[2014/03/06 14:54:34 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/06 14:49:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/06 13:35:57 | 001,145,344 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/03/06 13:34:41 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
[2014/03/02 15:12:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2014/02/28 17:44:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 23:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:09:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2014/02/24 18:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
[2014/02/24 18:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK Logs
[2014/02/24 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
[2014/02/20 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2014/02/20 18:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller
[2014/02/20 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Old Firefox Data
[2014/02/20 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/02/19 22:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/02/18 17:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Labels
[2014/02/17 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/17 17:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/17 17:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/17 15:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2014/02/15 13:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/14 09:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2014/02/11 13:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/11 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/11 13:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/10 11:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/12 10:42:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/12 10:39:51 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2014/03/12 10:13:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/12 09:54:36 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/12 09:52:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/12 09:52:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/12 00:54:33 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/12 00:54:33 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/12 00:54:33 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/12 00:54:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/03/12 00:54:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/03/11 18:52:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/10 13:13:56 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/03/09 13:38:44 | 000,987,442 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/03/07 17:40:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/06 21:04:25 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/03/06 13:36:03 | 001,145,344 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/03/06 13:34:43 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
[2014/03/04 12:37:06 | 000,064,106 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Page.mht
[2014/03/04 12:23:47 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/03 20:42:51 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/02/27 12:08:25 | 000,128,509 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 12:03:29 | 374,838,127 | ---- | M] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/26 22:58:58 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel.lnk
[2014/02/25 14:04:14 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/25 10:13:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/25 04:02:09 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:56:18 | 003,818,496 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 21:17:13 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/24 21:17:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/24 20:22:02 | 132,325,736 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:27 | 004,102,163 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:37:01 | 000,035,528 | ---- | M] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/18 14:52:31 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/17 22:26:12 | 000,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/17 18:24:08 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/17 18:11:29 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20140217-182408.backup
[2014/02/17 16:18:10 | 000,505,714 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/17 16:18:10 | 000,089,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/14 07:54:18 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Greeting Card Factory Deluxe.lnk
[2014/02/13 13:10:44 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! SafeZone.lnk
[2014/02/13 13:10:44 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/13 13:09:54 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/13 13:09:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/12 22:56:17 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Santander Online Banking.url
[2014/02/11 13:57:50 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:30 | 003,818,150 | ---- | M] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/02/10 11:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/09 13:38:38 | 000,987,442 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/03/07 17:40:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/03 20:42:45 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/02/27 12:08:25 | 000,128,509 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 11:57:11 | 374,838,127 | ---- | C] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/25 14:02:47 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/24 22:56:16 | 003,818,496 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:14:29 | 132,325,736 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:01 | 004,102,163 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:36:53 | 000,035,528 | ---- | C] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/17 22:25:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/02/14 09:12:11 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/14 09:12:10 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/02/11 13:57:50 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/02/11 12:54:29 | 003,818,150 | ---- | C] () -- C:\Documents and Settings\User\Desktop\icrc_002_0936.pdf
[2014/01/16 17:04:46 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2013/12/16 01:15:04 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/18 20:51:46 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
[2013/09/18 20:51:42 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50.bmp
[2013/09/09 20:10:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SingleViewer.INI
[2013/09/06 20:45:22 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2013/08/15 15:59:21 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2013/07/22 14:06:40 | 000,077,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/07/18 23:02:01 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2013/07/18 23:01:23 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2013/07/18 23:01:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2013/07/18 23:01:22 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2013/07/18 23:01:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2013/07/18 23:01:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2013/07/18 23:01:21 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2013/07/18 23:01:21 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2013/07/18 23:01:21 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2013/07/18 23:01:21 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2013/07/18 23:01:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2013/07/18 23:01:20 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2013/07/18 23:01:20 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2013/07/18 23:01:20 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2013/07/18 23:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2013/07/18 23:01:19 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2013/07/18 23:01:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2013/07/18 23:01:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2013/07/18 23:01:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2013/07/18 23:01:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2013/07/18 23:01:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2013/07/18 23:01:15 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2013/06/20 21:48:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/20 21:48:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/20 21:48:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2013/06/07 13:17:02 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2013/06/07 13:17:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2013/06/05 23:34:36 | 001,614,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1979792683-1801674531-1003-0.dat
[2013/06/05 23:34:36 | 000,311,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/04 18:37:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B39A30FC39.sys
[2013/06/04 18:37:36 | 000,002,828 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2013/06/04 16:05:51 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 15:05:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2013/06/03 20:37:05 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/03 20:37:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/01 12:02:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/01 10:50:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 10:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/06/01 10:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/06/01 09:59:12 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/06/01 10:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/11 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/10 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/24 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/20 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
[2013/06/03 10:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2014/02/20 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/13 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/09/06 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2013/06/10 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/06/11 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/12/11 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/01/16 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Copernic
[2013/12/03 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/08/15 15:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/09/06 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Imagic507N
[2013/07/01 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/09/13 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2013/06/05 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/09/13 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2014/02/11 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/06/04 17:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows|documents;true;true;false /FP >

< MD5 for: INTELIDE.SYS >
[2004/08/10 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:IntelIde.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:IntelIde.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:IntelIde.sys
[2008/04/13 23:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=B5466A9250342A7AA0CD1FBA13420678 -- C:\WINDOWS\ServicePackFiles\i386\intelide.sys

< MD5 for: WS2IFSL.SYS >
[2004/08/10 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/10 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< End of report >


Bye for now,
Chris.
  • 0

#27
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Chris,

Well....you're gonna love this. I see a i386 folder in the ServicePackFiles folder but that's not the only one I was looking for. That's because I had a brain melt down. I ran a custom search script on my machine to be sure that OTL would be able to locate a folder. Only thing is, I forgot to edit the script to the i386 folder before I posted it. :blush: I'm blaming it on old age and a lack of rest and nourishment. And I would humbly ask that you try it again. I will change the OTL settings so it doesn't produce the full log. But first I want to run a FRST fix to remove a driver with no Image Path. The driver shows that it is stopped, but sometimes an entry without a path can cause issues when the system is booting.


Step-1.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

Windows XP
  • Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
  • Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  • Click Start, click Control Panel, and then double-click System.
  • Click the System Restore tab.
  • Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  • Click OK.
[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Before Frst fix
[*] Click CREATE
[*] Close System Restore[/list]
Step-2.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Download the attached fixlist.txt file and save it to the same location where the program is. (It should be the desktop)
  • Please re-open the Farbar Scan tool. To do that:
  • Double click the FRST.exe file to run the program.
  • Press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Please post it in your next reply.
    The Fixlog.txt file can also be found in the same location that the program was run from.

Step-3.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
C:\|i386;true;true;false /FP


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console.<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The Fixlog.txt log
2. The new OTL.txt log
  • 0

#28
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

Well....you're gonna love this. I see a i386 folder in the ServicePackFiles folder but that's not the only one I was looking for. That's because I had a brain melt down. I ran a custom search script on my machine to be sure that OTL would be able to locate a folder. Only thing is, I forgot to edit the script to the i386 folder before I posted it. :blush: I'm blaming it on old age and a lack of rest and nourishment. And I would humbly ask that you try it again.


Lol! no problem.... it is nice to know you techies can make mistakes sometimes too! :lol:


Here are the results of the scans/fixes: -

1) The Fixlog.txt log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014
Ran by User at 2014-03-13 11:29:03 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
S4 IntelIde; No ImagePath
stop
*****************

IntelIde => Service deleted successfully.

==== End of Fixlog ====




2)The OTL log

OTL logfile created on: 13/03/2014 11:32:47 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 80.01% Memory free
5.34 Gb Paging File | 4.79 Gb Available in Paging File | 89.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 331.53 Gb Free Space | 71.18% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== LOP Check ==========

[2014/02/11 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/10 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/24 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/20 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
[2013/06/03 10:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2014/02/20 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/13 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/09/06 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2013/06/10 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/06/11 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/12/11 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/01/16 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Copernic
[2013/12/03 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/08/15 15:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/09/06 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Imagic507N
[2013/07/01 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/09/13 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2013/06/05 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/09/13 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2014/02/11 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/06/04 17:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2014/03/13 10:31:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2014/02/25 04:02:09 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2014/03/12 13:24:12 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< C:\|i386;true;true;false /FP >
[2013/06/01 12:20:05 | 000,000,000 | ---D | M] -- C:\3331be3c36d2afff073a0ee6\i386
[2013/06/07 13:16:22 | 000,000,000 | ---D | M] -- C:\dell\drivers\R126205\Drivers\support\i386
[2013/06/07 13:16:31 | 000,000,000 | ---D | M] -- C:\dell\drivers\R126205\Drivers\wdm\common\i386
[2013/06/07 13:16:30 | 000,000,000 | ---D | M] -- C:\dell\drivers\R126205\Drivers\wdm\common\i386\thunk
[2013/06/07 13:16:32 | 000,000,000 | ---D | M] -- C:\dell\drivers\R126205\Drivers\wdm\lang\i386
[2013/06/07 13:16:34 | 000,000,000 | ---D | M] -- C:\dell\drivers\R126205\Drivers\wdm\win2k_xp\i386
[2013/07/18 23:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 944\Drivers\I386
[2013/07/18 23:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Photo AIO Printer 944\Drivers\I386\ENGLISH
[2013/09/13 12:59:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java\jre7\lib\i386
[2014/01/31 18:27:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{0471BDC9-9609-48CF-8972-707EBE20725A}\i386
[2013/09/13 10:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{2CCFFEA6-8825-42c7-A2A5-94678EFB925F}\i386
[2013/09/13 10:18:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{2CD1390C-A74E-434A-B652-73D3683B3BEF}\i386
[2014/01/15 10:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{2FC12C0B-6D73-4F66-8D2D-64E907627969}\i386
[2014/01/15 10:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{335082FB-37CD-443F-A25D-8A8CECC4CAF3}\i386
[2013/09/13 10:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{4804CEA3-DDE0-46A0-8430-54DFDE2C5EC0}\i386
[2013/09/13 10:19:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{4B11437A-A1BD-4786-A0A2-916CB6DE3153}\i386
[2013/09/13 10:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{5A2F2D1B-F67A-4754-88D7-6E6F20C68D85}\i386
[2013/09/13 10:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{696E03A2-E631-4DAC-A8B3-4C19380CE316}\i386
[2013/09/13 10:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{884EF9E6-97FC-41A1-9CD3-636DAAEA6035}\i386
[2014/02/12 12:52:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{A5609460-97E8-4D84-9F38-23BDA4E869A2}\i386
[2013/09/13 10:19:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{D89CC0CF-6D2C-47B6-8D3C-A6413F0DC159}\i386
[2014/01/15 10:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{E1D21655-9444-4688-943A-4A7B81E772DE}\i386
[2013/09/13 10:18:47 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{EE975EE3-08EC-4949-9C38-3A637996A670}\i386
[2014/01/31 18:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\{EF68E455-7AD6-472C-A7CC-D55CC114FDEB}\i386
[2014/01/15 10:30:17 | 000,000,000 | ---D | M] -- C:\Program Files\Sony\Sony PC Companion\Drivers\CurrentSigned\x86x64\i386
[2013/10/10 12:50:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\Driver Cache\i386
[2013/06/01 11:17:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\ServicePackFiles\i386
[2013/06/01 11:17:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\ServicePackFiles\i386\lang
[2013/06/01 11:17:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\ServicePackFiles\ServicePackCache\i386
[2013/09/13 10:17:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\a016bus_DFCCFF5CDE2FABCF26C68FAA7371A787F2CF5BB9\i386
[2013/09/13 10:17:45 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\a016mdm2_8FC221937B2924C4F9CE55A0CA993E1DEF07D5BB\i386
[2013/09/13 10:17:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\a016obx2_3839048F455A46A4FF4033F897B7AAA7BF427B58\i386
[2013/09/13 10:17:46 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\a016sdm2_9FBFF1EEEB0015F5CA2F0634B300C450FF556BA3\i386
[2013/09/13 10:17:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0016bus_CBA53D764D4AE1B85F201CB5EAAA002EFC57DFA2\i386
[2013/09/13 10:17:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0016mdm2_682450892C06910A09004057C74387FB5E35E414\i386
[2013/09/13 10:17:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0016ndis_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386
[2013/09/13 10:17:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0016obx2_A8E1C631CA004AB1BE81A3D48D308AF233F680BF\i386
[2013/09/13 10:17:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0016sdm2_49EC14686E23454842B5DD1E08A12351912F071A\i386
[2013/09/13 10:17:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0016unic_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386
[2013/09/13 10:17:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0017bus_E2B55BAC406B9793A79B5AF9A81E5E8E137E6082\i386
[2013/09/13 10:17:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0017mdm2_83F2C95A46E46AD749D51DDDADAD3F859682E916\i386
[2013/09/13 10:17:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0017ndis_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\i386
[2013/09/13 10:17:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0017obx2_A3A3D079A0B5800EDAAA5F4412759AA097D63D6C\i386
[2013/09/13 10:17:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0017sdm2_B9E615C0177324E64608E606C5BACDE21EAA633D\i386
[2013/09/13 10:17:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s0017unic_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\i386
[2013/09/13 10:17:58 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1018bus_D93C414004A897CEAC290AC60E9EAAC4A0E5AAA6\i386
[2013/09/13 10:18:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1018mdm2_04DE5B208CC99C4B44449915B49B2243EFAA4A13\i386
[2013/09/13 10:18:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1018ndis_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\i386
[2013/09/13 10:18:01 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1018obx2_C3832878A81CF4876C0D0C3A0154C287BA7CE85E\i386
[2013/09/13 10:18:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1018sdm2_F94480F6877E7A9A99F7369F2F58A941F6D89E6D\i386
[2013/09/13 10:18:02 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1018unic_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\i386
[2013/09/13 10:18:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1029bus_A32FE7E86161C9C450E9322CC0ECF33784B7FF2C\i386
[2013/09/13 10:18:03 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1029mdm2_1EBFEE4AA76CA9BF2E864044FCB6AF06E5C9F0EA\i386
[2013/09/13 10:18:05 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1029ndis_E2833DA52D6071E994F1E09FD77AFFACB1DCDB59\i386
[2013/09/13 10:18:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1029obx2_4AB3E196E98B41C0AB770E9A19507E4649D81F5B\i386
[2013/09/13 10:18:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1029sdm2_51DE7A1504A451B1F8C6CB07CFBD4396DD597074\i386
[2013/09/13 10:18:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1029unic_E2833DA52D6071E994F1E09FD77AFFACB1DCDB59\i386
[2013/09/13 10:18:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1039bus_180E12A6A40076BC671A3975979A24C9D8807E07\i386
[2013/09/13 10:18:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1039mdm2_B7B37DE54A4A95E3632EDFFB0592928952707F9F\i386
[2013/09/13 10:18:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1039obx2_D7B726896CDD620241A8FEE06D9CAF0E96BB78F2\i386
[2013/09/13 10:18:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1039sdm2_97A1A3C97AEE6794A5302A75CE74BED5CCEB4C66\i386
[2013/09/13 10:18:10 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1039unic_5952A0AAD3C6DBBE6575F425DAE68BDAE36E8C91\i386
[2013/09/13 10:18:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s1039xndis_5952A0AAD3C6DBBE6575F425DAE68BDAE36E8C91\i386
[2013/09/13 10:18:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s916bus_3395190DF2FB782139DB9E18AA83FD42AAB0E78E\i386
[2013/09/13 10:18:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s916mdm2_85F2F98F689E64A6D6F619016E152C56854F40D7\i386
[2013/09/13 10:18:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s916obx2_74455A9D7CF2BC68446FD3455ABFCCDA93FFD087\i386
[2013/09/13 10:18:13 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\s916sdm2_21F85660AA82023EA111CC6BDFE4E4EF2EDFED63\i386
[2013/09/13 10:18:14 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0101usb_A3F1FE9E18AFD158DD342175A5E627D175134385\i386
[2013/09/13 10:19:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0102adb_4990F574CE9AEF666AA27AC5D6CE9B76A40889F8\i386
[2013/09/13 10:18:15 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0102adb_6B80C2E8586795E98C47F8FC9EA550361B9095DE\i386
[2013/09/13 10:18:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0102adb_E195D36A8AC3DE380E711CBACC888D9557DF354A\i386
[2013/09/13 10:18:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0103adb_7A073301A337CED3AFF4F9719A659747D23543F9\i386
[2013/09/13 10:18:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0104adb_D8559A248554D8BDB916A566DC7D4027A73A393E\i386
[2013/09/13 10:18:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0105adb_4830229226CCBCD706A0CA29FBCC4B8A6C2E19FA\i386
[2013/09/13 10:18:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0106adb_0AFEBE98800402BAB13FC1EC6B9025D694EBED6B\i386
[2013/09/13 10:19:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0107adb_32866CCDE69745AC1901740B3B6CB30DB8335238\i386
[2013/09/13 10:19:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0108adb_AC3A8921E039AF068982DCBDC7AE43D3D1A6ACAE\i386
[2013/09/13 10:19:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0109adb_D68401CBD76C5FE5636DF0E939C6EFA171E2E1D8\i386
[2014/01/31 18:27:23 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0110adb_E8914F1BCB0BE35E4C33EB98DC7295611576BF4F\i386
[2014/01/31 18:26:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\sa0111adb_8BC81A322346B810C37FA1B17ACAB09A968E69A8\i386
[2013/09/13 10:18:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\se3ebus_278301E0E0E3254933BAAF4F06701023D35DABD9\i386
[2013/09/13 10:18:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386
[2013/09/13 10:18:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\se3eobx2_4D2AF8EAA7B19E8748780FA6098D3AACC5D8D9F9\i386
[2013/09/13 10:18:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\se3esdm2_9764AEB0AF92C101555E353C0F0D3CF5C63F33FA\i386
[2013/09/13 10:19:00 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\so0101adb_5DB12C9F5293D447FC3A9EAE9CEF3A7B8D9D8AE7\i386
[2014/01/15 10:32:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\so0101adb_CD71779C3B1B0F9800F8CFE877BA235D76015183\i386
[2014/01/15 10:32:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\so0103adb_D9074DA2166A5D447C19736C34C48AF4665BD839\i386
[2014/01/15 10:32:24 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\so0104adb_00C59899AF4E9DE2FDC9D6A9805839FA17E59725\i386
[2014/02/12 12:52:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\DRVSTORE\so0107adb_CBE3EBA17C6BB712AF42C837128AD7B89579A384\i386
[2013/06/01 11:11:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386
[2013/06/01 11:11:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386
[2013/06/03 12:22:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386
[2013/06/03 12:22:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386
[2013/06/03 12:22:44 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386
[2013/06/03 12:22:47 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386
[2013/06/03 12:22:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386
[2013/06/03 12:22:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386
[2013/06/03 12:22:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386
[2013/06/03 12:23:08 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386
[2013/06/03 12:23:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386
[2013/06/03 12:23:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386
[2013/06/03 12:23:21 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386
[2013/06/03 12:23:24 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386
[2013/06/07 23:32:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386
[2013/06/07 23:32:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\Common\i386
[2013/06/07 23:32:38 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\Win2K_XP\i386
[2013/06/13 17:08:06 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\i386
[2013/06/01 12:20:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\spool\XPSEP\i386
[2013/06/01 12:20:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\spool\XPSEP\i386\i386

< End of report >


I have to say the computer seems to be behaving itself at the moment and even the start-up time this morning seemed to be much better than it was.

Chris.

PS I am going away for the weekend from tonight, so won't be around until Monday.

Edited by Channeal, 13 March 2014 - 06:22 AM.

  • 0

#29
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

PS I am going away for the weekend from tonight, so won't be around until Monday.

Acknowledged.

I have to say the computer seems to be behaving itself at the moment and even the start-up time this morning seemed to be much better than it was.

That's good to hear.
There are a couple of i386 folders that I need some info on. Windows doesn't have a way for me to get the info I need and I don't want you to download another tool just for that so you will need to get the info manually.

Click the Start button, then right click on My Computer and click Explore. The Windows explorer window will open.
In the left column, click the + beside Computer, then click the + beside C:\.
Look for a folder named 3331be3c36d2afff073a0ee6 and click the + beside it.
You should see a folder named i386. Right click this folder and click Properties. The Properties page will open. Look for the following:

Size: Tell me the size of the folder in MB. It should be something like 500MB or 600MB.
Contains: Tell me how many files and folders it contains.

Repeat for the C:\WINDOWS\ServicePackFiles\i386 folder, except:
After you click the + beside C:\, click the + beside Windows, then ServicePackFiles, then right click the i386 folder and click Properties.

What we are trying to do here is find a i386 folder big enough to have all of the XP system files in it. Then we can edit the registry to look in that folder when it runs the SFC scan and it won't ask for the CD.
  • 0

#30
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
Okay.... I did this quickly before I go away.

The first file you asked me to look at was only 2.42 MB. The second one was 561 MB

I hope this is what you wanted.
Chris.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP