Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Opened a junk mail file by mistake and PC has been infected [Solved]

Trojan.FakeMS.ED

  • This topic is locked This topic is locked

#1
sundayla

sundayla

    Member

  • Member
  • PipPip
  • 58 posts

I carelessly opened a junk mail folder and its attachment as I didnt realise I was on the junk mail folder. It was not only until I received a virus alert from AVG stating a threat (which it then said it removed) that I realised I had opened something I shouldnt have.

 

I ran a Malwarebytes scan to be sure and it found a file called Spyware.Passwords which it removed. How bad is that malware?

UPDATE: Today AVG has been popping up with more trojan alerts like Trojan.FakeMS.ED

 

Here is the OTL Log file:

 

 

OTL logfile created on: 14/08/2014 18:26:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\SG\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 71.93% Memory free
5.09 Gb Paging File | 4.25 Gb Available in Paging File | 83.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.68 Gb Total Space | 371.67 Gb Free Space | 79.81% Space Free | Partition Type: NTFS
Drive I: | 298.09 Gb Total Space | 297.91 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
 
Computer Name: SUNNY | User Name: SG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/07/29 23:52:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/07/25 12:52:40 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/07/21 22:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\SG\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2014/05/22 00:36:08 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2014/03/12 00:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2011/11/14 12:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/08 09:01:50 | 000,681,424 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/26 17:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2003/01/27 18:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/14 18:21:03 | 000,043,008 | ---- | M] () -- c:\Documents and Settings\SG\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyvolbj.dll
MOD - [2014/07/29 23:52:00 | 003,800,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/07/21 21:53:38 | 003,610,624 | ---- | M] () -- C:\Documents and Settings\SG\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/14 00:03:59 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/14 00:03:43 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/14 00:03:22 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\SG\Application Data\Dropbox\bin\libcef.dll
MOD - [2011/11/14 12:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 12:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 12:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 12:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 12:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 12:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 12:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2009/07/01 23:46:06 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/05/08 09:01:52 | 001,871,872 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\MDataStore.dll
MOD - [2008/05/08 09:01:50 | 001,855,488 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\MItemPlugins.dll
MOD - [2008/05/08 09:01:50 | 000,774,144 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\MItems.dll
MOD - [2008/05/08 09:01:50 | 000,681,424 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
MOD - [2008/05/08 09:01:50 | 000,495,616 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\MEvent.dll
MOD - [2008/05/08 09:01:50 | 000,362,029 | ---- | M] () -- C:\Program Files\Common Files\Nokia\MPlatform\sqlite3.dll
MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2005/10/07 16:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/03/09 22:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/01/27 18:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/10/18 14:34:42 | 000,184,432 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL
MOD - [2002/10/18 14:31:58 | 000,045,169 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL
MOD - [2002/10/18 14:29:12 | 000,069,746 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL
MOD - [2002/10/15 14:03:30 | 000,032,862 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\Marshaller.dll
MOD - [2002/06/18 14:19:28 | 000,102,541 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/18 14:19:16 | 000,139,387 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/23 16:41:10 | 000,524,377 | ---- | M] () -- C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/29 23:52:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/25 12:52:40 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/07/09 17:55:10 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/12 00:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/12 00:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/09 01:05:10 | 001,363,972 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/02/20 11:42:38 | 000,354,816 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/11/25 02:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/23 02:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/23 02:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2009/12/30 12:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/02/02 21:52:54 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/01/31 22:20:36 | 004,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/03 12:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/29 11:39:52 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 11:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 11:39:42 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 11:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/11/20 02:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 02:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 17:56:00 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxusblf.sys -- (pmxusblf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.g...smb&ibd=4081106
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...?channel=uk-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.g...smb&ibd=4081106
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08D3CCE2-9A02-495A-90DC-9C31CABAC393}: "URL" = http://www.bing.com/...ms}&form=IE0006
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...24900219B1010D4
IE - HKCU\..\SearchScopes\{3EF5528F-EEA2-4BD7-A105-105D48A97BA3}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{4FED8625-22BA-4193-BDD2-4D1A53973B77}: "URL" = http://www.google.co...z=1I7DKUK_en-GB
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{C8C33A49-6F56-4B6F-A46D-180C992F6985}: "URL" = http://search.zoneal...Id=&ver=&&r=953
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3299872.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.19
FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\SG\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/07/29 23:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/14 18:21:25 | 000,000,000 | ---D | M]
 
[2008/11/15 16:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SG\Application Data\Mozilla\Extensions
[2014/07/17 16:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions
[2010/05/11 22:02:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/11/26 16:21:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/06/10 14:45:06 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\[email protected]
[2014/06/26 10:12:41 | 000,008,833 | ---- | M] () (No name found) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2012/07/13 13:25:43 | 000,035,720 | ---- | M] () (No name found) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2014/05/19 22:25:53 | 000,870,551 | ---- | M] () (No name found) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013/06/10 14:43:30 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2014/01/23 21:25:17 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\searchplugins\yahoo_ff.xml
[2014/07/29 23:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/07/29 23:52:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/05/15 17:09:06 | 000,034,816 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\NPPdfExt.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://uk.search.yah...r=spigot-yhp-ch
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\36.0.1985.125\gears.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: FireFox PDF Previewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPPdfExt.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement Web App = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: AP Suggestor = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid\1.2.5_0\
CHR - Extension: Poppit! = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Poppit! = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/04/27 14:31:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (PDFHelperBHO Class) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files\PDF Suite\PDFIEHelper.dll (Interactive Brands)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\SG\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid efba0b08a0cd47d1806ed168ddf4f927-6ad14d4cb9e7984c1c17746eb4c0332095f8aef7 --CMPID 0913b File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Documents and Settings\SG\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\SG\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra Button: PDF Suite - {B7B1D292-6383-4743-8793-9609BFABF36F} - C:\Program Files\PDF Suite\IEPDFExt.dll (Interactive Brands)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBA43C3B-590C-41DC-8C37-9BDE4F25E99A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Dell.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 22:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/18 00:52:08 | 000,000,126 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{50d86fe3-a6b7-11de-a15d-00219b1010d4}\Shell - "" = AutoRun
O33 - MountPoints2\{50d86fe3-a6b7-11de-a15d-00219b1010d4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50d86fe3-a6b7-11de-a15d-00219b1010d4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/14 18:26:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SG\Desktop\OTL.exe
[2014/08/07 16:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SG\My Documents\BT Bills
[2014/08/06 13:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/07/29 23:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/07/24 23:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[1 C:\Documents and Settings\SG\My Documents\*.tmp files -> C:\Documents and Settings\SG\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/14 18:26:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SG\Desktop\OTL.exe
[2014/08/14 18:20:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/08/14 18:20:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/14 18:20:03 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/14 18:18:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/14 18:18:48 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/14 17:55:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/08/14 17:52:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/14 17:02:49 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/14 15:28:02 | 000,001,196 | ---- | M] () -- C:\hpfr5550.xml
[2014/08/14 14:13:12 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Continuum.lnk
[2014/08/13 22:41:19 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/08/12 15:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/08/12 12:57:10 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\SG\random.dat
[2014/08/12 12:56:30 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\SG\jagexappletviewer.preferences
[2014/08/12 12:51:20 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\SG\jagex_cl_runescape_LIVE.dat
[2014/08/11 14:19:07 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2014/08/08 15:34:40 | 000,000,210 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/06 14:57:47 | 000,000,059 | ---- | M] () -- C:\Documents and Settings\SG\jagex_cl_runescape_LIVE1.dat
[2014/08/02 15:51:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/08/01 13:21:45 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\prismDowngrade.job
[2014/07/26 11:55:57 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\SG\Start Menu\Programs\Startup\Dropbox.lnk
[2014/07/26 11:55:34 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\SG\Desktop\Dropbox.lnk
[2014/07/18 22:56:08 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 C:\Documents and Settings\SG\My Documents\*.tmp files -> C:\Documents and Settings\SG\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/06 00:24:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2013/11/21 17:56:41 | 000,062,228 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/10/12 12:03:04 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/08/07 21:00:05 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\SG\Application Data\WB.CFG
[2013/07/27 21:00:02 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/07/03 21:00:03 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\SG\Application Data\WBPU-TTL.DAT
[2013/06/16 21:00:02 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/03/25 22:31:24 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\SG\jagexappletviewer.preferences
[2013/02/23 13:54:01 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\SG\jagex_cl_oldschool_LIVE.dat
[2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/11/12 21:01:11 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\SG\jagex_cl_runescape_LIVE_BETA.dat
[2012/11/12 21:01:11 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\SG\random.dat
[2012/11/11 16:00:01 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2012/11/11 16:00:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2012/11/11 15:58:16 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/11 15:58:13 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/11 15:58:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/11/11 15:57:40 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/08/23 19:52:28 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\SG\Local Settings\Application Data\dt.dat
[2012/03/26 18:57:47 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\SG\jagex_cl_runescape_LIVE1.dat
[2012/03/17 14:44:48 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\SG\jagex_cl_runescape_LIVE.dat
[2010/05/17 22:42:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\SG\jagex__preferences3.dat
[2010/03/14 16:44:17 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\SG\jagex_runescape_preferences2.dat
[2009/06/29 12:39:31 | 008,928,000 | ---- | C] () -- C:\Documents and Settings\SG\jimidat.3
[2009/01/18 22:00:11 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\SG\jagex_runescape_preferences.dat
[2009/01/18 18:29:25 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\SG\Local Settings\Application Data\fusioncache.dat
[2009/01/13 16:13:26 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\SG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 20:03:40 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\SG\Application Data\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2008/04/25 22:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 09:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/07/01 15:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/30 20:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2010/05/03 23:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2010/09/13 20:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/04/04 13:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013/01/21 15:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/09 09:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/06/10 14:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/04/24 22:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2013/12/10 11:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/11/11 16:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Evonsoft
[2009/01/14 18:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2012/11/11 17:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Invoice Expert
[2013/10/12 12:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Labelling
[2014/08/14 17:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/10/12 12:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfHuMdBde8POIAez1Pm
[2009/12/20 19:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/11 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2013/09/20 11:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Promote Installer
[2010/08/14 15:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2008/11/06 16:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/09/02 19:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/16 13:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2014/01/23 21:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2009/01/13 00:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/05/07 21:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/12/16 13:09:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013/12/16 13:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\AnvSoft
[2012/12/13 20:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\AVG2013
[2010/05/24 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/06/04 20:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Bidgood Svcs
[2013/06/10 14:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\CheckPoint
[2014/08/14 18:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Dropbox
[2009/08/08 19:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\FileZilla
[2012/03/10 15:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\GraphPad Software
[2009/06/16 21:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Gs
[2010/05/07 21:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Losoftware
[2010/02/19 14:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\ManyCam
[2011/02/13 12:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\NCH Swift Sound
[2009/01/14 18:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Nokia
[2013/03/31 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Nseries
[2012/08/15 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Oracle
[2009/01/14 18:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\PC Suite
[2014/04/26 17:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\PDF Reader Packages
[2009/06/16 21:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\PDF Software
[2013/12/16 02:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\PhotoScape
[2012/11/11 16:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Pointstone
[2012/07/12 13:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\SMRecorder
[2013/04/23 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\SumatraPDF
[2008/11/10 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Template
[2012/11/11 16:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Thinstall
[2011/07/14 20:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\TS3Client
[2013/12/16 13:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\TuneUp Software
[2012/04/30 18:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SG\Application Data\Unity
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FB6A46D
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
 


Edited by sundayla, 15 August 2014 - 09:49 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay could I have a fresh look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
sundayla

sundayla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Hi there Essexboy,

 

I have attached the FRST.txt and Addition.txt logs to this reply from the Farbar Recovery Scan Tool.

 

And here is the aswMBR log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-17 13:45:39
-----------------------------
13:45:39.796    OS Version: Windows 5.1.2600 Service Pack 3
13:45:39.796    Number of processors: 4 586 0x170A
13:45:39.796    ComputerName: SUNNY  UserName: SG
13:45:41.062    Initialize success
13:45:41.093    VM: initialized successfully
13:45:41.109    VM: Intel CPU supported
13:47:34.656    AVAST engine defs: 14081700
13:48:04.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:48:04.171    Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
13:48:04.296    Disk 0 MBR read successfully
13:48:04.296    Disk 0 MBR scan
13:48:04.312    Disk 0 Windows VISTA default MBR code
13:48:04.312    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       86 MB offset 63
13:48:04.343    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       476851 MB offset 176715
13:48:04.359    Disk 0 default boot code
13:48:04.359    Disk 0 scanning sectors +976768065
13:48:04.421    Disk 0 scanning C:\WINDOWS\system32\drivers
13:48:11.750    Service scanning
13:48:30.671    Modules scanning
13:48:54.062    Disk 0 trace - called modules:
13:48:54.078    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:48:54.078    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b033ab8]
13:48:54.078    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8b03d1c8]
13:48:54.078    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b092940]
13:48:54.859    AVAST engine scan C:\WINDOWS
13:49:13.468    AVAST engine scan C:\WINDOWS\system32
13:52:16.062    AVAST engine scan C:\WINDOWS\system32\drivers
13:52:38.265    AVAST engine scan C:\Documents and Settings\SG
14:12:43.750    AVAST engine scan C:\Documents and Settings\All Users
14:14:56.921    Scan finished successfully
14:17:27.015    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SG\Desktop\MBR.dat"
14:17:27.015    The log file has been saved successfully to "C:\Documents and Settings\SG\Desktop\aswMBR.txt"

 

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a great deal showing, mainly adware, what symptoms if any are you experiencing ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...24900219B1010D4
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {C8C33A49-6F56-4B6F-A46D-180C992F6985} URL = http://search.zoneal...Id=&ver=&&r=953
BHO: AP Suggestor -> {D0984FD4-FA9A-46ee-9072-70B0735FF852} -> C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF user.js: detected! => C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\user.js
FF Extension: Start Page - C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-04-10]
FF Extension: AP Suggestor - C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\Extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi [2012-01-31]
CHR Extension: (AP Suggestor) - C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid [2012-07-16]
CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - C:\Program Files\AP Suggestor\APSuggestor.crx [2012-01-31]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2012-01-31]
HKU\S-1-5-21-2226374951-1761529466-2004337237-1006\Software\Classes\secfile: Application <===== ATTENTION!
C:\Documents and Settings\All Users\Application Data\OfHuMdBde8POIAez1Pm
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
sundayla

sundayla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

I'm currently not experiencing any symptons at the moment. But they day it got infected it found 'Spyware.Password' and the next day it found a Trojan, both were found and removed by AVG and Malwarebytes but I'm not sure how much or what damage they did or if they have been fully removed.

 

 

This is the Fixlog as requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by SG at 2014-08-17 15:09:11 Run:2
Running from C:\Documents and Settings\SG\Desktop\New Folder (4)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-sea...24900219B1010D4
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {C8C33A49-6F56-4B6F-A46D-180C992F6985} URL = http://search.zoneal...Id=&ver=&&r=953
BHO: AP Suggestor -> {D0984FD4-FA9A-46ee-9072-70B0735FF852} -> C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
FF user.js: detected! => C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\user.js
FF Extension: Start Page - C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi [2014-04-10]
FF Extension: AP Suggestor - C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\Extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi [2012-01-31]
CHR Extension: (AP Suggestor) - C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid [2012-07-16]
CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - C:\Program Files\AP Suggestor\APSuggestor.crx [2012-01-31]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2012-01-31]
HKU\S-1-5-21-2226374951-1761529466-2004337237-1006\Software\Classes\secfile: Application <===== ATTENTION!
C:\Documents and Settings\All Users\Application Data\OfHuMdBde8POIAez1Pm
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key deleted successfully.
"HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C8C33A49-6F56-4B6F-A46D-180C992F6985}" => Key deleted successfully.
"HKCR\CLSID\{C8C33A49-6F56-4B6F-A46D-180C992F6985}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0984FD4-FA9A-46ee-9072-70B0735FF852}" => Key deleted successfully.
"HKCR\CLSID\{D0984FD4-FA9A-46ee-9072-70B0735FF852}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
"HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found.
C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\user.js => Moved successfully.
C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi => Moved successfully.
C:\Documents and Settings\SG\Application Data\Mozilla\Firefox\Profiles\su7ipvls.default\Extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi => Moved successfully.
C:\Documents and Settings\SG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ibnmbpihhamedhophbnjjpidokcknoid" => Key deleted successfully.
C:\Program Files\AP Suggestor\APSuggestor.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph" => Key deleted successfully.
"C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" => File/Directory not found.
"HKU\S-1-5-21-2226374951-1761529466-2004337237-1006\Software\Classes\secfile" => Key deleted successfully.
C:\Documents and Settings\All Users\Application Data\OfHuMdBde8POIAez1Pm => Moved successfully.

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => Removed 724.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

I downloaded and ran the Adwcleaner, I followed the instructions but at the end when it said reboot the computer, AVG came up with an alert about the programme (I've attached a screenshot)

and it didnt show a log after restarting so I searched for the log C:\AdwCleaner[S1].txt but could only see the following:

 

AdwCleaner[R0]

AdwCleaner[R1]

AdwCleaner[S0]

 

 

Attached Files

  • Attached File  Pic1.bmp   1.54MB   141 downloads

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you post the adwcleaner logs that you have and I will see what they reveal


  • 0

#7
sundayla

sundayla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

I've attached the three AdwCleaner logs:

Attached Files


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

OK AdwCleaner did its job...  Is AVG alerting on anything at all now as the system looks clean


  • 0

#9
sundayla

sundayla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

Thats good I thought maybe that alert stopped Adwcleaner from finishing. No AVG is not alerting on anything.


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#11
sundayla

sundayla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts

That is good news! :D :spoton:

 

I ran Delfix and installed Cryptoprevent.  I have also now disabled Java from the browser.

 

I will now run for 24 hours and report back.

 

Thank you very much for your help Essexboy! :thumbsup:


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP