I turned it on yesterday morning and it wouldn't open any pages either in Firefox, Chrome IE or download any mail with outlook express. It again is running Win XP Pro SP3 and has run like a dream for the last 2 years, protected by Kasperky Internet Security.
So i ran a scan with Kasperky and it found nothing at all. I clicked Utorrent by mistake and was shocked to see that it was both uploading and downloading, so I knew that there wasn't a problem with my network card or wifi card. I then downloaded (on my son's Pc and transferred it with a usb memory stick)and ran Sophos virus removal tool, it couldn't update itself and it did find some trojans which it cleaned (log file attached).
I rebooted, still no access to browse the web, ran Sophos again and it said it was clean. I ran Malwarebytes and it did find stuff (log file attached). I cleaned the found items, rebooted and still had the same problem.
I've backed up all my data and was about to format and reinstall but haven't as I another problem with a fresh install here so hopefully you will be able to find me get my laptop going again.
OTL Log File
OTL logfile created on: 11/10/2013 01:40:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Al\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.91% Memory free
3.83 Gb Paging File | 3.10 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.85 Gb Total Space | 91.88 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
Computer Name: ALASTAIR | User Name: Al | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/11 01:03:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTL.exe
PRC - [2013/10/11 00:05:42 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/01/15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/05 01:52:59 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
========== Services (SafeList) ==========
SRV - File not found [Unknown (-1) | Unknown] -- -- (MBAMSwissArmy)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/10/11 00:05:42 | 000,356,128 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/09/12 13:41:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/04 17:50:09 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/11/07 19:45:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/11/07 10:44:06 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [Disabled | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2001/08/09 03:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/11 00:56:28 | 000,048,728 | ---- | M] (MalwareBytes) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/10/11 00:06:05 | 000,593,504 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/10/11 00:06:05 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2013/10/11 00:06:05 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/10/11 00:06:05 | 000,024,160 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/06/19 13:16:11 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/04/24 11:41:09 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/12/29 21:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/09/28 21:50:21 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/06/27 15:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/03/02 09:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2012/03/02 09:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2012/03/02 09:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)
DRV - [2012/03/02 09:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2008/04/13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/15 13:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/04/24 09:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 09:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 09:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 09:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus)
DRV - [2006/11/13 23:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/01/18 05:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2003/02/21 22:38:04 | 000,017,504 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{69BF8669-5ABC-42FB-9C7E-D96DCB2FE3D4}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Al\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/16 19:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/10/11 00:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/21 12:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/21 12:41:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/09 11:28:02 | 000,000,000 | ---D | M]
[2011/12/10 00:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Al\Application Data\Mozilla\Extensions
[2013/10/09 11:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\fozy00fj.default\extensions
[2013/10/09 11:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Al\Application Data\Mozilla\Firefox\Profiles\fozy00fj.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/10/09 11:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/09 11:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/01 17:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/10/01 17:26:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/21 12:39:54 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\11.10.24_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\11.10.25_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\12.1_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\13.1_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\9.10.22_0\
CHR - Extension: Webpage Screenshot Capture = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\9.10.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Rain Alarm Extension = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.12_0\
CHR - Extension: Rain Alarm Extension = C:\Documents and Settings\Al\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olnconaknblgbkfgknkfmmfhhbebkekd\1.2.13_0\
O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\RunOnce: [ (A0)] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1060284298-1214440339-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341578250281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68123792-B937-44B1-BA18-1C1C709F13B2}: NameServer = 194.74.65.69,194.74.69.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80005732-F0C3-4565-8D3B-7FFA66F2915D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80005732-F0C3-4565-8D3B-7FFA66F2915D}: NameServer = 194.74.65.69,194.74.66.78
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Al\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/26 13:12:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/11 01:36:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTL.exe
[2013/10/11 00:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/10/11 00:56:28 | 000,048,728 | ---- | C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/10/11 00:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\mbar
[2013/10/11 00:50:14 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/11 00:50:13 | 012,907,592 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Al\Desktop\mbar-1.07.0.1005.exe
[2013/10/10 23:30:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Al\Recent
[2013/10/10 23:16:52 | 026,388,552 | ---- | C] (EaseUS ) -- C:\Documents and Settings\Al\Desktop\epm.exe
[2013/10/10 20:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\To Move
[2013/10/09 22:53:03 | 136,167,712 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Al\Desktop\7200xdat.exe
[2013/10/09 22:53:03 | 010,029,088 | ---- | C] (McAfee Inc) -- C:\Documents and Settings\Al\Desktop\stinger32.exe
[2013/10/09 22:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/10/09 14:50:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/10/09 11:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/10/09 11:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Start Menu\Programs\Sophos
[2013/10/09 11:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/10/09 11:39:41 | 077,337,376 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.exe
[2013/10/09 11:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/09 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Start Menu\Programs\FilesFrog Update Checker
[2013/10/09 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\FilesFrog Update Checker
[2013/10/09 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2013/10/09 11:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/10/09 11:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013/10/09 10:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Old Firefox Data
[2013/10/07 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC(2)
[2013/10/07 12:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\mIRC
[2013/10/04 11:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\New Folder
[2013/10/02 14:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\IsolatedStorage
[2013/10/02 14:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\IsolatedStorage
[2013/10/02 14:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACT
[2013/10/02 14:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\NEWACT_1002131350
[2013/10/02 14:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ACT
[2013/10/02 14:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Application Data\ACT
[2013/10/02 14:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/10/02 14:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\ACT
[2013/10/02 13:45:56 | 000,000,000 | ---D | C] -- C:\contactik
[2013/09/26 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2013/09/26 11:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer
[2013/09/26 11:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupon Printer
[2013/09/23 12:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover v3.1
[2013/09/23 12:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF Password Remover v3.1
[2013/09/16 01:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/09/16 01:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/09/16 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2013/09/16 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2013/09/15 02:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Al Pics
[2013/09/15 00:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Tom Phone Pics
[2013/09/14 22:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LG PC Suite IV
[2013/09/14 22:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Local Settings\Application Data\LG Electronics
[2013/09/14 22:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LGMobile Support Tool
[2013/09/14 17:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Al\Desktop\Cornwall 2013 Pics
[2013/09/14 10:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/12/15 14:09:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Al\Application Data\pcouffin.sys
[2011/12/14 12:42:31 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Al\SETUP.EXE
========== Files - Modified Within 30 Days ==========
[2013/10/11 01:50:42 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/11 01:48:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004UA.job
[2013/10/11 01:41:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/11 01:03:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Al\Desktop\OTL.exe
[2013/10/11 00:56:28 | 000,048,728 | ---- | M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/10/11 00:52:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job
[2013/10/11 00:49:24 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Al\Desktop\mbar-1.07.0.1005.exe
[2013/10/11 00:48:04 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Al\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/11 00:46:18 | 000,231,390 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\RootkitRevealer.zip
[2013/10/11 00:06:05 | 000,593,504 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/10/11 00:06:05 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kl1.sys
[2013/10/11 00:06:05 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2013/10/11 00:06:05 | 000,024,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klkbdflt.sys
[2013/10/10 23:38:15 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1003UA.job
[2013/10/10 23:32:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/10 23:32:45 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/10 23:32:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/10 23:32:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/10 22:56:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007UA.job
[2013/10/10 22:19:37 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/10 21:32:22 | 026,388,552 | ---- | M] (EaseUS ) -- C:\Documents and Settings\Al\Desktop\epm.exe
[2013/10/10 20:43:52 | 000,010,848 | ---- | M] () -- C:\Documents and Settings\Al\My Documents\ALASTAIR.speccy
[2013/10/10 20:23:59 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F92262F-335D-40B0-9F9A-BC107C447E49}.job
[2013/10/10 20:09:15 | 000,000,138 | RH-- | M] () -- C:\Documents and Settings\Al\Desktop\Stinger.opt
[2013/10/10 20:09:12 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Stinger_10102013_122556.html
[2013/10/09 14:56:03 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.lnk
[2013/10/09 11:29:18 | 006,113,096 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\sophos_scss_10_sfx.exe
[2013/10/09 11:28:24 | 077,337,376 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.exe
[2013/10/09 10:13:43 | 000,526,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/09 10:13:43 | 000,096,784 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/09 07:48:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1004Core.job
[2013/10/08 17:52:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job
[2013/10/08 17:35:01 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1003Core.job
[2013/10/08 06:55:11 | 000,885,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/07 13:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/07 12:54:43 | 000,247,332 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/10/06 19:56:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1214440339-1417001333-1007Core.job
[2013/10/04 20:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/10/03 16:39:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1214440339-1417001333-1007.job
[2013/09/30 00:49:06 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Al\Application Data\WBPU-TTL.DAT
[2013/09/26 11:57:39 | 000,000,031 | -H-- | M] () -- C:\WINDOWS\UKCpInfo.sys
[2013/09/23 12:05:15 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Al\Desktop\PDF Password Remover v3.1.lnk
[2013/09/22 17:03:37 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/20 21:34:31 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2013/09/20 00:49:03 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\Al\Application Data\WB.CFG
[2013/09/17 15:06:34 | 136,167,712 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Al\Desktop\7200xdat.exe
[2013/09/17 14:58:10 | 010,029,088 | ---- | M] (McAfee Inc) -- C:\Documents and Settings\Al\Desktop\stinger32.exe
[2013/09/14 23:51:01 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2013/09/14 22:39:14 | 000,000,000 | ---- | M] () -- C:\END
========== Files Created - No Company Name ==========
[2013/10/11 00:50:14 | 000,231,390 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\RootkitRevealer.zip
[2013/10/10 20:43:52 | 000,010,848 | ---- | C] () -- C:\Documents and Settings\Al\My Documents\ALASTAIR.speccy
[2013/10/10 20:09:15 | 000,000,138 | RH-- | C] () -- C:\Documents and Settings\Al\Desktop\Stinger.opt
[2013/10/10 12:25:56 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Stinger_10102013_122556.html
[2013/10/09 11:43:43 | 000,002,555 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\Sophos Virus Removal Tool.lnk
[2013/10/09 11:39:41 | 006,113,096 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\sophos_scss_10_sfx.exe
[2013/10/08 06:55:11 | 000,885,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/07 12:54:43 | 000,247,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/10/03 10:26:11 | 000,592,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1004-0.dat
[2013/10/02 15:15:16 | 000,592,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1214440339-1417001333-1003-0.dat
[2013/10/02 15:15:15 | 000,592,394 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/26 11:57:39 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2013/09/23 12:05:15 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Al\Desktop\PDF Password Remover v3.1.lnk
[2013/09/15 00:49:01 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\WB.CFG
[2013/09/15 00:49:01 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\WBPU-TTL.DAT
[2013/09/14 22:39:14 | 000,000,000 | ---- | C] () -- C:\END
[2013/09/12 13:41:44 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/12 06:49:04 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/09/12 06:49:04 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/09/03 01:46:37 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Al\Settings.ini
[2013/09/03 01:00:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\recently-used.xbel
[2013/04/25 17:16:17 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Al\ntuser.pol
[2013/04/06 13:33:59 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/04/06 13:33:59 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/02/16 16:52:59 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\.backup.dm
[2012/12/15 14:09:16 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\inst.exe
[2012/12/15 14:09:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.cat
[2012/12/15 14:09:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\pcouffin.inf
[2012/09/28 22:10:31 | 000,000,381 | ---- | C] () -- C:\Documents and Settings\Al\Application Data\burnaware.ini
[2012/09/24 13:31:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini
[2012/09/14 15:18:34 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/08/20 20:48:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/25 13:47:09 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2012/04/24 00:32:32 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2012/04/24 00:32:32 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2012/04/24 00:20:09 | 000,003,146 | ---- | C] () -- C:\WINDOWS\System32\vsort.com
[2012/04/20 07:21:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2012/04/20 06:44:15 | 000,000,129 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/04/10 11:03:57 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/03/20 01:59:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2012/03/20 01:59:32 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/02/17 16:34:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/15 16:19:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2012/01/15 16:19:57 | 000,017,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2012/01/06 14:41:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/12/14 12:42:31 | 005,617,579 | ---- | C] () -- C:\Documents and Settings\Al\PRJMDB.CAB
[2011/12/14 12:42:31 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Al\SETUP.LST
[2011/11/20 15:05:00 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 08:01:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ForgiveMe.exe
[2011/10/29 08:01:23 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\MKScannerSetting.ini
[2011/10/28 14:03:45 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/10/26 14:14:19 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Al\Local Settings\Application Data\WebpageIcons.db
[2011/10/26 13:58:13 | 000,004,317 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/26 13:34:48 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/10/26 13:34:48 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2011/10/26 13:34:48 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2011/10/26 13:32:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2011/10/26 13:32:33 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2011/10/26 13:32:33 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2011/10/26 13:32:33 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2011/10/26 13:32:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2011/10/26 13:32:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2011/10/26 13:30:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/26 13:15:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/26 13:09:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2011/10/26 14:38:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/10/02 14:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ACT
[2011/12/14 13:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ActiveState
[2013/06/15 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/09/03 00:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\BitLord
[2013/09/10 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\CDXReader
[2012/09/28 21:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\DAEMON Tools Lite
[2013/04/04 19:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\DDMSettings
[2013/09/10 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\DSite
[2012/04/12 01:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\FileZilla
[2012/09/15 02:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\GrabPro
[2011/10/28 19:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\gtk-2.0
[2013/10/02 14:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\IsolatedStorage
[2013/09/10 20:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\LavFilters
[2011/12/02 12:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\LibreOffice
[2012/04/24 01:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Millennia
[2011/12/05 20:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\MusicBee
[2012/04/14 13:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\MyPhoneExplorer
[2011/12/17 06:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\MySQL
[2011/10/28 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\OpenOffice.org
[2012/10/17 13:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Orbit
[2012/09/24 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Party
[2012/03/30 01:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\pdfforge
[2012/04/15 11:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\PFStaticIP
[2011/12/14 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\PGO
[2012/09/15 02:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\ProgSense
[2013/09/02 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Python-Eggs
[2011/12/29 15:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Shareaza
[2013/03/03 13:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Temp
[2011/12/15 21:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\TotalValidatorTool
[2011/12/13 12:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Trillian
[2013/10/09 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\uTorrent
[2012/12/15 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Vso
[2012/01/28 20:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Windows Desktop Search
[2011/11/12 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Al\Application Data\Windows Search
[2013/10/02 14:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2013/02/06 20:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/08/25 19:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/01/11 19:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft
[2013/02/16 16:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/03/23 03:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/09/10 20:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/09/14 21:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2013/04/25 17:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2013/03/03 13:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintProjects
[2013/03/30 17:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftSafe
[2013/10/09 11:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/09/10 15:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SummerSoft
[2013/03/03 13:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/04/27 18:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSO
[2011/12/29 17:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/07/12 11:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp
[2013/10/03 07:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\ACT
[2013/06/17 14:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/04/14 21:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\DDMSettings
[2013/10/03 07:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\IsolatedStorage
[2011/12/24 18:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\LibreOffice
[2011/12/05 20:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\MusicBee
[2011/10/28 11:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\OpenOffice.org
[2012/09/24 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\Party
[2012/12/23 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\uTorrent
[2012/01/28 20:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\Windows Desktop Search
[2012/11/04 18:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Em\Application Data\YourFileDownloader
[2013/03/04 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2013/08/19 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\BBCiPlayerDesktop
[2013/08/08 11:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/10 09:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\DAEMON Tools Lite
[2013/04/20 20:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\DDMSettings
[2012/04/10 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\LibreOffice
[2013/06/01 11:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\Tibo Software
[2012/04/10 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\tixati
[2013/09/18 14:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\uTorrent
[2012/04/10 10:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Work\Application Data\Windows Search
========== Purity Check ==========
< End of report >
Attached Files
Edited by alastair70, 10 October 2013 - 07:07 PM.