Solved Trojan horser Downloader.Generic13...

[lewis rose]

Hi,
D:\Downloads\eTypeSetup.exe
I would really appreciate some assistance in how I go about removing this threat. I'm using a PC with XP operating system.

Thanks,
Lewis

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[lewis rose]

Hi, thanks for offering your assistance. Below is the Malwarebytes log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/03/2014
Scan Time: 12:01:55
Logfile: mal log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 209191
Time Elapsed: 13 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe, 3464, , [d475ef10d0aab383a70681329d660ef2]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [a5a4708fc1b992a4d88f023f7a88b44c],
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\INPROCSERVER32, , [a5a4708fc1b992a4d88f023f7a88b44c],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [a5a4708fc1b992a4d88f023f7a88b44c],
PUP.Optional.Spigot, HKU\S-1-5-21-1123561945-1614895754-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [a5a4708fc1b992a4d88f023f7a88b44c],
PUP.Optional.Spigot, HKU\S-1-5-21-1123561945-1614895754-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [a5a4708fc1b992a4d88f023f7a88b44c],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, , [d475ef10d0aab383a70681329d660ef2],

Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1123561945-1614895754-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Slick Savings, "C:\Documents and Settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe", , [d475ef10d0aab383a70681329d660ef2]

Registry Data: 1
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll , Good: (), Bad: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL),,[4cfd1ee1bfbbc96df96b4767778c7a86]

Folders: 12
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Application Data\Slick Savings, , [d475ef10d0aab383a70681329d660ef2],
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Slick Savings, , [9cadc837a7d368ceb4fc268d59aac739],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\css, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\icons, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp, , [95b48f704a3084b2d5b2602b7290f709],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0, , [95b48f704a3084b2d5b2602b7290f709],

Files: 43
PUP.Optional.Spigot, C:\Documents and Settings\Administrator\Application Data\Slick Savings\Coupons.dll, , [a5a4708fc1b992a4d88f023f7a88b44c],
PUP.Optional.LiveSoftAction.A, C:\Documents and Settings\Administrator\My Documents\Downloads\Iminent provided through FBSmileys.exe, , [004997685b1fae880159f36a98690bf5],
PUP.Optional.OutBrowse, C:\Documents and Settings\Administrator\My Documents\Downloads\Installer (1).exe, , [a5a450afabcfc17537f2fe997a877b85],
PUP.Optional.OutBrowse, C:\Documents and Settings\Administrator\My Documents\Downloads\Installer.exe, , [3d0cb6494c2eb08689a0bbdc986908f8],
PUP.Optional.Softonic.A, C:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_maxthon.exe, , [56f3c03fe694e056bd46184a12ef8977],
PUP.Optional.Datamngr.A, C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll, , [4cfd1ee1bfbbc96df96b4767778c7a86],
PUP.Optional.Datamngr.A, C:\Documents and Settings\All Users\Application Data\Wincert\win64cert.dll, , [5fea1ae582f838fea4c00ea080837e82],
PUP.Optional.Datamngr.A, C:\Documents and Settings\All Users\Application Data\Wincert\win32prop.dll, , [a5a4a05fcbafbb7bd392921cbd46bb45],
PUP.Optional.Datamngr.A, C:\Documents and Settings\All Users\Application Data\Wincert\win64prop.dll, , [59f016e9582259dd1d48e6c8e61dcf31],
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Application Data\Slick Savings\coupons_2.4.crx, , [d475ef10d0aab383a70681329d660ef2],
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe, , [d475ef10d0aab383a70681329d660ef2],
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Application Data\Slick Savings\coupons_2.9.xpi, , [d475ef10d0aab383a70681329d660ef2],
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Application Data\Slick Savings\Uninstall.exe, , [d475ef10d0aab383a70681329d660ef2],
PUP.Optional.Spigot.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Slick Savings\coupons.crx, , [9cadc837a7d368ceb4fc268d59aac739],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\background.html, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\background.js, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\config.json, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\dea-128.png, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\dea-48.png, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\empty-favicon.ico, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\jquery.js, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\manifest.json, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\newtab.html, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\newtab.js, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\redirect.html, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\redirect.js, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\util.js, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\css\newtab.css, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img\no_thumb.png, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\Img\search-icon.png, , [da6fa7587802d85ef49198f37f836c94],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\background.html, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\config.json, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\manifest.json, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\icons\ss-128.png, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\icons\ss-48.png, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts\background.js, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts\loader_1036.js, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\scripts\utils.js, , [96b3cf302b4f83b3daac18732fd3ae52],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-128.png, , [95b48f704a3084b2d5b2602b7290f709],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-19.png, , [95b48f704a3084b2d5b2602b7290f709],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\amazon-48.png, , [95b48f704a3084b2d5b2602b7290f709],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\background.js, , [95b48f704a3084b2d5b2602b7290f709],
PUP.Optional.SlickSavings.A, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\manifest.json, , [95b48f704a3084b2d5b2602b7290f709],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Broni]

DDS?

 

[lewis rose]

Ok

 

[lewis rose]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 11:10:45 on 2014-03-31
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3583.2296 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Game Booster Pro\Games Box.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Settings Manager\systemk\SystemkService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\Settings Manager\systemk\SystemkService.exe
C:\Program Files\Settings Manager\systemk\systemku.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe
C:\Program Files\AdFender\AdFender.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
uSearch Bar = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=273&src=ds&p=
uSearchAssistant = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=273&src=ds&p=
mSearchAssistant = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=273&src=ds&p=
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\8.9\vuzeToolbarIE.dll
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\8.9\vuzeToolbarIE.dll
BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - c:\documents and settings\administrator\application data\slick savings\Coupons.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\program files\linkey\ieextension\iedll.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - c:\program files\adblock plus for ie\AdblockPlus32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\8.9\vuzeToolbarIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AVG-Secure-Search-Update_1113a] c:\documents and settings\administrator\application data\avg 1113a campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=aced0cde381a47d3bdd1d15020bc5b23-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1113a
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Slick Savings] "c:\documents and settings\administrator\application data\slick savings\CouponsHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adfender.lnk - c:\program files\adfender\AdFender.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.5\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll c:\progra~1\linkey\ieexte~1\iedll.dll c:\progra~1\settin~1\systemk\syskldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.154\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\wx414iz2.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ff
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\18.0.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-9 42272]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2014-3-17 807800]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2014-1-28 2135232]
R2 SystemkService;Systemk Service;c:\program files\settings manager\systemk\SystemkService.exe [2014-3-1 3448848]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [2014-3-23 1771032]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-2-23 3782672]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 atidgllk;atidgllk;\??\c:\docume~1\admini~1\locals~1\temp\~af02745\upgrade\atidgllk.sys --> c:\docume~1\admini~1\locals~1\temp\~af02745\upgrade\atidgllk.sys [?]
S3 nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys --> c:\windows\system32\drivers\nbdrv.sys [?]
S3 nbdrvMP;nbdrvMP;c:\windows\system32\drivers\nbdrv.sys --> c:\windows\system32\drivers\nbdrv.sys [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2013-8-17 829792]
.
=============== Created Last 30 ================
.
2014-03-30 10:46:03 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 10:43:05 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 10:43:05 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-30 10:43:05 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-30 10:43:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-03-27 14:04:17 -------- d-----w- c:\documents and settings\administrator\application data\Vuze Remote
2014-03-25 16:53:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Slick Savings
2014-03-25 16:53:02 -------- d-----w- c:\documents and settings\administrator\application data\Slick Savings
2014-03-25 16:53:00 -------- d-----w- c:\documents and settings\administrator\application data\Search Settings
2014-03-25 16:52:53 -------- d-----w- c:\program files\common files\Spigot
2014-03-25 16:52:53 -------- d-----w- c:\program files\Application Updater
2014-03-25 16:52:52 -------- d-----w- c:\program files\Vuze Remote Toolbar
2014-03-25 16:52:50 -------- d-----w- c:\documents and settings\administrator\.swt
2014-03-25 16:51:50 -------- d-----w- c:\documents and settings\administrator\application data\Azureus
2014-03-25 16:51:36 -------- d-----w- c:\program files\Vuze
2014-03-24 16:40:58 -------- d-----w- c:\program files\AdFender
2014-03-24 16:40:58 -------- d-----w- c:\documents and settings\all users\application data\AdFender
2014-03-24 16:40:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AdFender
2014-03-16 15:16:20 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adblock Plus for IE
2014-03-16 15:16:06 -------- d-----w- c:\documents and settings\administrator\application data\Adblock Plus for IE
2014-03-16 15:16:05 -------- d-----w- c:\program files\Adblock Plus for IE
2014-03-16 15:16:01 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
2014-03-16 15:12:10 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2014-03-16 15:10:28 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2014-03-16 15:07:31 -------- dc-h--w- c:\windows\ie8
2014-03-16 15:05:53 -------- d-----w- c:\documents and settings\administrator\AppData
2014-03-16 11:59:35 -------- d-----w- c:\program files\Game Booster Pro
2014-03-14 15:21:02 -------- d-----w- c:\program files\CCleaner
2014-03-02 12:20:51 -------- d-----w- c:\documents and settings\administrator\local settings\application data\COMODO
2014-03-02 12:20:50 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-03-02 12:20:42 -------- d-----w- c:\program files\Comodo
2014-03-02 12:20:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-03-02 12:20:17 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-03-02 12:20:17 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-03-02 12:15:19 -------- d-----w- c:\program files\Maxthon
2014-03-02 12:12:18 -------- d-----w- c:\windows\SxsCaPendDel
2014-03-02 11:51:35 -------- d-----w- c:\documents and settings\administrator\local settings\application data\FlashPeak
2014-03-02 11:51:24 -------- d-----w- c:\program files\SlimBoat
2014-03-02 11:43:30 -------- d-----w- c:\program files\SeaMonkey
2014-03-02 11:30:43 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2014-03-01 20:03:36 -------- d-----w- c:\documents and settings\administrator\application data\OfferMosquito
2014-03-01 20:03:36 -------- d-----w- c:\documents and settings\administrator\application data\Common
2014-03-01 20:02:04 -------- d-----w- c:\documents and settings\all users\application data\Wincert
2014-03-01 20:01:53 -------- d-----w- c:\program files\Linkey
2014-03-01 20:01:17 -------- d-----w- c:\program files\Settings Manager
2014-03-01 20:01:02 -------- d-----w- c:\documents and settings\all users\application data\systemk
2014-03-01 19:14:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2014-03-01 19:13:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
.
==================== Find3M ====================
.
2014-03-23 12:26:57 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-16 15:13:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-16 15:13:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 21:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-16 00:40:14 487016 ----a-w- C:\SecurityScanner.dll
.
============= FINISH: 11:10:55.17 ===============

 

[lewis rose]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/08/2013 19:05:49
System Uptime: 31/03/2014 10:45:20 (1 hours ago)
.
Motherboard: | | 4Core1333-FullHD
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 2394/267mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 2394/267mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 2394/267mhz
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 2394/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 196 GiB total, 169.41 GiB free.
D: is FIXED (NTFS) - 269 GiB total, 211.797 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI Function Driver for High Definition Audio - ATI AA01
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&5A4A1B1&0&0001
Manufacturer: ATI
Name: ATI Function Driver for High Definition Audio - ATI AA01
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&5A4A1B1&0&0001
Service: HdAudAddService
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11n USB Wireless LAN Card
Device ID: USB\VID_148F&PID_3070\1.0
Manufacturer: Ralink Technology, Corp.
Name: 802.11n USB Wireless LAN Card
PNP Device ID: USB\VID_148F&PID_3070\1.0
Service: rt2870
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&258F370F&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&258F370F&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&258F370F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&258F370F&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP118: 30/12/2013 12:29:29 - System Checkpoint
RP119: 31/12/2013 14:31:19 - System Checkpoint
RP120: 01/01/2014 16:24:57 - System Checkpoint
RP121: 02/01/2014 16:34:14 - System Checkpoint
RP122: 03/01/2014 16:58:46 - System Checkpoint
RP123: 04/01/2014 18:10:00 - System Checkpoint
RP124: 06/01/2014 11:54:29 - System Checkpoint
RP125: 07/01/2014 12:52:33 - System Checkpoint
RP126: 08/01/2014 18:46:19 - System Checkpoint
RP127: 09/01/2014 19:45:26 - System Checkpoint
RP128: 11/01/2014 10:24:03 - System Checkpoint
RP129: 12/01/2014 12:39:50 - System Checkpoint
RP130: 13/01/2014 15:29:45 - System Checkpoint
RP131: 14/01/2014 18:43:38 - System Checkpoint
RP132: 15/01/2014 18:55:26 - Removed AVG 2014
RP133: 17/01/2014 10:41:52 - System Checkpoint
RP134: 18/01/2014 10:48:55 - System Checkpoint
RP135: 19/01/2014 12:54:01 - System Checkpoint
RP136: 20/01/2014 13:47:41 - System Checkpoint
RP137: 21/01/2014 15:26:51 - System Checkpoint
RP138: 22/01/2014 17:14:21 - System Checkpoint
RP139: 24/01/2014 11:49:09 - Removed Skype™ 6.13
RP140: 24/01/2014 11:50:20 - Installed Skype™ 6.6
RP141: 24/01/2014 12:16:09 - Installed Windows Installer KB893803v2.
RP142: 24/01/2014 12:22:12 - Installed Windows XP WIC.
RP143: 24/01/2014 12:24:14 - Installed Windows KB954550-v5.
RP144: 24/01/2014 12:24:19 - Printer Driver Microsoft XPS Document Writer Installed
RP145: 24/01/2014 12:24:23 - Printer Driver Microsoft XPS Document Writer Installed
RP146: 24/01/2014 12:30:35 - Installed DirectX
RP147: 25/01/2014 17:23:41 - System Checkpoint
RP148: 27/01/2014 14:36:48 - System Checkpoint
RP149: 28/01/2014 15:18:20 - System Checkpoint
RP150: 29/01/2014 17:17:48 - Removed AVG 2014
RP151: 01/02/2014 12:57:54 - System Checkpoint
RP152: 03/02/2014 15:04:36 - System Checkpoint
RP153: 04/02/2014 17:59:22 - System Checkpoint
RP154: 05/02/2014 18:05:28 - System Checkpoint
RP155: 07/02/2014 12:16:49 - Removed AVG 2014
RP156: 08/02/2014 12:49:52 - System Checkpoint
RP157: 09/02/2014 13:37:12 - System Checkpoint
RP158: 10/02/2014 16:09:12 - System Checkpoint
RP159: 11/02/2014 16:53:13 - System Checkpoint
RP160: 12/02/2014 18:32:09 - System Checkpoint
RP161: 14/02/2014 10:45:08 - Removed AVG 2014
RP162: 15/02/2014 15:51:47 - System Checkpoint
RP163: 17/02/2014 17:39:23 - System Checkpoint
RP164: 18/02/2014 17:42:10 - System Checkpoint
RP165: 20/02/2014 10:44:57 - System Checkpoint
RP166: 21/02/2014 14:05:44 - System Checkpoint
RP167: 23/02/2014 12:35:51 - System Checkpoint
RP168: 25/02/2014 14:28:48 - System Checkpoint
RP169: 26/02/2014 15:32:36 - System Checkpoint
RP170: 27/02/2014 18:29:39 - System Checkpoint
RP171: 01/03/2014 16:30:27 - System Checkpoint
RP172: 01/03/2014 19:13:36 - Installed Safari
RP173: 01/03/2014 20:03:45 - Removed Microsoft Visual C++ 2005 Redistributable
RP174: 02/03/2014 12:11:14 - Removed Safari
RP175: 08/03/2014 14:36:13 - System Checkpoint
RP176: 08/03/2014 15:20:50 - Removed AVG 2014
RP177: 09/03/2014 15:31:02 - System Checkpoint
RP178: 10/03/2014 17:44:59 - System Checkpoint
RP179: 11/03/2014 19:16:11 - System Checkpoint
RP180: 12/03/2014 10:35:12 - Removed AVG 2014
RP181: 13/03/2014 11:01:18 - System Checkpoint
RP182: 14/03/2014 16:49:56 - System Checkpoint
RP183: 15/03/2014 17:27:20 - System Checkpoint
RP184: 16/03/2014 11:58:28 - System Restore Point created by NetBalancer Setup
RP185: 16/03/2014 15:08:08 - Installed Windows Internet Explorer 8.
RP186: 16/03/2014 15:16:01 - Adblock Plus for IE
RP187: 17/03/2014 17:38:25 - System Checkpoint
RP188: 18/03/2014 18:33:11 - System Checkpoint
RP189: 20/03/2014 11:04:53 - System Checkpoint
RP190: 21/03/2014 11:40:19 - System Checkpoint
RP191: 22/03/2014 12:38:47 - System Checkpoint
RP192: 23/03/2014 14:11:16 - System Checkpoint
RP193: 24/03/2014 10:41:51 - Removed AVG 2014
RP194: 24/03/2014 10:42:02 - Removed AVG 2014
RP195: 25/03/2014 11:09:56 - System Checkpoint
RP196: 26/03/2014 12:05:27 - System Checkpoint
RP197: 27/03/2014 13:50:47 - System Checkpoint
RP198: 28/03/2014 15:39:45 - System Checkpoint
RP199: 29/03/2014 18:59:12 - System Checkpoint
RP200: 31/03/2014 10:53:23 - Removed AVG 2014
RP201: 31/03/2014 10:53:32 - Removed AVG 2014
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
Adblock Plus for IE
Adblock Plus for IE (32-bit)
AdFender
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe Photoshop CS2
Adobe Reader XI (11.0.06)
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AVG 2014
AVG SafeGuard toolbar
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iX6500 series Printer Driver
Canon iX6500 series User Registration
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Comodo Dragon
Compatibility Pack for the 2007 Office system
Facebook Password Extractor
FlashPeak SlimBoat
Game Booster Pro
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
K-Lite Codec Pack 10.0.0 Basic
Linkey
Malwarebytes Anti-Malware version 2.00.0.1000
Maxthon Cloud Browser
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Corporation
Microsoft LifeCam
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 27.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 6.0 Parser
Ralink RT2870 Wireless LAN Card
Realtek High Definition Audio Driver
SeaMonkey 2.24 (x86 en-US)
Settings Manager
Skins
Skype™ 6.6
Slick Savings
Update for Windows XP (KB911164)
Update for Windows XP (KB932823-v3)
Visual Studio 2012 x86 Redistributables
Vuze
Vuze Remote Toolbar v8.9
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
.
==== Event Viewer Messages From Past Week ========
.
29/03/2014 18:17:18, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 f7787925, parameter3 aa777820, parameter4 00000000.
27/03/2014 14:00:47, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 f775f925, parameter3 ab144820, parameter4 00000000.
27/03/2014 10:38:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
27/03/2014 10:38:20, error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
24/03/2014 16:29:10, error: System Error [1003] - Error code 1000008e, parameter1 e0000001, parameter2 f7837925, parameter3 aafc3820, parameter4 00000000.
24/03/2014 16:28:39, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

• Link 1
• Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[lewis rose]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 03/31/2014 16:53:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Slick Savings ("C:\Documents and Settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe" [7]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : SkyTel (SkyTel.EXE [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1123561945-1614895754-725345543-500\[...]\Run : Slick Savings ("C:\Documents and Settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe" [7]) -> [0x2] The system cannot find the file specified.
[IFEO] HKLM\[...]\bitguard.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bprotect.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\bpsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browserdefender.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browserprotect.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\browsersafeguard.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\dprotectsvc.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\protectedsearch.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchprotection.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\searchprotector.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\snapdo.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\stinst32.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\stinst64.exe : Debugger (tasklist.exe [7]) -> DELETED
[IFEO] HKLM\[...]\utiljumpflip.exe : Debugger (tasklist.exe [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\Linkey\IEEXTE~1\iedll.dll C:\PROGRA~1\SETTIN~1\systemk\syskldr.dll [-][7][7]) -> REPLACED ()

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 5 ¤¤¤
[CHR][PUP] Default : Ebay Shopping Assistant by Spigot
[CHR][PUP] Default : Domain Error Assistant
[CHR][PUP] Default : Slick Savings
[CHR][PUP] Default : AVG SafeGuard
[CHR][PUP] Default : Amazon Shopping Assistant by Spigot

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD501LJ +++++
--- User ---
[MBR] f74c37d3f59daa44b16d5638876f22d6
[BSP] 2ee36d1a96d5af33920d5b2b29308871 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 201204 MB
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 412067250 | Size: 275732 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_03312014_165324.txt >>
RKreport[0]_S_03312014_165230.txt

 

[lewis rose]

The Malwarebytes Anti-Rootkit said - 'Congratulations, no cleanup is required!'

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[lewis rose]

ComboFix 14-03-24.01 - Administrator 31/03/2014 17:48:12.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3583.2925 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFi.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Slick Savings
c:\documents and settings\Administrator\Application Data\Slick Savings\Coupons.dll
c:\documents and settings\Administrator\Application Data\Slick Savings\coupons_2.4.crx
c:\documents and settings\Administrator\Application Data\Slick Savings\coupons_2.9.xpi
c:\documents and settings\Administrator\Application Data\Slick Savings\CouponsHelper.exe
c:\documents and settings\Administrator\Application Data\Slick Savings\Uninstall.exe
c:\documents and settings\Administrator\Desktop\Setup.exe
c:\documents and settings\All Users\Application Data\Wincert\WIN32C~1.DLL
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\0b9af83652230ce2.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\4f60dcda280cae62.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\9ee2fdc92cbb4bae.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d93be82034e51623.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\f3a718b7fc5d0912.fb
c:\windows\system32\Cache\f438b1da7a1eff75.fb
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-31 )))))))))))))))))))))))))))))))
.
.
2014-03-31 16:38 . 2014-03-31 16:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Template
2014-03-31 16:04 . 2014-03-31 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-30 10:46 . 2014-03-31 16:27 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-30 10:43 . 2014-03-31 16:03 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-30 10:43 . 2014-03-30 10:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-30 10:43 . 2014-03-30 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-03-30 10:43 . 2014-03-05 09:02 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-27 14:04 . 2014-03-27 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Vuze Remote
2014-03-25 16:53 . 2014-03-25 16:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Slick Savings
2014-03-25 16:53 . 2014-03-25 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Search Settings
2014-03-25 16:52 . 2014-03-25 16:52 -------- d-----w- c:\program files\Application Updater
2014-03-25 16:52 . 2014-03-25 16:52 -------- d-----w- c:\program files\Common Files\Spigot
2014-03-25 16:52 . 2014-03-25 16:52 -------- d-----w- c:\program files\Vuze Remote Toolbar
2014-03-25 16:52 . 2014-03-25 16:52 -------- d-----w- c:\documents and settings\Administrator\.swt
2014-03-25 16:51 . 2014-03-28 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2014-03-25 16:51 . 2014-03-25 16:52 -------- d-----w- c:\program files\Vuze
2014-03-24 16:40 . 2014-03-24 16:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AdFender
2014-03-24 16:40 . 2014-03-24 16:42 -------- d-----w- c:\program files\AdFender
2014-03-24 16:40 . 2014-03-24 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AdFender
2014-03-23 12:26 . 2014-03-23 12:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2014-03-16 18:10 . 2014-03-16 18:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2014-03-16 15:16 . 2014-03-16 15:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adblock Plus for IE
2014-03-16 15:16 . 2014-03-16 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Adblock Plus for IE
2014-03-16 15:16 . 2014-03-16 15:16 -------- d-----w- c:\program files\Adblock Plus for IE
2014-03-16 15:16 . 2014-03-16 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
2014-03-16 15:12 . 2014-03-16 15:12 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2014-03-16 15:10 . 2014-03-16 15:10 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2014-03-16 15:07 . 2014-03-16 15:08 -------- dc-h--w- c:\windows\ie8
2014-03-16 15:05 . 2014-03-16 15:05 -------- d-----w- c:\documents and settings\Administrator\AppData
2014-03-16 11:59 . 2014-03-16 11:59 -------- d-----w- c:\program files\Game Booster Pro
2014-03-14 15:21 . 2014-03-14 15:21 -------- d-----w- c:\program files\CCleaner
2014-03-10 15:24 . 2014-03-10 15:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2014-03-02 12:20 . 2014-03-02 12:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\COMODO
2014-03-02 12:20 . 2014-03-02 12:20 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-03-02 12:20 . 2014-03-02 12:20 -------- d-----w- c:\program files\Comodo
2014-03-02 12:20 . 2014-03-02 12:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-03-02 12:20 . 2014-03-02 12:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-03-02 12:20 . 2014-03-02 12:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2014-03-02 12:15 . 2014-03-02 12:15 -------- d-----w- c:\program files\Maxthon
2014-03-02 12:12 . 2014-03-03 10:30 -------- d-----w- c:\windows\SxsCaPendDel
2014-03-02 11:51 . 2014-03-02 11:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FlashPeak
2014-03-02 11:51 . 2014-03-02 11:51 -------- d-----w- c:\program files\SlimBoat
2014-03-02 11:43 . 2014-03-02 11:43 -------- d-----w- c:\program files\SeaMonkey
2014-03-02 11:30 . 2014-03-02 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2014-03-01 20:03 . 2014-03-01 20:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\OfferMosquito
2014-03-01 20:03 . 2014-03-01 20:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Common
2014-03-01 20:02 . 2014-03-31 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Wincert
2014-03-01 20:01 . 2014-03-01 20:01 -------- d-----w- c:\program files\Linkey
2014-03-01 20:01 . 2014-03-01 20:01 -------- d-----w- c:\program files\Settings Manager
2014-03-01 20:01 . 2014-03-31 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\systemk
2014-03-01 19:14 . 2014-03-01 19:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2014-03-01 19:14 . 2014-03-01 19:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2014-03-01 19:13 . 2014-03-01 19:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2014-03-01 19:13 . 2014-03-01 19:13 -------- d-----w- c:\program files\Apple Software Update
2014-03-01 19:13 . 2014-03-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 12:26 . 2013-12-09 10:56 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-16 15:13 . 2013-11-24 15:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-16 15:13 . 2013-11-24 15:05 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 21:46 . 2013-03-01 09:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-16 00:40 . 2014-01-16 00:40 487016 ----a-w- C:\SecurityScanner.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll" [2014-03-17 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
2014-03-17 15:39 1398592 ----a-w- c:\program files\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-23 12:26 3486232 ----a-w- c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll" [2014-03-23 3486232]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files\Vuze Remote Toolbar\IE\8.9\vuzeToolbarIE.dll" [2014-03-17 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-19 4971024]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-03-23 2544664]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2014-03-17 1393984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-07-27 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2013-12-13 3228080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Maxthon\\bin\\MxUp.exe"=
"c:\\Program Files\\Maxthon\\bin\\Maxthon.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [20/07/2013 01:50 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [20/07/2013 01:51 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10/07/2013 01:32 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [25/09/2013 20:57 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [20/07/2013 01:50 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [01/03/2013 10:32 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [20/07/2013 01:50 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/03/2013 03:08 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/12/2013 11:56 42272]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17/03/2014 16:35 807800]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24/09/2013 02:33 348008]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [28/01/2014 15:35 2135232]
R2 SystemkService;Systemk Service;c:\program files\Settings Manager\systemk\SystemkService.exe [01/03/2014 21:01 3448848]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [23/03/2014 13:27 1771032]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [23/02/2014 22:22 3782672]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/06/2013 10:53 162408]
S3 atidgllk;atidgllk;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\~Af02745\Upgrade\atidgllk.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\~Af02745\Upgrade\atidgllk.sys [?]
S3 nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 nbdrvMP;nbdrvMP;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mbamchameleon
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 11:17 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24 15:13]
.
2014-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2014-03-31 c:\windows\Tasks\Games Booster.job
- c:\program files\Game Booster Pro\Games Box.exe [2014-03-16 13:37]
.
2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-15 23:55]
.
2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-15 23:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
uSearchAssistant = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=273&src=ds&p=
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ff
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-AVG-Secure-Search-Update_1113a - c:\documents and settings\Administrator\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-{3A787631-66A2-4634-B928-A37E73B58FB6} - c:\documents and settings\Administrator\Application Data\Slick Savings\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-31 17:51
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1614895754-725345543-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}"=hex:51,66,7a,6c,4c,1d,3b,1b,c6,1e,82,
56,94,0d,21,0c,a8,d1,39,6d,f4,09,c8,5f
"{54739D49-AC03-4C57-9264-C5195596B3A1}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,82,60,
4f,37,fa,3e,00,87,6b,82,59,54,d3,f7,b9
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"=hex:51,66,7a,6c,4c,1d,3b,1b,76,95,54,
1e,82,bb,4b,06,bd,7f,e2,d8,7e,c5,e3,c2
"{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}"=hex:51,66,7a,6c,4c,1d,3b,1b,5b,c7,b3,
2f,e8,9b,ad,02,ba,d2,08,5d,df,58,50,fd
.
[HKEY_USERS\S-1-5-21-1123561945-1614895754-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,2a,dc,4e,68,d2,9f,48,97,9a,1a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,2a,dc,4e,68,d2,9f,48,97,9a,1a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1252)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-03-31 17:52:36
ComboFix-quarantined-files.txt 2014-03-31 16:52
.
Pre-Run: 181,668,614,144 bytes free
Post-Run: 182,256,877,568 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D755FD3C35CBD339EDD56C26942CCC69
8F558EB6672622401DA993E1E865C861

 

[lewis rose]

Do I need to run Rkill also or is that only if ComboFix fails?

 

[Broni]

You did fine.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[lewis rose]

# AdwCleaner v3.022 - Report created 31/03/2014 at 19:34:38
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Administrator - LEWIS-CA892573B
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\wincert
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Vuze Remote toolbar
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Spigot
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Slick Savings
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Common\LuaRT
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Search Settings
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\searchplugins\bingp.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Vuze\Azureus.exe]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-GB)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8732 octets] - [31/03/2014 19:34:08]
AdwCleaner[S0].txt - [8715 octets] - [31/03/2014 19:34:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8775 octets] ##########

 

[lewis rose]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 31/03/2014 at 19:43:51.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\wx414iz2.default\extensions\savingsslider@mybrowserbar.com





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/03/2014 at 19:48:17.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[lewis rose]

First part of OTL.Txt Log:

OTL logfile created on: 31/03/2014 19:50:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.87% Memory free
5.34 Gb Paging File | 4.71 Gb Available in Paging File | 88.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 196.49 Gb Total Space | 169.65 Gb Free Space | 86.34% Space Free | Partition Type: NTFS
Drive D: | 269.27 Gb Total Space | 211.80 Gb Free Space | 78.66% Space Free | Partition Type: NTFS

Computer Name: LEWIS-CA892573B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/31 19:50:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL (1).exe
PRC - [2014/03/19 22:17:52 | 004,971,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2014/02/06 11:11:18 | 003,607,056 | ---- | M] (Aztec Media Inc.) -- C:\Program Files\Settings Manager\systemk\systemku.exe
PRC - [2014/02/06 11:11:13 | 003,448,848 | ---- | M] (Aztec Media Inc.) -- C:\Program Files\Settings Manager\systemk\SystemkService.exe
PRC - [2014/01/28 15:35:50 | 002,135,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2013/12/13 02:00:00 | 003,228,080 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/05/06 14:37:30 | 000,598,776 | ---- | M] () -- C:\Program Files\Game Booster Pro\Games Box.exe
PRC - [2010/12/02 15:12:56 | 001,316,248 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/10/29 10:36:10 | 000,492,968 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2010/07/27 10:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/07/26 03:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/05/20 16:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/07/27 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/27 13:00:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2007/07/27 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/28 15:35:50 | 002,135,232 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
MOD - [2014/01/24 13:29:31 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2014/01/24 13:27:57 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2014/01/24 13:27:09 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2014/01/24 13:27:04 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2014/01/24 13:26:50 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2014/01/24 13:25:47 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2014/01/24 13:25:42 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2014/01/24 13:23:29 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2014/01/24 13:23:26 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/08/15 20:32:16 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2783.40072__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2013/08/15 20:32:16 | 000,237,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.40029__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:16 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2013/08/15 20:32:16 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2783.40064__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2013/08/15 20:32:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.40049__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:15 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2783.40327__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2013/08/15 20:32:15 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.40293__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.40250__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:03 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2783.40334__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:03 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2783.40078__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2783.40043__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:03 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2783.40077__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:02 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2783.40371__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:02 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2783.40258__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2783.40265__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2013/08/15 20:32:02 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2783.40371__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:02 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.40257__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2783.40195__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2783.40098__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2783.40187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2783.40050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2783.40278__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2013/08/15 20:32:01 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2783.40180__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2783.40092__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2783.40217__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2013/08/15 20:32:01 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.40104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.40216__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2013/08/15 20:32:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2013/08/15 20:32:01 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2013/08/15 20:32:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2013/08/15 20:32:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2013/08/15 20:32:01 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2729.30255__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2013/08/15 20:32:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2013/08/15 20:32:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2013/08/15 20:32:00 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2013/08/15 20:32:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2013/08/15 20:32:00 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2013/08/15 20:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2729.30217__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2013/08/15 20:32:00 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2013/08/15 20:31:59 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2013/08/15 20:31:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2013/08/15 20:31:59 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2013/08/15 20:31:59 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2013/08/15 20:31:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2013/08/15 20:31:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2013/08/15 20:31:59 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2013/08/15 20:31:59 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2013/08/15 20:31:59 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2013/08/15 20:31:56 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2783.40058__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2013/08/15 20:31:56 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.40305__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2013/08/15 20:31:56 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.40314__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2013/08/15 20:31:56 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.40021__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2013/08/15 20:31:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.40312__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2013/08/15 20:31:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2013/08/15 20:31:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2013/08/15 20:31:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.40357__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2013/08/15 20:31:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2013/08/15 20:31:56 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2013/08/15 20:31:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2013/08/15 20:31:56 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.40019__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2013/08/15 20:31:55 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2783.40037__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2013/08/15 20:31:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.40022__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2013/08/15 20:31:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2783.40021__90ba9c70f846762e\APM.Server.dll
MOD - [2013/08/15 20:31:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2783.40020__90ba9c70f846762e\AEM.Server.dll
MOD - [2013/08/15 20:31:55 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2013/08/15 20:31:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.40313__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2013/08/15 20:31:55 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2013/08/15 20:31:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2013/08/15 20:31:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2013/05/06 14:37:30 | 000,598,776 | ---- | M] () -- C:\Program Files\Game Booster Pro\Games Box.exe
MOD - [2010/07/27 10:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2007/07/27 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/27 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/01/31 20:55:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - [2014/03/16 16:13:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/01 19:05:15 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/23 22:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/02/06 11:11:13 | 003,448,848 | ---- | M] (Aztec Media Inc.) [Auto | Running] -- C:\Program Files\Settings Manager\systemk\SystemkService.exe -- (SystemkService)
SRV - [2014/01/28 15:35:50 | 002,135,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 10:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/07/27 10:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (nbdrvMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (nbdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Af02745\Upgrade\atidgllk.sys -- (atidgllk)
DRV - [2014/03/23 13:26:57 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/01/19 22:46:54 | 000,022,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/11/25 22:56:22 | 000,210,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/11/25 22:56:22 | 000,149,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/11/25 22:49:18 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/01 00:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 23:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/01 01:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/10 01:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/05/27 14:52:12 | 000,829,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/05/20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/07/28 04:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/12/28 17:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/03 09:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/08/14 14:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=273&src=ds&p=
IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\..\SearchScopes\{70FA6959-5914-4C58-A9BB-3B3E8F133811}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}: "URL" = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=273&src=ds&p={searchTerms}
IE - HKU\S-1-5-21-1123561945-1614895754-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "default-search.net"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com/?type=994519&fr=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.24\extensions\\Components: C:\Program Files\SeaMonkey\components [2014/03/02 12:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.24\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2013/11/24 15:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/03/31 19:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions
[2014/03/01 21:01:28 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2014/03/25 18:03:44 | 000,000,000 | ---D | M] (Start Page) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
[2014/03/01 21:01:55 | 000,000,000 | ---D | M] (Linkey for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions\extension@linkeyproject.com
[2014/02/03 13:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions\extension@linkeyproject.com\content
[2014/02/03 13:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions\extension@linkeyproject.com\skin
[2014/03/02 12:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\SeaMonkey\Profiles\u4mqkxb7.default\extensions
[2014/03/01 14:51:55 | 000,957,290 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/03/01 21:01:32 | 000,002,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\searchplugins\default-search.xml
[2014/03/25 17:52:56 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wx414iz2.default\searchplugins\yahoo_ff.xml
[2013/11/24 15:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/01 19:05:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

[lewis rose]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/03/31 17:51:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1614895754-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1CDF7B5-E571-4E93-90E0-B0C1D963B4A9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - http://www.thepeerage.com/186837_001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/15 19:04:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/31 19:39:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/31 19:34:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/31 18:04:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/31 17:46:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/03/31 17:45:18 | 005,192,353 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFi.exe
[2014/03/31 17:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Template
[2014/03/31 17:28:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/03/31 17:28:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/03/31 17:28:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/03/31 17:28:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/03/31 17:28:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/31 17:28:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/03/31 17:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/03/31 17:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\mbar
[2014/03/31 16:49:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2014/03/31 11:07:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2014/03/31 10:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/03/30 11:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LOGS
[2014/03/30 11:46:03 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/30 11:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/30 11:43:05 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/30 11:43:05 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/30 11:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/03/30 11:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/03/27 15:45:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2014/03/27 15:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Vuze Remote
[2014/03/25 17:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.swt
[2014/03/25 17:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2014/03/25 17:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Vuze Downloads
[2014/03/24 17:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AdFender
[2014/03/24 17:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\AdFender
[2014/03/24 17:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AdFender
[2014/03/24 17:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AdFender
[2014/03/23 13:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2014/03/16 16:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adblock Plus for IE
[2014/03/16 16:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adblock Plus for IE
[2014/03/16 16:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE
[2014/03/16 16:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014/03/16 16:12:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2014/03/16 16:10:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2014/03/16 16:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2014/03/16 16:07:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/16 16:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\AppData
[2014/03/16 12:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster Pro
[2014/03/16 12:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Game Booster Pro
[2014/03/14 16:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/03/14 16:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/03/14 16:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/10 16:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2014/03/02 13:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2014/03/02 13:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\COMODO
[2014/03/02 13:20:50 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2014/03/02 13:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2014/03/02 13:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Maxthon
[2014/03/02 13:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2014/03/02 12:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FlashPeak
[2014/03/02 12:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashPeak SlimBoat
[2014/03/02 12:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\SlimBoat
[2014/03/02 12:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SeaMonkey
[2014/03/02 12:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2014/03/01 21:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OfferMosquito
[2014/03/01 21:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Common
[2014/03/01 21:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Linkey
[2014/03/01 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Settings Manager
[2014/03/01 21:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\systemk
[2014/03/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2014/03/01 20:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2014/03/01 20:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2014/03/01 20:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014/03/01 20:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/31 19:36:44 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/31 19:36:43 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Games Booster.job
[2014/03/31 19:36:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/31 19:23:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/31 18:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/31 17:51:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/31 17:46:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/03/31 17:45:04 | 005,192,353 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFi.exe
[2014/03/31 17:27:37 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 17:03:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/03/31 15:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/31 10:52:37 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/03/30 11:43:11 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/30 11:26:10 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/30 11:26:10 | 000,067,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/29 20:33:26 | 000,041,037 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trojan.gif
[2014/03/28 16:24:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/25 17:52:13 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2014/03/25 17:52:13 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/03/24 17:42:39 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk
[2014/03/24 17:39:22 | 000,724,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adblock.crx
[2014/03/23 13:27:13 | 000,003,745 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/03/23 13:26:57 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2014/03/20 17:22:16 | 000,199,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\8.jpg
[2014/03/16 16:11:11 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2014/03/16 16:10:34 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/16 12:59:37 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Games Box.lnk
[2014/03/16 12:59:36 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Game Booster.lnk
[2014/03/16 12:59:27 | 002,653,760 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\GameBoosterSetup.exe
[2014/03/15 12:20:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/14 16:21:03 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/03/05 10:02:24 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/02 13:20:57 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2014/03/02 13:20:50 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2014/03/02 13:15:51 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxthon Cloud Browser.lnk
[2014/03/02 12:51:27 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBoat.lnk
[2014/03/02 12:51:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlashPeak SlimBoat.lnk
[2014/03/02 12:43:33 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2014/03/02 12:43:33 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2014/03/01 20:14:28 | 000,034,344 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/31 17:46:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/03/31 17:46:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/03/31 17:28:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/03/31 17:28:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/03/31 17:28:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/03/31 17:28:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/03/31 17:28:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/03/30 11:43:11 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/29 20:33:26 | 000,041,037 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trojan.gif
[2014/03/25 17:52:13 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2014/03/25 17:52:13 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2014/03/25 17:52:13 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/03/24 17:40:59 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk
[2014/03/24 17:39:20 | 000,724,521 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adblock.crx
[2014/03/20 17:22:15 | 000,199,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\8.jpg
[2014/03/16 16:11:11 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2014/03/16 13:06:05 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/16 12:59:50 | 000,000,362 | ---- | C] () -- C:\WINDOWS\tasks\Games Booster.job
[2014/03/16 12:59:37 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Games Box.lnk
[2014/03/16 12:59:36 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Game Booster.lnk
[2014/03/16 12:59:26 | 002,653,760 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\GameBoosterSetup.exe
[2014/03/14 16:21:03 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/03/02 13:20:57 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2014/03/02 13:15:51 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxthon Cloud Browser.lnk
[2014/03/02 12:51:27 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashPeak SlimBoat.lnk
[2014/03/02 12:51:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlashPeak SlimBoat.lnk
[2014/03/02 12:43:33 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2014/03/02 12:43:33 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2014/03/01 21:01:58 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Linkey.lnk
[2014/03/01 20:14:28 | 000,034,344 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2014/03/01 20:13:32 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/01 20:13:29 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2014/01/24 13:30:53 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2014/01/24 13:25:00 | 000,114,024 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/12/09 11:56:47 | 000,003,745 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/26 18:54:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2013/08/17 15:41:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2013/08/17 12:29:24 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2013/08/16 01:08:59 | 000,217,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/08/15 20:27:42 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013/08/15 20:27:37 | 000,972,072 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2013/08/15 20:27:36 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2013/08/15 20:27:35 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2013/08/15 20:27:35 | 000,151,367 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013/08/15 20:18:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2013/08/15 19:52:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/08/15 19:51:42 | 000,190,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/15 19:19:19 | 000,004,405 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2013/08/15 19:19:18 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2013/08/15 19:05:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/15 19:01:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013/08/15 20:28:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 19:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2007/07/27 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2007/07/27 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/16 16:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adblock Plus for IE
[2013/10/14 19:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2014/03/28 18:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2013/08/17 11:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2014/03/31 19:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Common
[2014/03/01 19:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Maxthon3
[2014/03/01 21:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfferMosquito
[2014/03/31 17:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2013/08/16 01:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2014/03/27 15:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vuze Remote
[2014/03/24 17:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdFender
[2013/10/14 19:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/08/17 11:08:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/08/17 11:17:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2013/08/17 11:17:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2013/08/17 11:17:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2014/03/15 12:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2013/08/17 11:17:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2013/08/17 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2013/08/16 01:04:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/12/22 12:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elcomsoft Password Recovery
[2014/03/31 17:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/03/16 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/08/17 12:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2014/03/31 19:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\systemk
[2013/09/20 10:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >

 

[lewis rose]

OTL Extras logfile created on: 31/03/2014 19:50:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 83.87% Memory free
5.34 Gb Paging File | 4.71 Gb Available in Paging File | 88.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 196.49 Gb Total Space | 169.65 Gb Free Space | 86.34% Space Free | Partition Type: NTFS
Drive D: | 269.27 Gb Total Space | 211.80 Gb Free Space | 78.66% Space Free | Partition Type: NTFS

Computer Name: LEWIS-CA892573B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SlimBoatHtml] -- C:\Program Files\SlimBoat\SlimBoat.exe (FlashPeak Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\SlimBoat\SlimBoat.exe" "%1" (FlashPeak Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Maxthon\bin\MxUp.exe" = C:\Program Files\Maxthon\bin\MxUp.exe:*:Enabled:MxUp -- (Maxthon International ltd.)
"C:\Program Files\Maxthon\bin\Maxthon.exe" = C:\Program Files\Maxthon\bin\Maxthon.exe:*:Enabled:Maxthon -- (Maxthon International ltd.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabledersonal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C96E247-970D-48F9-947A-1060A67BECC6}" = AVG 2014
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX6500_series" = Canon iX6500 series Printer Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1913E6D4-E2EF-7F11-9735-F1B8379656FA}" = Catalyst Control Center Localization Chinese Standard
"{1B625CB3-D661-848B-0F1C-E22115CA8916}" = Catalyst Control Center Localization Greek
"{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}" = Adblock Plus for IE (32-bit)
"{22CFDBA1-5180-CB20-A331-2C243F0D23DF}" = CCC Help Portuguese
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23EB3D53-4F28-06CB-2C58-A53AAC6AB66A}" = CCC Help Russian
"{27BE42BF-B9D0-4139-6D7A-FD114B1B05CA}" = Catalyst Control Center Localization Finnish
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{34BDD441-DCF8-F318-5EE0-56E3FE3A6E0D}" = Catalyst Control Center Localization Japanese
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36790C28-018F-7FE6-B797-9A9C26BF6247}" = CCC Help Finnish
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A4285FB-F950-3D88-BE62-DAACAE83807E}" = CCC Help Dutch
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{41AC76E6-986C-8571-1308-30B8A0221AB6}" = Catalyst Control Center Localization Italian
"{423A87D1-FD51-90B9-679B-79514B3DB4C2}" = Catalyst Control Center Localization Spanish
"{43D946FF-945F-B44E-177D-C6FE9C24E47A}" = CCC Help Chinese Traditional
"{46B5BD43-A852-785C-6C53-E33FD15F3319}" = Catalyst Control Center Localization Polish
"{4A4D0A43-9027-CE98-6607-1570316464C6}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4EA79330-C742-60A8-DE28-F2C7FCA53B94}" = Catalyst Control Center Localization Turkish
"{51137846-4F82-DD0F-E785-3B4821C018C2}" = Catalyst Control Center Localization Norwegian
"{53C849A2-3CE8-6331-292C-D00B59C2E950}" = CCC Help Swedish
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{65354734-19E0-49EA-9C91-197A17B41095}" = CCC Help Spanish
"{67FCDCE4-5B13-DBD4-2452-0EE74F549D42}" = Catalyst Control Center Localization French
"{691CCB02-392E-2CD4-6D2C-2EA37B8B1CB1}" = Skins
"{6DCE36C0-DDBB-C8B2-A61F-47F18CB56356}" = Catalyst Control Center Localization Danish
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A713B7F-9B66-07CA-283C-5179E4075776}" = CCC Help Korean
"{897309DC-8C77-FC25-5A95-48F5CBCEB59E}" = Catalyst Control Center Localization Hungarian
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A1863E-6529-9FD3-A0B8-21998BB6D2C3}" = Catalyst Control Center Localization Portuguese
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A0E3468-2F13-CAB4-FA98-AB9B16FE88EE}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A677D86-00C6-ECCA-8EB3-488C426FF08E}" = Catalyst Control Center Graphics Full New
"{9C5D5FDC-8F31-D481-65A8-E53E5DC41D52}" = CCC Help German
"{A00BCCA3-30DC-9974-A845-5BB74C31F405}" = CCC Help Czech
"{A14FC690-E050-9CE3-6A68-3D537071CE0B}" = Catalyst Control Center Localization Czech
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7378875-1EF9-46BB-9316-BFB615CB45DA}" = AVG 2014
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ADEBFA1B-214A-5C33-C94D-7A71A49685A1}" = Catalyst Control Center Localization Chinese Traditional
"{B0479390-4651-867F-C6ED-8CEEDF869F6B}" = CCC Help Norwegian
"{B0B44315-3566-0238-CEFA-D0F9FA43CAF2}" = Catalyst Control Center Localization Dutch
"{B0CD383B-61D5-5473-9097-3A57E20635B0}" = ccc-utility
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B498189E-9C23-1574-1D6B-74D6A820637B}" = ccc-core-preinstall
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B825B224-6F84-4E51-90C8-B335FED422B8}" = Facebook Password Extractor
"{B832A5F5-A746-B346-D5D2-5FD79CB66016}" = ccc-core-static
"{B911DCC3-E336-61FF-EEA2-C15371263044}" = Catalyst Control Center Localization Swedish
"{BAEBA02E-E572-2B02-1323-3B22633BBBA4}" = Catalyst Control Center Localization Thai
"{BD03EE50-D356-BF73-849D-F8A392241237}" = CCC Help Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12A0F32-5409-5A7C-5A76-514D4A394E56}" = CCC Help Hungarian
"{C97AE5F3-F93A-34E7-C7EE-DC2C1968FD5D}" = Catalyst Control Center Graphics Previews Common
"{CA34394B-B328-3230-BBD7-EB0196FCA519}" = CCC Help English
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D08C80E2-817A-EBF0-C703-4799A5AE91C0}" = CCC Help Greek
"{D1A1C98E-280E-55D1-AA58-1040362514A9}" = Catalyst Control Center Localization German
"{D4677708-7AF4-B025-B8BF-30C61D77753D}" = Catalyst Control Center Localization Korean
"{DD88325C-C388-C79A-2894-99BAD63EECD5}" = Catalyst Control Center Core Implementation
"{DE3CB5B9-7657-7284-18B4-59BC2F889BEF}" = Catalyst Control Center Graphics Full Existing
"{DEFED772-488C-39A7-A28A-A0C196BEF596}" = Catalyst Control Center Localization Russian
"{DF6DE973-A01A-734D-3B59-6E9852F9EC6F}" = CCC Help Japanese
"{E2BDB56B-464B-49D7-AF12-B34C5E2E284B}" = Vuze Remote Toolbar v8.9
"{E7941B70-28FE-4BFC-E86E-CC9F60F90EBD}" = CCC Help Thai
"{E843C313-32D1-30A4-C3FC-64FFD7122905}" = CCC Help Danish
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA8866CD-063D-190B-58A2-04FE01D3B24B}" = CCC Help French
"{EE2A5162-94A2-3C23-4401-CADD205393CE}" = CCC Help Italian
"{EEB9E99E-217F-8757-3FEA-0E47F30F5900}" = CCC Help Turkish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{fd97d1e2-368a-4cd9-af63-8eeff938044a}" = Adblock Plus for IE
"8461-7759-5462-8226" = Vuze
"AdFender" = AdFender
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2014
"Canon iX6500 series User Registration" = Canon iX6500 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Game Booster Pro_is1" = Game Booster Pro
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.0 Basic
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"Maxthon3" = Maxthon Cloud Browser
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 27.0.1 (x86 en-GB)" = Mozilla Firefox 27.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SeaMonkey 2.24 (x86 en-US)" = SeaMonkey 2.24 (x86 en-US)
"Settings Manager" = Settings Manager
"SlimBoat" = FlashPeak SlimBoat
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-1614895754-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Linkey" = Linkey

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2014 07:48:28 | Computer Name = LEWIS-CA892573B | Source = MsiInstaller | ID = 1013
Description = Product: Skype™ 6.6 -- A later version of Skype™ 6.6 is already installed.

Error - 24/01/2014 08:36:08 | Computer Name = LEWIS-CA892573B | Source = MsiInstaller | ID = 11316
Description = Product: Skype™ 6.11 -- Error 1316. A network error occurred while
attempting to read from the file: C:\Documents and Settings\All Users\Application
Data\Skype\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeSetup_6.6.0.106 (1).msi

[ System Events ]
Error - 29/03/2014 14:18:09 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 30/03/2014 06:24:40 | Computer Name = LEWIS-CA892573B | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 30/03/2014 06:24:52 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.

Error - 30/03/2014 06:24:52 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 31/03/2014 05:47:31 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7022
Description = The MSCamSvc service hung on starting.

Error - 31/03/2014 05:47:31 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 31/03/2014 12:34:10 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 31/03/2014 12:34:29 | Computer Name = LEWIS-CA892573B | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000004, parameter2 881165c0, parameter3
00000000, parameter4 00000000.

Error - 31/03/2014 14:36:51 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater18.0.5 service failed to start due to the following
error: %%2

Error - 31/03/2014 14:36:57 | Computer Name = LEWIS-CA892573B | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (nbdrvMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (nbdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Af02745\Upgrade\atidgllk.sys -- (atidgllk)


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Click on "Run ESET Online Scanner" button.
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[lewis rose]

All processes killed
========== OTL ==========
Service vToolbarUpdater18.0.5 stopped successfully!
Service vToolbarUpdater18.0.5 deleted successfully!
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service nbdrvMP stopped successfully!
Service nbdrvMP deleted successfully!
File system32\DRIVERS\nbdrv.sys not found.
Service nbdrv stopped successfully!
Service nbdrv deleted successfully!
File system32\DRIVERS\nbdrv.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys not found.
Service atidgllk stopped successfully!
Service atidgllk deleted successfully!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Af02745\Upgrade\atidgllk.sys not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3404275 bytes
->Temporary Internet Files folder emptied: 1381103 bytes
->FireFox cache emptied: 2581577 bytes
->Google Chrome cache emptied: 361468028 bytes
->Apple Safari cache emptied: 29775872 bytes
->Flash cache emptied: 10999 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2170638 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2037803 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 384.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04012014_123155

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_aa4.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[lewis rose]

Results of screen317's Security Check version 0.99.81
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Firefox 27.0.1 Firefox out of Date!
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

[lewis rose]

Farbar Service Scanner Version: 25-02-2014
Ran by Administrator (administrator) on 01-04-2014 at 12:38:37
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2007-07-27 13:00] - [2007-07-27 13:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2007-07-27 13:00] - [2007-07-27 13:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2007-07-27 13:00] - [2007-07-27 13:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2013-08-15 19:00] - [2007-07-27 13:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2013-08-15 19:02] - [2007-07-27 13:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2013-08-15 19:02] - [2007-07-27 13:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2013-08-15 19:00] - [2007-07-27 13:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2013-08-15 19:02] - [2007-07-27 13:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2013-08-15 19:02] - [2007-07-27 13:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2007-07-27 13:00] - [2007-07-27 13:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2007-07-27 13:00] - [2007-07-27 13:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2007-07-27 13:00] - [2007-07-27 13:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Avgtdix(9) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x09000000060000000100000002000000030000000400000005000000090000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 

[lewis rose]

ESET Online Scanner successfully scanned with no threats found and also I ran an additional AVG scan to double check and again no threats found. Thank you very much for all your help, its much appreciated, the trojan appears to have gone.

 

[Broni]

Update Firefox to the current 28.0 version.

==============================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current (Service Pack 3!!!)

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.