Jump to content

emandsi

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Seems fine now, I've even managed to sort out the start menu once I knew I didn't have an infection. Thanks very much for your help, much appreciated.
  2. emandsi.txt Removed and reinstalled MWB as requested, no threats found - scan log attached as requested.
  3. AdwCleanerS1.txtFixlog.txt Thanks very much for helping - the two files you requested are hopefully attached!
  4. My MWB won't update to the latest database and Windows Start menu has lost most programs. I have run MWB with the existing database and no infections found. I suspect an infection, can you help please? I attach the logs FRST and addition below. Thank you Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014Ran by Si & Em (administrator) on OFFICE on 29-08-2014 09:35:38Running from C:\Users\Si & Em\DownloadsPlatform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Seagate Technology LLC) C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe(Acresso) C:\Program Files\BFScale\TomcatWrapper.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(GFI Software Ltd.) C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe(GFI Software Ltd.) C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe(Sun Microsystems, Inc.) C:\Program Files\BFScale\jre\bin\javaw.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Microsoft Corporation) C:\Windows\System32\sdclt.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKU\S-1-5-21-4215232878-3778433314-1021037147-1000\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)HKU\S-1-5-21-4215232878-3778433314-1021037147-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-18] (Google Inc.)HKU\S-1-5-21-4215232878-3778433314-1021037147-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-4215232878-3778433314-1021037147-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-4215232878-3778433314-1021037147-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnkShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49417;https=127.0.0.1:49417HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x802DE0AA2C57CA01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gbHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {e708ddf6-c3b4-4a03-a9d6-3de7e4009b3b} URL = http://search.bt.com/result?fr=chr-bt-ws&p={searchTerms}BHO: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No FileBHO: StumbleUpon Launcher -> {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} -> C:\Program Files\StumbleUpon\StumbleUponIEBar.dll No FileBHO: BT Toolbar -> {547a1750-cfe6-4117-8be5-5a88d3fced51} -> C:\Program Files\bttb\btDx.dll No FileBHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No FileToolbar: HKLM - StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll No FileToolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - BT Toolbar - {547a1750-cfe6-4117-8be5-5a88d3fced51} - C:\Program Files\bttb\btDx.dll No FileToolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF ProfilePath: C:\Users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.defaultFF SelectedSearchEngine: BT SearchFF Homepage: hxxp://www.bt.com/broadbandsetupFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll (British Broadcasting Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Si & Em\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\bttb.xmlFF Extension: BT Toolbar - C:\Users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\Extensions\{37cda6af-7527-4915-aa93-20f883f18116} [2013-08-30]FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-03-26]FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-04]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-03]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-17]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-12-01]FF Extension: BT DesktopHelp extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2013-08-30]FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-26]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-05]FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-03-02]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR CustomProfile: C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]CHR Extension: (BT Toolbar) - C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2013-08-30]CHR Extension: (Skype Click to Call) - C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-22]CHR Extension: (Google Wallet) - C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx []CHR HKLM\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files\bttb\toolbar.crx [2013-06-13]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)R2 BFScale; C:\Program Files\BFScale\TomcatWrapper.exe [116224 2012-07-29] (Acresso) [File not signed]S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)R2 GFIBckHAtt; C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [440616 2009-10-22] (GFI Software Ltd.)R2 GFIBckHSched; C:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2324848 2011-01-22] (GFI Software Ltd.)S2 gupdate1c9d16f40794221; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-10] (Google Inc.)S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [602112 2007-06-04] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2011-03-31] (Wireless) [File not signed]R2 KService; C:\Program Files\Kontiki\KService.exe [3072184 2008-02-27] (Kontiki Inc.)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]R2 WpsSupplicant; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe [61440 2011-03-31] () [File not signed]S3 StumbleUponUpdateService; "C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-19] (Microsoft Corporation)S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON)S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON)R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1445888 2011-04-20] (Atheros Communications, Inc.)R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed]S3 Ctxusbr; C:\Windows\System32\DRIVERS\ctxusbr.sys [49712 2011-04-25] (Citrix Systems, Inc.)S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [10752 2008-01-19] (Microsoft Corporation)S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2008-04-01] (LeapFrog)R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)R3 LVPr2Mon; C:\Windows\System32\Drivers\LVPr2Mon.sys [25752 2009-10-07] ()R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-08-28] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)S3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed]S3 ST330; C:\Windows\System32\drivers\st330.sys [30464 2008-03-15] (THOMSON Telecom Belgium)S3 STBUS; C:\Windows\System32\drivers\stbus.sys [12672 2008-03-15] (THOMSON Telecom Belgium)R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2006-11-22] (SigmaTel, Inc.)S3 stppp; C:\Windows\System32\DRIVERS\stppp.sys [49408 2008-03-15] (THOMSON Telecom Belgium) [File not signed]S3 Wdm1; C:\Windows\System32\Drivers\usbbc.sys [15576 2007-01-09] ()U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 NgFilter; system32\DRIVERS\ngfilter.sys [X]S3 NgLog; system32\DRIVERS\nglog.sys [X]S3 NgVpn; system32\DRIVERS\ngvpn.sys [X]S3 NgWfp; system32\DRIVERS\ngwfp.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S0 tclondrv; system32\DRIVERS\tclondrv.sys [X]S0 tpcdrdrv; system32\DRIVERS\tpcdrdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-29 09:35 - 2014-08-29 09:36 - 00026503 _____ () C:\Users\Si & Em\Downloads\FRST.txt2014-08-29 09:35 - 2014-08-29 09:35 - 00000000 ____D () C:\FRST2014-08-29 09:34 - 2014-08-29 09:34 - 01095168 _____ (Farbar) C:\Users\Si & Em\Downloads\FRST.exe2014-08-28 23:07 - 2014-08-28 23:07 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2014-08-17 13:26 - 2014-08-17 13:26 - 00000000 ____D () C:\Users\Si & Em\AppData\Local\{ABAF2B08-4AD1-4634-B0D8-484CC07D921F}2014-08-11 19:00 - 2014-08-11 19:00 - 00599171 _____ () C:\Users\Si & Em\Downloads\winmail (7).dat2014-08-11 19:00 - 2014-08-11 19:00 - 00599171 _____ () C:\Users\Si & Em\Desktop\winmail (7).dat2014-08-11 18:59 - 2014-08-11 18:59 - 00599171 _____ () C:\Users\Si & Em\Downloads\winmail (6).dat2014-08-11 18:52 - 2014-08-11 18:52 - 00599291 _____ () C:\Users\Si & Em\Downloads\H&S Policy Statement of Intent.zip2014-08-10 21:36 - 2014-08-10 21:37 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-10 21:30 - 2014-08-10 21:30 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-10 21:30 - 2014-08-10 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-10 21:30 - 2014-08-10 21:30 - 00000000 ____D () C:\Program Files\QuickTime2014-08-02 17:32 - 2014-08-02 17:32 - 00167424 _____ () C:\Users\Si & Em\Downloads\hpc-financial-report-monthly.xls2014-08-02 17:32 - 2014-08-02 17:32 - 00167424 _____ () C:\Users\Si & Em\Downloads\hpc-financial-report-monthly (1).xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-29 09:36 - 2014-08-29 09:35 - 00026503 _____ () C:\Users\Si & Em\Downloads\FRST.txt2014-08-29 09:36 - 2008-12-21 09:31 - 00000000 ___HD () C:\ProgramData\Kontiki2014-08-29 09:35 - 2014-08-29 09:35 - 00000000 ____D () C:\FRST2014-08-29 09:34 - 2014-08-29 09:34 - 01095168 _____ (Farbar) C:\Users\Si & Em\Downloads\FRST.exe2014-08-29 09:34 - 2006-11-02 13:47 - 00003792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-29 09:34 - 2006-11-02 13:47 - 00003792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-29 09:27 - 2012-11-25 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-29 08:59 - 2013-10-08 15:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-28 23:07 - 2014-08-28 23:07 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys2014-08-28 14:26 - 2006-11-02 13:52 - 01814073 _____ () C:\Windows\WindowsUpdate.log2014-08-28 14:08 - 2009-07-01 20:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-28 14:07 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-25 21:41 - 2006-11-02 14:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-17 13:26 - 2014-08-17 13:26 - 00000000 ____D () C:\Users\Si & Em\AppData\Local\{ABAF2B08-4AD1-4634-B0D8-484CC07D921F}2014-08-16 10:09 - 2009-05-10 14:00 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-08-11 19:00 - 2014-08-11 19:00 - 00599171 _____ () C:\Users\Si & Em\Downloads\winmail (7).dat2014-08-11 19:00 - 2014-08-11 19:00 - 00599171 _____ () C:\Users\Si & Em\Desktop\winmail (7).dat2014-08-11 18:59 - 2014-08-11 18:59 - 00599171 _____ () C:\Users\Si & Em\Downloads\winmail (6).dat2014-08-11 18:52 - 2014-08-11 18:52 - 00599291 _____ () C:\Users\Si & Em\Downloads\H&S Policy Statement of Intent.zip2014-08-10 21:37 - 2014-08-10 21:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-10 21:37 - 2014-02-21 00:23 - 00000000 ____D () C:\Program Files\iTunes2014-08-10 21:37 - 2011-10-16 09:46 - 00001664 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-10 21:37 - 2011-10-16 09:46 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-10 21:36 - 2008-02-10 23:07 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-10 21:30 - 2014-08-10 21:30 - 00001726 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-10 21:30 - 2014-08-10 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-10 21:30 - 2014-08-10 21:30 - 00000000 ____D () C:\Program Files\QuickTime2014-08-09 15:31 - 2006-11-02 11:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-03 21:11 - 2014-06-14 16:07 - 00000000 ____D () C:\Users\Si & Em\Car music june 142014-08-03 20:53 - 2014-01-18 19:43 - 00000000 ____D () C:\Users\Si & Em\Car music Jan 142014-08-03 20:52 - 2007-02-28 13:14 - 00000000 ____D () C:\Users\Si & Em2014-08-03 20:50 - 2014-05-11 14:16 - 00000000 ____D () C:\Users\Si & Em\Car music paolo2014-08-03 20:50 - 2012-09-15 11:47 - 00000000 ____D () C:\Users\Si & Em\Car music Jan 132014-08-02 17:32 - 2014-08-02 17:32 - 00167424 _____ () C:\Users\Si & Em\Downloads\hpc-financial-report-monthly.xls2014-08-02 17:32 - 2014-08-02 17:32 - 00167424 _____ () C:\Users\Si & Em\Downloads\hpc-financial-report-monthly (1).xls Files to move or delete:====================C:\Users\Si & Em\avg_free_stb_all_8_32_cnet.exeC:\Users\Si & Em\Firefox Setup 3.0.7.exeC:\Users\Si & Em\g2ax_customer_downloadhelper_win32_x86.exeC:\Users\Si & Em\picasa3-setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 02:26 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014Ran by Si & Em at 2014-08-29 09:36:39Running from C:\Users\Si & Em\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AudibleManager (HKLM\...\AudibleManager) (Version: 1990248.1244696.1995255483.4442364 - Audible, Inc.)Auslogics Duplicate File Finder (HKLM\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: version 2.3 - Auslogics Software Pty Ltd)BBC iPlayer Download Manager (HKLM\...\BBC iPlayer Download Manager) (Version: 1.7.2449 - BBC)BBC iPlayer Download Manager (Version: 1.7.2449 - BBC.) HiddenBFScale (HKLM\...\BFScale) (Version: 1.0.0.0 - )Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)BT Desktop Help (HKLM\...\BT Desktop Help) (Version: - )BT Toolbar (HKLM\...\bttb) (Version: 1.0.0.28 - Visicom Media Inc.)BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hiddenc5200_Help (Version: 90.0.189.000 - Hewlett-Packard) HiddenCANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.3.0.14 - Canon Inc.)Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.1.0.18 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.2.0.34 - Canon Inc.)Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)Canon Utilities Digital Photo Professional 3.6 (HKLM\...\DPP) (Version: 3.6.0.0 - Canon Inc.)Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.6.0.0 - Canon Inc.)Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.6.0.1 - Canon Inc.)Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.5.0.0 - Canon Inc.)Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)Canon Utilities WFT-E1/E2/E3/E4 Utility (HKLM\...\WFTK) (Version: 3.3.0.0 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.3.1.8 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.2.11 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)CDDRV_Installer (Version: 4.60 - Logitech) HiddenCitrix online plug-in (DV) (Version: 12.1.44.1 - Citrix Systems, Inc.) HiddenCitrix online plug-in (HDX) (Version: 12.1.44.1 - Citrix Systems, Inc.) HiddenCitrix online plug-in (HKLM\...\CitrixOnlinePluginFull) (Version: 12.1.44.1 - Citrix Systems, Inc.)Citrix online plug-in (PNA) (Version: 12.1.44.1 - Citrix Systems, Inc.) HiddenCitrix online plug-in (SSON) (Version: 12.1.44.1 - Citrix Systems, Inc.) HiddenCitrix online plug-in (USB) (Version: 12.1.44.1 - Citrix Systems, Inc.) HiddenCitrix online plug-in (Web) (Version: 12.1.44.1 - Citrix Systems, Inc.) HiddenCompatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDell Resource CD (HKLM\...\{2764CA82-DFB9-4498-AF85-719340BF5305}) (Version: 1.00.0000 - Dell Inc.)Drive Manager (HKLM\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)Drive Manager (Version: 1.00.0012 - Seagate Technology) HiddenEmployment Law Organiser (HKLM\...\com.adobe.BIS.ELO.46BE49BD7586E33BF014AD75480F7B6954902B01.1) (Version: 1.0.1 - Department for Business Innovation and Skills ( BIS ))Employment Law Organiser (Version: 1.0.1 - Department for Business Innovation and Skills ( BIS )) HiddenFax (Version: 120.0.194.000 - Hewlett-Packard) HiddenFormatFactory 3.3.4.0 (HKLM\...\FormatFactory) (Version: 3.3.4.0 - Format Factory)Free M4a to MP3 Converter 6.1 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)getPlus® (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.19 - NOS Microsystems Ltd.)GFI Backup 2009 - Home Edition (HKLM\...\GFI Backup 2009 - Home Edition) (Version: 3.0 - GFI Software Ltd.)Gigaset QuickSync (HKLM\...\{68da4c12-3662-4e8d-b9fc-4754d64e13d7}) (Version: 4.2.0004.14519 - Gigaset Communications GmbH)Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenHP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) HiddenHPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)iPhone Backup Extractor (HKCU\...\iPhone Backup Extractor) (Version: 4.6.6.0 - Reincubate Ltd)iPhone Configuration Utility (HKLM\...\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}) (Version: 2.1.0.163 - Apple Inc.)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJunk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKhalInstallWrapper (Version: 4.60.122 - Logitech) HiddenLeapFrog Connect (HKLM\...\UPCShell) (Version: 3.2.19.13664 - LeapFrog)LeapFrog Connect (Version: 3.2.19.13664 - LeapFrog) HiddenLeapFrog Tag Plugin (Version: 3.2.19.13664 - LeapFrog) HiddenLogitech QuickCam Driver Package (HKLM\...\lvdrivers_11.90) (Version: - )Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Mozilla Firefox 8.0 (x86 en-US) (HKLM\...\Mozilla Firefox 8.0 (x86 en-US)) (Version: 8.0 - Mozilla)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My IPs (HKLM\...\My IPs) (Version: 2.0 - Camtech 2000)NetDeviceManager (Version: 90.0.205.000 - Hewlett-Packard) HiddenNVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenPS_AIO_02_Software (Version: 100.0.206.000 - Hewlett-Packard) HiddenPS_AIO_02_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) HiddenPS_AIO_02_Software_min (Version: 90.0.222.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)Runtime (Version: 1.00.0000 - Your Company Name) HiddenRuntime 8.0 Libraries (HKLM\...\{EA4FA30B-7321-4428-90E9-28B088EC8DC9}) (Version: 1.0.0.0 - Microsoft)Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)Scan (Version: 10.1.0.0 - Hewlett-Packard) HiddenSegoe UI (Version: 15.4.2271.0615 - Microsoft Corp) HiddenSigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5003.0 - SigmaTel)Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)Sonic Activation Module (Version: 1.0 - Sonic Solutions) HiddenSony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: - )Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)TL-WN822N/TL-WN821N Driver (HKLM\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK)Toolbox (Version: 100.0.170.000 - Hewlett-Packard) HiddenTP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)Transfer MyPC (HKLM\...\{1A35F39E-E254-432F-B4D8-3387527FB5CF}) (Version: 4.52 - Orlogix)UnloadSupport (Version: 10.0.0 - Hewlett-Packard) HiddenUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM\...\TagPlugin) (Version: 3.2.19.13664 - LeapFrog)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebEx (HKCU\...\ActiveTouchMeetingClient) (Version: - WebEx Communications, Inc)WebReg (Version: 100.0.170.000 - Hewlett-Packard) HiddenWindows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Movie Maker 2.6 (HKLM\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4040.0 - Microsoft Corporation)WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.1 - BillP Studios)WinZip (HKLM\...\WinZip) (Version: 10.0 (6685) - WinZip Computing LP) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}\InprocServer32 -> C:\Program Files\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax ()CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\Windows\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\Windows\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\Windows\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\Windows\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\Windows\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 -> C:\Windows\system32\ssa3d30.ocx (Sheridan Software Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}\InprocServer32 -> C:\Program Files\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax ()CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}\InprocServer32 -> C:\Program Files\Citrix\ICA Client\CCMProxy.dll (Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\924\atucfobj.dll (WebEx Communications Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{33BCA8CF-DDC7-4CC2-A28A-809254CD3EF2}\InprocServer32 -> C:\Windows\system32\RcdScan.dll (Dell Computer Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{3F1A1BD3-19FE-4329-8AD3-B2E54AD4DB59}\InprocServer32 -> C:\Windows\system32\RcdScan.dll (Dell Computer Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> C:\Windows\system32\ACTXPRXY.DLL (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}\localserver32 -> C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE (Citrix Systems, Inc.)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}\InprocServer32 -> C:\Windows\system32\urlmon.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> C:\Windows\System32\MSCOMCTL.OCX (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-4215232878-3778433314-1021037147-1000_Classes\CLSID\{FF1CD9A3-00CD-45c1-8182-4EEC229A182D}\InprocServer32 -> C:\Windows\system32\plx_upldr.dll () ==================== Restore Points ========================= 25-08-2014 18:58:29 Windows Update28-08-2014 16:14:39 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2013-10-02 14:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {2DAF30D1-40A8-449E-8E37-28E0C0067778} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {3191A43D-23E3-4254-A11A-E7D18EDCA349} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe <==== ATTENTIONTask: {3244C17E-6614-47BD-B497-DF73C1D2BA70} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)Task: {7FE0B8B7-3C19-4B55-90DF-21957FCCA282} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)Task: {8A8574B3-65AB-4C1C-90CC-77036AC3F3AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-10] (Google Inc.)Task: {8C28D418-7F51-404C-A567-DD94BE9BC3C1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {92AC08D4-0060-4F36-947B-18D2E823239A} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {CC8C83FF-AF71-4EDF-92FF-472BD3755ABD} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {DC0ED2F8-48BB-4DBE-A779-E4FF4235F86D} - System32\Tasks\{BDDD6AA4-DC09-4F72-BCE3-AF9FD3FA67D6} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)Task: {E4A5E1FD-51D4-444E-AECA-BE9691148D72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-10] (Google Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-08-14 16:19 - 2011-03-31 15:36 - 00061440 _____ () C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe2006-11-02 11:25 - 2008-06-03 04:35 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll2013-10-04 12:47 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2014-08-16 10:09 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll2014-08-16 10:09 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll2014-08-16 10:09 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll2014-04-13 10:02 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-04-13 10:02 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Si & Em\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B174FAEAlternateDataStreams: C:\Users\Si & Em\Desktop\FW_ Final Copy of Project Group Approved DBC and Appendices.msg:OECustomPropertyAlternateDataStreams: C:\Users\Si & Em\Downloads\Emailing_ Group Board 19December2012 Item 7 Treasury Framework, Group Board 19December2012 Item 7 Treasury Fwk, Group Board 19December2012 Item 7 Treasury Fwk, Group Board 19Decemb.eml:OECustomPropertyAlternateDataStreams: C:\Users\Si & Em\Downloads\Emailing_ YHG signed accounts.eml:OECustomPropertyAlternateDataStreams: C:\Users\Si & Em\Downloads\No Subject.eml:OECustomPropertyAlternateDataStreams: C:\Users\Si & Em\Documents\FW_ Final Copy of Project Group Approved DBC and Appendices.eml:OECustomPropertyAlternateDataStreams: C:\Users\Si & Em\Documents\Migration Lost and Found:Roxio EMC Stream ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Online plug-in.lnk => C:\Windows\pss\Online plug-in.lnk.CommonStartupMSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartupMSCONFIG\startupfolder: C:^Users^Si & Em^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BFScale.lnk => C:\Windows\pss\BFScale.lnk.StartupMSCONFIG\startupfolder: C:^Users^Si & Em^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk => C:\Windows\pss\PMB Media Check Tool.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeMSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: basicsmssmenu => "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"MSCONFIG\startupreg: GFI Backup 2009 - Home Edition => "C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe"MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exeMSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exeMSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupMSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startMSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: kdx => C:\Program Files\Kontiki\KHost.exe -allMSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXEMSCONFIG\startupreg: Logitech Vid => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmodeMSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hideMSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Shockwave Updater => C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SU 3.28; GTB6.6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://www.boomerangtv.co.uk/shows/scooby-doo/games/hollywood-horror-2"MSCONFIG\startupreg: SigmatelSysTrayApp => sttray.exeMSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeMSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hideMSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ==================== Faulty Device Manager Devices ============= Name: 6TO4 AdapterDescription: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft 6to4 Adapter #15Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft 6to4 Adapter #53Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft 6to4 Adapter #68Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft 6to4 Adapter #103Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft 6to4 Adapter #198Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft ISATAP Adapter #12Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft ISATAP Adapter #31Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft ISATAP Adapter #32Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft ISATAP Adapter #33Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Microsoft ISATAP Adapter #72Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver ==================== Event log errors: ========================= Application errors:==================Error: (08/25/2014 09:41:19 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (08/25/2014 07:49:23 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system. Error: (08/22/2014 10:50:54 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application iTunes.exe, version 11.3.1.2, time stamp 0x53dc1f90, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0000656e,process id 0x2360, application start time 0xiTunes.exe0. Error: (08/21/2014 10:47:37 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (08/18/2014 00:14:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\7 MINUTE WORKOUT.TMP\INFO.PLIST> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/18/2014 00:14:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\7 MINUTE WORKOUT.TMP\DOWNLOAD.APP> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/18/2014 00:13:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\THE HABIT FACTOR® LITE_ HABITS & GOA.TMP\DOWNLOAD.APP> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/18/2014 00:13:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\VOUCHERCODES.CO.UK.TMP\DOWNLOAD.APP> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/18/2014 11:47:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SI & EM\MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/17/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application WinMail.exe, version 6.0.6001.18000, time stamp 0x47918ed8, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x515ba857, exception code 0xc0000005, fault offset 0x73cc74b2,process id 0x174c, application start time 0xWinMail.exe0. System errors:=============Error: (08/28/2014 02:09:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: tclondrvtpcdrdrv Error: (08/25/2014 07:50:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Windows Font Cache Service%%1053 Error: (08/25/2014 07:50:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Windows Font Cache Service Error: (08/25/2014 07:48:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: tclondrvtpcdrdrv Error: (08/22/2014 09:49:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: tclondrvtpcdrdrv Error: (08/21/2014 10:18:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: tclondrvtpcdrdrv Error: (08/18/2014 11:36:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: tclondrvtpcdrdrv Error: (08/17/2014 09:52:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: tclondrvtpcdrdrv Error: (08/16/2014 11:22:22 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82} Error: (08/16/2014 09:24:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Windows Search%%1053 Microsoft Office Sessions:=========================Error: (08/25/2014 09:41:19 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (08/25/2014 07:49:23 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL) Error: (08/22/2014 10:50:54 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iTunes.exe11.3.1.253dc1f90unknown0.0.0.000000000c00000050000656e236001cfbe531d906bbd Error: (08/21/2014 10:47:37 PM) (Source: EventSystem) (EventID: 4621) (User: )Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000} Error: (08/18/2014 00:14:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\7 MINUTE WORKOUT.TMP\INFO.PLIST Error: (08/18/2014 00:14:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\7 MINUTE WORKOUT.TMP\DOWNLOAD.APP Error: (08/18/2014 00:13:58 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\THE HABIT FACTOR® LITE_ HABITS & GOA.TMP\DOWNLOAD.APP Error: (08/18/2014 00:13:57 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\USERS\SI & EM\MUSIC\ITUNES\MOBILE APPLICATIONS\DOWNLOADS\VOUCHERCODES.CO.UK.TMP\DOWNLOAD.APP Error: (08/18/2014 11:47:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f)C:\USERS\SI & EM\MUSIC\ITUNES\ITUNES LIBRARY.ITL Error: (08/17/2014 01:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )Description: WinMail.exe6.0.6001.1800047918ed8gdiplus.dll_unloaded0.0.0.0515ba857c000000573cc74b2174c01cfba062c2e836d CodeIntegrity Errors:=================================== Date: 2014-08-29 02:21:36.972 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:21:36.298 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:21:35.629 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:21:34.955 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:21:34.281 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:21:33.609 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6000.16386_none_32a3e3ecf533e7fe\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:17:25.167 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:17:24.499 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:17:23.818 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-29 02:17:23.143 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fveapi.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon 64 X2 Dual Core Processor 5000+Percentage of memory in use: 62%Total physical RAM: 2045.76 MBAvailable physical RAM: 762.16 MBTotal Pagefile: 4329.89 MBAvailable Pagefile: 2633.08 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1894.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:288.04 GB) (Free:27.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.83 GB) NTFSDrive j: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 58000000)Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS) ========================================================Disk: 5 (Size: 123.9 MB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  5. I've been unable to update the malwarebytes database for some time (170 days at least) - I have picked up from comments that it may be an infection? Also, I have lost most of my programs on the start menu of widows vista, again I have read suggestions that it may be an infection? Can someone help please?
  6. Thanks for all your help on this Gringo and the tips about security programs to use. Just a query, I still have hijackThis, Blitzblank and Adwcleaner after using OTcleanit, shall I use Revo uninstaller to remove these? Also, without doing anything alse on my PC whilst we have been doing this over the last couple of days, I appear to have lost a good 3-4 GB of space, is that something that is related to the tools and is there anything I can clear down as I am a bit short on storage? Thanks Emandsi
  7. Hi Gringo, a couple of threats picked up by Eset: C:\Users\Si & Em\Downloads\cbsidlm-tr1_14-ZSoft_Uninstaller-ORG-10409090 (1).exe Win32/DownloadAdmin.G applicationC:\Users\Si & Em\Downloads\cbsidlm-tr1_14-ZSoft_Uninstaller-ORG-10409090.exe Win32/DownloadAdmin.G application
  8. Logfile of Hijack this below - computer seems to be running OK at the moment Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:08:34, on 03/10/2013Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16506)Boot mode: Normal Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\AVG\AVG2014\avgui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exeC:\Windows\System32\mobsync.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Citrix\ICA Client\WFCRUN32.EXEC:\Windows\system32\wuauclt.exeC:\Program Files\Windows Mail\WinMail.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Si & Em\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.com/broadbandsetupR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49417;https=127.0.0.1:49417R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)O2 - BHO: BT Toolbar - {547a1750-cfe6-4117-8be5-5a88d3fced51} - C:\Program Files\bttb\btDx.dll (file missing)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (file missing)O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: BT Toolbar - {547a1750-cfe6-4117-8be5-5a88d3fced51} - C:\Program Files\bttb\btDx.dll (file missing)O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exeO4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startupO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exeO9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe (file missing)O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exeO23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exeO23 - Service: BFScale - Acresso - C:\PROGRA~1\BFScale\TOMCAT~1.EXEO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exeO23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXEO23 - Service: Google Update Service (gupdate1c9d16f40794221) (gupdate1c9d16f40794221) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Wireless - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exeO23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exeO23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: StumbleUponUpdateService - Unknown owner - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (file missing)O23 - Service: WpsSupplicant - Unknown owner - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe --End of file - 12066 bytes
  9. Malwarebytes looks clear! hijack this to follow Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.03.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Si & Em :: OFFICE [administrator] 03/10/2013 09:31:22 mbam-log-2013-10-03 (09-31-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266906 Time elapsed: 12 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  10. 32 Bit HP CIO Components Installer Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.04) Adobe Shockwave Player Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Mobile Device Support Apple Software Update AudibleManager Auslogics Duplicate File Finder AVG 2014 BBC iPlayer Download Manager BFScale Bing Bar Bonjour Broadcom 440x 10/100 Integrated Controller BT Desktop Help BT Toolbar BufferChm c5200_Help CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities CameraWindow Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.6 Canon Utilities EOS Utility Canon Utilities MyCamera Canon Utilities Original Data Security Tools Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities WFT-E1/E2/E3/E4 Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CCleaner CDDRV_Installer Citrix online plug-in Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (PNA) Citrix online plug-in (SSON) Citrix online plug-in (USB) Citrix online plug-in (Web) Compatibility Pack for the 2007 Office system D3DX10 Dell Resource CD Drive Manager Employment Law Organiser Fax FormatFactory 2.00 Free M4a to MP3 Converter 6.1 getPlus® GFI Backup 2009 - Home Edition Gigaset QuickSync Google Chrome Google Earth Google Toolbar for Firefox Google Toolbar for Internet Explorer Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Photosmart All-In-One Driver Software 10.0 Rel .2 HP Product Detection HP Update HPProductAssistant HPSSupply iCloud iPhone Backup Extractor iPhone Configuration Utility iTunes Java 7 Update 25 Java Auto Updater Junk Mail filter update KhalInstallWrapper LeapFrog Connect LeapFrog Tag Plugin Logitech QuickCam Driver Package Logitech SetPoint Logitech Vid Logitech Webcam Software Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office Live Add-in 1.5 Microsoft Office Live Meeting 2007 Microsoft Office XP Media Content Microsoft Office XP Professional Microsoft Publisher 2002 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Mozilla Firefox 8.0 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My IPs NetDeviceManager NVIDIA Drivers OGA Notifier 2.0.0048.0 PS_AIO_02_Software PS_AIO_02_Software_min QuickTime Roxio Creator DE Roxio Creator Tools Roxio Express Labeler Roxio Update Manager Runtime Runtime 8.0 Libraries Safari Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Segoe UI SigmaTel Audio Skype Click to Call Skype™ 5.10 Sonic Activation Module Sony USB Driver Spelling Dictionaries Support For Adobe Reader 9 SUPERAntiSpyware TL-WN822N/TL-WN821N Driver Toolbox TP-LINK Wireless Configuration Utility Transfer MyPC UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) Visual Studio 2012 x86 Redistributables WebEx WebReg Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip
  11. Gringo, just a short file this time: BlitzBlank 1.0.0.32 File/Registry Modification Engine native applicationMoveFileOnReboot: sourceFile = "\??\c:\program files\bttb\btdx.dll", destinationFile = "(null)", replaceWithDummy = 0
  12. Hi Gringo No problems encountered computer seems to be running Ok, but haven't been on it a lot I must admit Here is the script: ComboFix 13-10-01.03 - Si & Em 02/10/2013 14:32:16.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1044 [GMT 1:00]Running from: c:\users\Si & Em\Desktop\ComboFix.exeCommand switches used :: c:\users\Si & Em\Desktop\CFScript.txtAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\program files\bttb\btDx.dll"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Si & Em\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\windows\system32\AutoRun.infc:\windows\system32\winsusrm.dllc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-09-02 to 2013-10-02 )))))))))))))))))))))))))))))))..2013-10-02 13:47 . 2013-10-02 13:47 -------- d-----w- c:\users\Si & Em\AppData\Local\temp2013-10-02 13:47 . 2013-10-02 13:47 -------- d-----w- c:\users\Laptop\AppData\Local\temp2013-10-02 13:47 . 2013-10-02 13:47 -------- d-----w- c:\users\Default\AppData\Local\temp2013-10-02 13:47 . 2013-10-02 13:47 -------- d-----w- c:\users\Citrix\AppData\Local\temp2013-10-01 20:15 . 2013-10-01 20:15 -------- d-----w- c:\windows\ERUNT2013-10-01 18:48 . 2013-10-01 19:20 -------- d-----w- C:\AdwCleaner2013-10-01 09:05 . 2013-10-01 09:05 -------- d-----w- C:\FRST2013-10-01 08:08 . 2013-09-15 23:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F992D24D-F230-469A-9FA6-21FA1E821819}\mpengine.dll2013-09-27 22:56 . 2013-09-27 22:56 -------- d-----w- c:\users\Si & Em\AppData\Roaming\AVG20142013-09-27 22:49 . 2013-09-27 22:54 -------- d-----w- c:\programdata\AVG20142013-09-27 22:46 . 2013-09-28 12:57 -------- d-----w- c:\users\Si & Em\AppData\Local\Avg20142013-09-26 12:01 . 2013-09-30 18:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2013-09-23 19:02 . 2013-09-23 19:02 -------- d-----w- c:\users\Si & Em\AppData\Roaming\Reincubate2013-09-22 10:10 . 2013-09-22 10:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12013-09-16 11:30 . 2013-09-16 11:30 4806016 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-09-16 11:30 . 2013-09-16 11:30 4806016 ----a-w- c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll2013-09-12 13:39 . 2013-09-12 13:40 -------- d-----w- c:\program files\Common Files\Adobe2013-09-11 09:00 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll2013-09-11 09:00 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys2013-09-10 21:11 . 2013-09-10 21:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-09 08:19 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL2013-09-08 21:12 . 2013-09-08 21:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-09-22 09:27 . 2012-11-25 09:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-09-22 09:27 . 2011-05-20 08:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-02 09:39 . 2013-09-02 09:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-09-02 09:28 . 2013-09-02 09:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-09-02 09:28 . 2013-09-02 09:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-09-02 09:28 . 2013-09-02 09:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-08-20 21:54 . 2013-08-20 21:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2013-08-07 03:22 . 2009-10-02 19:01 238872 ------w- c:\windows\system32\MpSigStub.exe2013-08-01 15:08 . 2013-08-01 15:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys2013-08-01 15:06 . 2013-08-01 15:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys2013-07-17 19:41 . 2013-08-15 07:23 2048 ----a-w- c:\windows\system32\tzres.dll2013-07-10 09:47 . 2013-08-15 07:23 783360 ----a-w- c:\windows\system32\rpcrt4.dll2013-07-09 12:10 . 2013-08-15 07:22 1205168 ----a-w- c:\windows\system32\ntdll.dll2013-07-08 04:55 . 2013-08-15 07:22 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe2013-07-08 04:55 . 2013-08-15 07:22 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-07-08 04:20 . 2013-08-15 07:22 172544 ----a-w- c:\windows\system32\wintrust.dll2013-07-08 04:16 . 2013-08-15 07:22 98304 ----a-w- c:\windows\system32\cryptnet.dll2013-07-08 04:16 . 2013-08-15 07:22 133120 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-08 04:16 . 2013-08-15 07:22 992768 ----a-w- c:\windows\system32\crypt32.dll2013-07-05 04:53 . 2013-08-15 07:23 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-04-25 01:58 . 2011-04-25 01:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll2011-04-25 02:48 . 2011-04-25 02:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2011-04-25 02:00 . 2011-04-25 02:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2011-04-25 01:59 . 2011-04-25 01:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2011-04-25 01:58 . 2011-04-25 01:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2011-04-25 01:57 . 2011-04-25 01:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2011-04-25 01:58 . 2011-04-25 01:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2011-04-25 01:58 . 2011-04-25 01:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2011-04-25 01:51 . 2011-04-25 01:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2011-04-25 02:00 . 2011-04-25 02:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll2011-11-05 06:53 . 2011-11-08 17:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{547a1750-cfe6-4117-8be5-5a88d3fced51}]2013-06-13 19:06 91712 ----a-w- c:\program files\bttb\btDx.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{547a1750-cfe6-4117-8be5-5a88d3fced51}"= "c:\program files\bttb\btDx.dll" [2013-06-13 91712].[HKEY_CLASSES_ROOT\clsid\{547a1750-cfe6-4117-8be5-5a88d3fced51}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-17 152392]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-8-14 788992].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnkbackup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=c:\windows\pss\Microsoft Office.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Online plug-in.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnkbackup=c:\windows\pss\Online plug-in.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkbackup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartupbackupExtension=.CommonStartup.[HKLM\~\startupfolder\C:^Users^Si & Em^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BFScale.lnk]path=c:\users\Si & Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BFScale.lnkbackup=c:\windows\pss\BFScale.lnk.StartupbackupExtension=.Startup.[HKLM\~\startupfolder\C:^Users^Si & Em^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk]path=c:\users\Si & Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnkbackup=c:\windows\pss\PMB Media Check Tool.lnk.StartupbackupExtension=.Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]2013-04-05 11:58 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]2007-10-09 16:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GFI Backup 2009 - Home Edition]2011-01-22 20:50 2195824 ----a-w- c:\progra~1\GFI\GFIBAC~1\GFIAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]2013-04-05 11:59 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]2006-10-03 11:35 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]2006-10-03 11:37 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2013-09-17 22:45 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]2008-02-29 03:12 76304 ----a-w- c:\windows\KHALMNPR.Exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]2009-07-16 15:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]2011-11-12 12:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]2012-03-08 18:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]2006-11-22 14:56 303104 ----a-w- c:\windows\sttray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2012-07-13 12:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2013-03-12 06:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]2013-09-26 11:39 5703920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2009-01-18 17:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]2008-01-19 07:33 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"AntiVirusOverride"=dword:00000001"AntiSpywareOverride"=dword:00000001"FirewallOverride"=dword:00000001.S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08WindowsMobile REG_MULTI_SZ wcescomm rapimgrLocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgrLocalServiceAndNoImpersonation REG_MULTI_SZ FontCachegetPlusHelper REG_MULTI_SZ getPlusHelpernosGetPlusHelper REG_MULTI_SZ nosGetPlusHelperHPService REG_MULTI_SZ HPSLPSVC.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-24 18:24 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 09:27].2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 12:59].2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 12:59].2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <-loopback>uInternet Settings,ProxyServer = http=127.0.0.1:49417;https=127.0.0.1:49417IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimageIE: {{3015DB92-158E-4b77-9020-85C8E311FBB5} - c:\progra~1\CASINO~1\Casino.exeTrusted Zone: harvesthousing.org.uk\myTrusted Zone: onlinedesktop.co.uk\cryptoTrusted Zone: onlinedesktop.co.uk\loginTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\FF - prefs.js: browser.search.selectedEngine - BT SearchFF - ExtSQL: 2013-08-30 13:14; mcciwbch@motive.com; c:\program files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpiFF - ExtSQL: 2013-08-30 13:15; {37cda6af-7527-4915-aa93-20f883f18116}; c:\users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\extensions\{37cda6af-7527-4915-aa93-20f883f18116}FF - ExtSQL: 2013-09-23 15:05; ffxtlbr@delta.com; c:\users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\extensions\ffxtlbr@delta.comFF - ExtSQL: !HIDDEN! 2011-03-02 20:56; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-10-02 14:47Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2013-10-02 14:49:46ComboFix-quarantined-files.txt 2013-10-02 13:49ComboFix2.txt 2013-10-02 09:30.Pre-Run: 17,809,485,824 bytes freePost-Run: 17,994,690,560 bytes free.- - End Of File - - 87E3C58E28BFE0F6B98033CC7E3488CB5C616939100B85E558DA92B899A0FC36
  13. Gringo, just a quick one when you next respond, I notice that the end of the log above shows almost 1GB of space used during the run, at the end of this process can we delete whatever files are taking up the space?
  14. Gringo log from Combofix below, computer seems to be running normally, although before we started this it wasn't exactly dreadful, just a bit slow on the internet, always 'waiting' for websites to respond ComboFix 13-10-01.03 - Si & Em 02/10/2013 9:19.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1077 [GMT 1:00] Running from: c:\users\Si & Em\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Si & Em\~WRL0005.tmp c:\users\Si & Em\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Si & Em\SallysSpaSetup.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_pcCMService . . ((((((((((((((((((((((((( Files Created from 2013-09-02 to 2013-10-02 ))))))))))))))))))))))))))))))) . . 2013-10-02 08:34 . 2013-10-02 09:25 -------- d-----w- c:\users\Si & Em\AppData\Local\temp 2013-10-02 08:34 . 2013-10-02 08:34 -------- d-----w- c:\users\Laptop\AppData\Local\temp 2013-10-02 08:34 . 2013-10-02 08:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-02 08:34 . 2013-10-02 08:34 -------- d-----w- c:\users\Citrix\AppData\Local\temp 2013-10-01 20:15 . 2013-10-01 20:15 -------- d-----w- c:\windows\ERUNT 2013-10-01 18:48 . 2013-10-01 19:20 -------- d-----w- C:\AdwCleaner 2013-10-01 09:05 . 2013-10-01 09:05 -------- d-----w- C:\FRST 2013-10-01 08:08 . 2013-09-15 23:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F992D24D-F230-469A-9FA6-21FA1E821819}\mpengine.dll 2013-09-27 22:56 . 2013-09-27 22:56 -------- d-----w- c:\users\Si & Em\AppData\Roaming\AVG2014 2013-09-27 22:49 . 2013-09-27 22:54 -------- d-----w- c:\programdata\AVG2014 2013-09-27 22:46 . 2013-09-28 12:57 -------- d-----w- c:\users\Si & Em\AppData\Local\Avg2014 2013-09-26 12:01 . 2013-09-30 18:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-09-23 19:02 . 2013-09-23 19:02 -------- d-----w- c:\users\Si & Em\AppData\Roaming\Reincubate 2013-09-22 10:10 . 2013-09-22 10:11 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-09-16 11:30 . 2013-09-16 11:30 4806016 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-09-16 11:30 . 2013-09-16 11:30 4806016 ----a-w- c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-09-12 13:39 . 2013-09-12 13:40 -------- d-----w- c:\program files\Common Files\Adobe 2013-09-11 09:00 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll 2013-09-11 09:00 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys 2013-09-10 21:11 . 2013-09-10 21:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-09 08:19 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-09-08 21:12 . 2013-09-08 21:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2013-09-02 11:55 . 2012-12-13 15:49 82488 ----a-w- c:\windows\system32\lmdimon8.dll 2013-09-02 11:55 . 2012-12-13 15:49 81976 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll 2013-09-02 11:54 . 2013-09-02 11:54 -------- d-----w- c:\programdata\Applications 2013-09-02 09:39 . 2013-09-02 09:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 09:28 . 2013-09-02 09:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 09:28 . 2013-09-02 09:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 09:28 . 2013-09-02 09:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-22 09:27 . 2012-11-25 09:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-22 09:27 . 2011-05-20 08:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-20 21:54 . 2013-08-20 21:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-08-07 03:22 . 2009-10-02 19:01 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-01 15:08 . 2013-08-01 15:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-08-01 15:06 . 2013-08-01 15:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-07-17 19:41 . 2013-08-15 07:23 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-10 09:47 . 2013-08-15 07:23 783360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-07-09 12:10 . 2013-08-15 07:22 1205168 ----a-w- c:\windows\system32\ntdll.dll 2013-07-08 04:55 . 2013-08-15 07:22 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-08 04:55 . 2013-08-15 07:22 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-08 04:20 . 2013-08-15 07:22 172544 ----a-w- c:\windows\system32\wintrust.dll 2013-07-08 04:16 . 2013-08-15 07:22 98304 ----a-w- c:\windows\system32\cryptnet.dll 2013-07-08 04:16 . 2013-08-15 07:22 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2013-07-08 04:16 . 2013-08-15 07:22 992768 ----a-w- c:\windows\system32\crypt32.dll 2013-07-05 04:53 . 2013-08-15 07:23 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-04-25 01:58 . 2011-04-25 01:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2011-04-25 02:48 . 2011-04-25 02:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2011-04-25 02:00 . 2011-04-25 02:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2011-04-25 01:59 . 2011-04-25 01:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2011-04-25 01:58 . 2011-04-25 01:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2011-04-25 01:57 . 2011-04-25 01:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2011-04-25 01:58 . 2011-04-25 01:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2011-04-25 01:58 . 2011-04-25 01:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2011-04-25 01:51 . 2011-04-25 01:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2011-04-25 02:00 . 2011-04-25 02:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-11-05 06:53 . 2011-11-08 17:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{547a1750-cfe6-4117-8be5-5a88d3fced51}] 2013-06-13 19:06 91712 ----a-w- c:\program files\bttb\btDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{547a1750-cfe6-4117-8be5-5a88d3fced51}"= "c:\program files\bttb\btDx.dll" [2013-06-13 91712] . [HKEY_CLASSES_ROOT\clsid\{547a1750-cfe6-4117-8be5-5a88d3fced51}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-17 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2013-8-14 788992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Online plug-in.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk backup=c:\windows\pss\Online plug-in.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Si & Em^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BFScale.lnk] path=c:\users\Si & Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BFScale.lnk backup=c:\windows\pss\BFScale.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Si & Em^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Media Check Tool.lnk] path=c:\users\Si & Em\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk backup=c:\windows\pss\PMB Media Check Tool.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams] 2013-04-05 11:58 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu] 2007-10-09 16:21 169328 ----a-w- c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GFI Backup 2009 - Home Edition] 2011-01-22 20:50 2195824 ----a-w- c:\progra~1\GFI\GFIBAC~1\GFIAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices] 2013-04-05 11:59 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2006-10-03 11:35 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 11:37 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-09-17 22:45 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-02-29 03:12 76304 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid] 2009-07-16 15:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 13:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2011-11-12 12:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 18:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2006-11-22 14:56 303104 ----a-w- c:\windows\sttray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 12:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-03-12 06:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2013-09-26 11:39 5703920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-01-18 17:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper HPService REG_MULTI_SZ HPSLPSVC . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-24 18:24 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 09:27] . 2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 12:59] . 2013-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 12:59] . 2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49417;https=127.0.0.1:49417 IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage IE: {{3015DB92-158E-4b77-9020-85C8E311FBB5} - c:\progra~1\CASINO~1\Casino.exe Trusted Zone: harvesthousing.org.uk\my Trusted Zone: onlinedesktop.co.uk\crypto Trusted Zone: onlinedesktop.co.uk\login TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\ FF - prefs.js: browser.search.selectedEngine - BT Search FF - ExtSQL: 2013-08-30 13:14; mcciwbch@motive.com; c:\program files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi FF - ExtSQL: 2013-08-30 13:15; {37cda6af-7527-4915-aa93-20f883f18116}; c:\users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\extensions\{37cda6af-7527-4915-aa93-20f883f18116} FF - ExtSQL: 2013-09-23 15:05; ffxtlbr@delta.com; c:\users\Si & Em\AppData\Roaming\Mozilla\Firefox\Profiles\a57b3354.default\extensions\ffxtlbr@delta.com FF - ExtSQL: !HIDDEN! 2011-03-02 20:56; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe MSConfigStartUp-TunePat - c:\program files\TunePat\TunePat.exe AddRemove-StumbleUponIEToolbar - c:\program files\StumbleUpon\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-02 10:26 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2014\avgrsx.exe c:\program files\AVG\AVG2014\avgcsrvx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\AVG\AVG2014\avgidsagent.exe c:\program files\AVG\AVG2014\avgwdsvc.exe c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe c:\progra~1\BFScale\TOMCAT~1.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\BFScale\jre\bin\javaw.exe c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE c:\program files\Kontiki\KService.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Microsoft\BingBar\SeaPort.EXE c:\program files\AVG\AVG2014\avgnsx.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\WUDFHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Citrix\ICA Client\ssonsvr.exe c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe c:\windows\ehome\ehmsas.exe c:\program files\Citrix\ICA Client\WFCRUN32.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2013-10-02 10:30:43 - machine was rebooted ComboFix-quarantined-files.txt 2013-10-02 09:30 . Pre-Run: 19,084,333,056 bytes free Post-Run: 18,108,407,808 bytes free . - - End Of File - - 0ED092510EF6E30487A249C2C632C768 5C616939100B85E558DA92B899A0FC36
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.