Jump to content

tandeejay

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by tandeejay

  1. All steps carried out as requested. THere are no remaining issues or concerns with my PC. Thankyou for your time and persistence in helping me clean my computer. Regards, John PS. I'll be away from this computer for the next 2 days, so wont be able to respond further until Sunday Night. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013 Ran by Grand Poo Bah at 2013-10-25 08:33:02 Run:2 Running from C:\Documents and Settings\Grand Poo Bah\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start DeleteQuarantine: End ***************** C:\FRST\Quarantine => Removed successfully. ==== End of Fixlog ====
  2. Thats fixed it. the userinit value had an extra userinit.exe, at the end. I changed it according to the microsoft KB article, and the My Documents folder no longer appears on login. Thankyou! I think we've finally got things into shape. Are there any further steps you need me to take? Regards, John
  3. Hi Kevin, I'll use ccleaner to clean up my startup as you suggest. I've reset the cleanboot option back to normal boot. I ran OTM, but my computer still opens "My Documents" when logging in. here is the output from OTM: All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\\"UserInit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Alistair ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Grand Poo Bah ->Temp folder emptied: 6240364 bytes ->Temporary Internet Files folder emptied: 1365970 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 36040759 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 829 bytes User: John ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mama Bear ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 5876 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: ntp ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Rebekah ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Rumpus Room ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 87905 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 42.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 10242013_082756
  4. Thanks for that link for incredimail. looks like that might help me dispose of Incredimail once and for all. I tried to remove Adobe Reader 8, but couldn't find it: Here is the screen shot of the My Documents window that always pops up for all users including when starting windows in safe mode: (please note, it is always the logged in users My Documents) I followed the Microsoft instructions for cleanboot, and it took my login time from 4 minutes 20 seconds to 1 minute 30 seconds. Looking through services and start up items I can see there are heaps of "helper" apps that get started for products I don't use often, and the google toolbar updater is still there even though I don't use it anymore, so definitely room for cleanup there. also, when I did the clean start, the My Documents window still appeared. Regards, John
  5. Hi Kevin, Thanks for your persistence with helping me fix problems on my PC. Current status of my PC, it takes 4 minutes, 20 seconds from when I click a user account to log in untill all disk/cpu activity drops off and memory usage stops climbing. This has been like this for a while, (long before I came to this forum for assistance, so may or may not be normal) When any user logs in, a "My Documents" window always pops up, even in safe mode. This has been happening for a while now, (years?) but I have never had any success determining how to stop it short of a rebuild. Not sure if you'd be able to help with this one, but we used to use IncrediMail, but stopped using it when we kept getting the IncrediBar. However, we have a lot of email in it's database, and the only way I know of accessing it is to use incredimail, I'd love to know how to export the data in a format that I could access it all via some other email client like thunderbird. Also, I've used CCleaner by piriform in the past for cleaning up the registry. Is this a safe product to continue to use? I noticed that during the clean up activies that you got me to perform, one of the steps cleaned out my hosts file that had thousands of entries added by SpyBot Search and Destroy to quench certian undesirable websites by forcing them to resolve to 127.0.0.1. Is it safe to run SpyBot S&D and allow it to re-create these? Results of screen317's Security Check version 0.99.74 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Scholastic's I SPY Fantasy SpywareBlaster 5.0 SpyroDriver Spybot - Search & Destroy SpyroPortalDriver SUPERAntiSpyware Free Edition Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 45 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 8 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe Windows Defender MSASCui.exe Alwil Software Avast5 AvastSvc.exe ALWILS~1 Avast5 avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 2% ````````````````````End of Log``````````````````````
  6. Wow, Malware bytes actually completed without crashing this time All processes killed ========== FILES ========== C:\Documents and Settings\Rebekah\My Documents\Downloads\Pazera_Free_MOV_to_AVI_Converter.exe moved successfully. C:\Downloads\Software\Guffins.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Alistair ->Temp folder emptied: 51668 bytes ->Temporary Internet Files folder emptied: 48311458 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 3026 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Grand Poo Bah ->Temp folder emptied: 9762228 bytes ->Temporary Internet Files folder emptied: 27732736 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 153211558 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2870 bytes User: John ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Mama Bear ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 15530 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: ntp ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Rebekah ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Rumpus Room ->Temp folder emptied: 315333 bytes ->Temporary Internet Files folder emptied: 321193 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 58753634 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 602 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 325988 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 2480 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 14318725 bytes Total Files Cleaned = 299.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 10222013_200439 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:2) OS: Microsoft Windows XP x86 Ran by Grand Poo Bah on Tue 22/10/2013 at 20:25:35.67 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im ~~~ Files ~~~ Folders ~~~ Chrome Successfully deleted: [Folder] C:\Documents and Settings\Grand Poo Bah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 22/10/2013 at 20:31:00.57 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.22.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Grand Poo Bah :: JTBLACKBURN [administrator] Protection: Disabled 22/10/2013 8:33:48 PM mbam-log-2013-10-22 (20-33-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 382906 Time elapsed: 13 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013 Ran by Grand Poo Bah at 2013-10-21 07:40:17 Run:1 Running from C:\Documents and Settings\Grand Poo Bah\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM - DefaultScope value is missing. CHR DefaultSearchURL: (Search Here) - http://www.mysearchr...&c=3512&t=07&q={searchTerms} CHR DefaultSuggestURL: (Search Here) - "suggest_url": "" CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION C:\Documents and Settings\Grand Poo Bah\jagex_cl_runescape_LIVE.dat C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences.dat C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences2.dat C:\Documents and Settings\John\jagex_runescape_preferences.dat C:\Documents and Settings\Rebekah\jagex_cl_runescape_LIVE.dat C:\Documents and Settings\Rebekah\jagex_runescape_preferences.dat C:\Documents and Settings\Rebekah\jagex_runescape_preferences2.dat C:\Documents and Settings\Rebekah\jagex__preferences3.dat C:\Documents and Settings\Rumpus Room\jagex_cl_runescape_LIVE.dat C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences.dat C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences2.dat C:\Documents and Settings\Rumpus Room\jagex__preferences3.dat C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\ntdll_dump.dll End ***************** Default URLSearchHook was restored successfully . HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. CHR DefaultSearchURL: (Search Here) - http://www.mysearchr...&c=3512&t=07&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry. CHR DefaultSuggestURL: (Search Here) - "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. C:\Documents and Settings\Grand Poo Bah\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences.dat => Moved successfully. C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences2.dat => Moved successfully. C:\Documents and Settings\John\jagex_runescape_preferences.dat => Moved successfully. C:\Documents and Settings\Rebekah\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Documents and Settings\Rebekah\jagex_runescape_preferences.dat => Moved successfully. C:\Documents and Settings\Rebekah\jagex_runescape_preferences2.dat => Moved successfully. C:\Documents and Settings\Rebekah\jagex__preferences3.dat => Moved successfully. C:\Documents and Settings\Rumpus Room\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences.dat => Moved successfully. C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences2.dat => Moved successfully. C:\Documents and Settings\Rumpus Room\jagex__preferences3.dat => Moved successfully. C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\ntdll_dump.dll => Moved successfully. ==== End of Fixlog ==== ESET SCAN output: C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B application C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A application C:\Documents and Settings\Rebekah\My Documents\Downloads\Pazera_Free_MOV_to_AVI_Converter.exe Win32/InstallMonetizer.AF application C:\Downloads\Software\Guffins.exe a variant of Win32/AdInstaller application
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013 Ran by Grand Poo Bah (administrator) on JTBLACKBURN on 20-10-2013 10:55:47 Running from C:\Documents and Settings\Grand Poo Bah\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe () C:\Program Files\NTP\bin\ntpd.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvraidservice.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (AVAST Software) C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files\Cyberlink\Shared files\brs.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe (Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Dropbox, Inc.) C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NVRaidService] - C:\WINDOWS\system32\nvraidservice.exe [180520 2006-11-21] (NVIDIA Corporation) HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.) HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.) HKLM\...\Run: [avast5] - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.) HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-13] () HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation) HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation) HKLM\...\Run: [iMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2002-08-29] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-04-08] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.) HKLM\...\Run: [iJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.) HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-06] (Microsoft Corporation) HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] () HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [updateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink) HKLM\...\Run: [updateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [updatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.) HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\lgfw.exe [27760 2012-12-28] (Bitleader) HKLM\...\Run: [updatePSTShortCut] - C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2011-08-31] (CyberLink Corp.) HKLM\...\Run: [RemoteControl10] - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM\...\Run: [bDRegion] - C:\Program Files\Cyberlink\Shared files\brs.exe [78352 2012-08-27] (cyberlink) HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,userinit.exe, Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5706480 2013-10-12] (SUPERAntiSpyware) HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-13] (Google Inc.) HKCU\...\Run: [Create Synchronicity - Scheduler] - C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity\Create Synchronicity.exe [245248 2012-03-11] (Create Software) HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company) HKU\Alistair\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2013-05-01] (Apple Inc.) HKU\Alistair\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.) HKU\Alistair\...\Run: [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\Alistair\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company) HKU\Default User\...\Run: [Nokia.PCSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog HKU\John\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation) HKU\John\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.) HKU\John\...\Run: [PC Suite Tray] - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\John\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company) HKU\Mama Bear\...\Run: [Nokia.PCSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog HKU\Mama Bear\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [ 2013-01-16] (FreeDownloadManager.ORG) HKU\Mama Bear\...\Run: [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\Mama Bear\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation) HKU\Mama Bear\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.) HKU\Mama Bear\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company) HKU\Rebekah\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.) HKU\Rebekah\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.) HKU\Rebekah\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation) HKU\Rebekah\...\Run: [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" HKU\Rebekah\...\Run: [Power2GoExpress] - "C:\Program Files\CyberLink DVD Solution\Power2Go\Power2GoExpress.exe" HKU\Rebekah\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [ 2006-11-13] (Microsoft Corporation) HKU\Rebekah\...\Run: [Create Synchronicity - Scheduler] - C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity\Create Synchronicity.exe [ 2012-03-11] (Create Software) HKU\Rebekah\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company) HKU\Rebekah\...\Run: [ABIT uGuruIII] - C:\Program Files\U-ABIT\abitEQ\abiteq.exe [ 2007-09-05] (Universal ABIT Corporation) HKU\Rebekah\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-01-08] (Skype Technologies S.A.) HKU\Rumpus Room\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation) HKU\Rumpus Room\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) HKU\Rumpus Room\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [ 2006-11-13] (Microsoft Corporation) HKU\Rumpus Room\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company) HKU\Rumpus Room\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [ 2013-01-16] (FreeDownloadManager.ORG) HKU\Rumpus Room\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.) HKU\Rumpus Room\...\Run: [AtiTrayTools] - C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [ 2011-10-30] (Ray Adams) HKU\Rumpus Room\...\Run: [Create Synchronicity - Scheduler] - C:\Stuff\Create Synchronicity\Create Synchronicity.exe /scheduler Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\Grand Poo Bah\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Grand Poo Bah\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Grand Poo Bah\Start Menu\Programs\Startup\Webshots.lnk ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com) Startup: C:\Documents and Settings\Rebekah\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Rebekah\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () BootExecute: PDBoot.exeautocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bom.gov.au/qld/forecasts/secoast.shtml URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242849507962 DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v50/luxor/luxor.cab DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2013-01-09] (SuperAdBlocker.com) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 06 C:\Program Files\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.) Winsock: Catalog9 07 C:\Program Files\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @sun.com/npsopluginmi;version=1.0 - C:\Program Files\OpenOffice.org 2.4\program No File FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml FF Extension: Visualisateur 3D de 20-20 - C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default\Extensions\2020Player_IKEA@2020Technologies.com FF Extension: Free Download Manager plugin - C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default\Extensions\fdm_ffext@freedownloadmanager.org FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [toolbar@webshots.com] - C:\Program Files\Webshots\3.1.5.7613\Firefox FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (Search Here) - http://www.mysearchresults.com/search?&c=3512&t=07&q={searchTerms} CHR DefaultSuggestURL: (Search Here) - "suggest_url": "" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll No File CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (YouTube) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-01-09] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-08-27] (CyberLink) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2007-10-12] () R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1415032 2012-10-04] (Raxco Software, Inc.) R3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2166648 2012-10-04] (Raxco Software, Inc.) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2009-07-03] () S3 VMAuthdService; C:\Program Files\VMware\VMware Server\vmware-authd.exe [121392 2009-03-26] (VMware, Inc.) S3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [326192 2009-03-26] (VMware, Inc.) S3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [399920 2009-03-26] (VMware, Inc.) S3 VMwareHostd; C:\Documents and Settings\All Users\Application Data\VMware\VMware Server\hostd\config.xml [22625 2009-06-01] () S3 VMwareServerWebAccess; C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-03-27] (Apache Software Foundation) S3 vmwriter; C:\Program Files\VMware\VMware Server\vmVssWriter.exe [29744 2009-03-26] (VMware, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation) S2 AGCoreService; "C:\Program Files\AGI\core\3.1\AGCoreService.exe" [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" R2 NTP; C:\Program Files\NTP\bin\ntpd.exe -g -c "C:\Program Files\NTP\etc\ntp.conf" S4 SpyroService; "C:\Program Files\FS\Spyro Portal\FlashPortal.exe" [x] ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices) S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [12416 2008-03-21] (ASUSTeK Computer Inc.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] () R2 athsgt; C:\Windows\System32\DRIVERS\athsgt.sys [164992 2008-03-01] () R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () R1 atitray; C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [20512 2011-08-15] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-25] () S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-09-09] (Avanquest Software) R1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13056 2003-07-16] (B.H.A Corporation) S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [30970 2002-12-16] (Service & Quality Technology.) R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.) R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.) R2 EIO1; C:\WINDOWS\system32\drivers\EIO1.sys [12672 2007-08-08] (ASUSTeK Computer Inc.) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [27672 2007-09-07] (EnTech Taiwan) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-04-18] () S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-12-14] (LogMeIn, Inc.) R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-03-26] (VMware, Inc.) S3 HdAudAddService; C:\Windows\System32\drivers\AtiHdAud.sys [84992 2008-05-11] (ATI Research Inc.) S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36480 2005-05-20] (Logitech, Inc.) R2 limsgt; C:\Windows\System32\DRIVERS\limsgt.sys [12544 2008-03-01] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-25] () R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 Memctl; C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [4047 2006-04-18] () S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [89088 2008-05-05] (NVIDIA Corporation) S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16694 2009-10-31] (PalmSource, Inc.) R2 PDFSfilter; C:\Windows\System32\Drivers\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.) S3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.) R0 PnP680r; C:\Windows\System32\DRIVERS\pnp680r.sys [110120 2007-07-19] (Silicon Image, Inc) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-11-18] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2013-01-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 U81xbus; C:\Windows\System32\DRIVERS\U81xbus.sys [52352 2005-07-15] (MCCI) S3 U81xmdfl; C:\Windows\System32\DRIVERS\U81xmdfl.sys [6064 2005-07-15] (MCCI) S3 U81xmdm; C:\Windows\System32\DRIVERS\U81xmdm.sys [84480 2005-07-15] (MCCI) S3 U81xmgmt; C:\Windows\System32\DRIVERS\U81xmgmt.sys [77472 2005-07-15] (MCCI) S3 U81xobex; C:\Windows\System32\DRIVERS\U81xobex.sys [75456 2005-07-15] (MCCI) R1 vcdrom; C:\WINDOWS\system32\drivers\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-03-26] (VMware, Inc.) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-03-26] (VMware, Inc.) R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-03-26] (VMware, Inc.) R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [857520 2009-03-26] (VMware, Inc.) S3 WINFLASH; C:\Program Files\U-ABIT\BlackBox\WinFlash.sys [3548 2002-09-17] () R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [250496 2006-11-22] (Marvell) S3 ABIT-IO; \??\C:\Documents and Settings\John\ABIT-IO.sys [x] S3 catchme; \??\C:\DOCUME~1\GRANDP~1\LOCALS~1\Temp\catchme.sys [x] S4 IntelIde; No ImagePath S0 Lbd; system32\DRIVERS\Lbd.sys [x] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) S0 uGuru; system32\Drivers\uGuru.sys [x] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] S3 Video3D; System32\Drivers\Video3D32.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-20 10:55 - 2013-10-20 10:55 - 00000000 ____D C:\FRST 2013-10-20 10:54 - 2013-10-20 10:54 - 01087515 _____ (Farbar) C:\Documents and Settings\Grand Poo Bah\Desktop\FRST.exe 2013-10-20 10:20 - 2013-10-20 10:20 - 00004733 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\RKreport[0]_S_10202013_102016.txt 2013-10-20 10:17 - 2013-10-20 10:33 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\RK_Quarantine 2013-10-19 19:46 - 2013-10-19 19:46 - 00065536 _____ C:\WINDOWS\Minidump\Mini101913-01.dmp 2013-10-19 19:28 - 2013-10-19 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-19 19:28 - 2013-10-19 19:59 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-10-19 19:25 - 2013-10-19 20:29 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\mbar 2013-10-19 19:25 - 2013-10-19 19:25 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-10-19 14:13 - 2013-10-19 14:15 - 00000000 ___SD C:\ComboFix 2013-10-19 10:36 - 2013-10-19 10:36 - 00000000 ____D C:\Qoobox 2013-10-19 10:36 - 2011-06-26 16:45 - 00256000 _____ C:\WINDOWS\PEV.exe 2013-10-19 10:36 - 2010-11-08 03:20 - 00208896 _____ C:\WINDOWS\MBR.exe 2013-10-19 10:36 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2013-10-19 10:36 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2013-10-19 10:36 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2013-10-19 10:36 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2013-10-19 10:36 - 2000-08-31 10:00 - 00098816 _____ C:\WINDOWS\sed.exe 2013-10-19 10:36 - 2000-08-31 10:00 - 00080412 _____ C:\WINDOWS\grep.exe 2013-10-19 10:36 - 2000-08-31 10:00 - 00068096 _____ C:\WINDOWS\zip.exe 2013-10-19 10:35 - 2013-10-19 10:35 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-19 10:31 - 2013-10-19 10:31 - 05134711 ____R (Swearware) C:\Documents and Settings\Grand Poo Bah\Desktop\ComboFix.exe 2013-10-18 20:41 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll 2013-10-18 20:41 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll 2013-10-18 20:39 - 2013-10-18 20:39 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-18 20:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-18 20:39 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-18 20:38 - 2013-10-18 20:38 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log 2013-10-18 20:38 - 2013-10-18 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-18 20:38 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-18 20:38 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-18 20:38 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-16 20:45 - 2013-10-16 22:44 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Doctor Web 2013-10-16 20:45 - 2013-10-16 21:19 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2013-10-16 20:40 - 2013-10-16 20:40 - 00001003 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Shortcut to SecurityCheck.exe.lnk 2013-10-16 20:25 - 2013-10-16 20:36 - 132765616 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\cureit.exe 2013-10-15 22:18 - 2013-10-15 22:19 - 00006709 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\myotlcustom.txt 2013-10-15 20:21 - 2013-10-15 20:21 - 00000000 ____D C:\_OTL 2013-10-14 11:49 - 2013-10-14 12:31 - 00270300 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.Txt 2013-10-14 11:49 - 2013-10-14 12:31 - 00102844 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Extras.Txt 2013-10-14 11:31 - 2013-10-14 11:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.exe 2013-10-14 07:01 - 2013-10-14 19:33 - 00002263 _____ C:\Documents and Settings\All Users\Desktop\PrintMaster Platinum 18.lnk 2013-10-14 07:01 - 2013-10-14 07:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMaster Platinum 18 2013-10-13 16:02 - 2013-10-13 16:02 - 00027823 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\dds.txt 2013-10-13 16:02 - 2013-10-13 16:02 - 00023404 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\attach.txt 2013-10-12 23:44 - 2013-10-12 23:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-12 23:43 - 2013-10-12 23:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-12 23:42 - 2013-10-12 23:43 - 00131771 _____ C:\WINDOWS\KB2862335.log 2013-10-12 23:22 - 2013-10-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$ 2013-10-12 23:21 - 2013-10-12 23:22 - 00010226 _____ C:\WINDOWS\KB2884256.log 2013-10-12 23:21 - 2013-10-12 23:21 - 00010781 _____ C:\WINDOWS\KB2868038.log 2013-10-12 23:21 - 2013-10-12 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-12 23:19 - 2013-10-12 23:19 - 00012051 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-12 23:18 - 2013-10-12 23:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-12 23:18 - 2013-10-12 23:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-12 20:41 - 2013-10-06 20:22 - 00452196 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131012-204138.backup 2013-10-12 19:43 - 2013-10-13 15:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster 2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses 2013-10-12 13:21 - 2013-10-12 13:21 - 00000793 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Malwarebytes 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-12 13:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-10-12 12:22 - 2013-10-12 12:22 - 00001416 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\JRT.txt 2013-10-12 12:04 - 2013-10-12 12:04 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-12 11:47 - 2013-10-12 11:51 - 00000000 ____D C:\AdwCleaner 2013-10-12 11:31 - 2013-10-12 11:32 - 00017050 _____ C:\WINDOWS\DPINST.LOG 2013-10-12 11:22 - 2013-10-12 11:22 - 00000821 _____ C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileSync.lnk 2013-10-12 11:22 - 2013-10-12 11:22 - 00000797 _____ C:\Documents and Settings\All Users\Start Menu\Programs\RealtimeSync.lnk 2013-10-12 11:03 - 2013-10-12 23:44 - 00133424 _____ C:\WINDOWS\KB2847311.log 2013-10-12 11:03 - 2013-07-03 12:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-12 11:03 - 2013-07-03 11:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys 2013-10-12 11:01 - 2013-07-17 10:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-12 11:01 - 2013-07-17 10:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2013-10-12 11:01 - 2013-07-17 10:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys 2013-10-12 11:00 - 2013-08-09 10:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-12 11:00 - 2013-08-09 10:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys 2013-10-12 11:00 - 2013-08-09 10:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-12 11:00 - 2009-03-18 21:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-10-06 20:22 - 2012-12-08 22:14 - 00446493 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131006-202209.backup ==================== One Month Modified Files and Folders ======= 2013-10-20 10:56 - 2010-09-12 20:25 - 00481225 _____ C:\WINDOWS\pfirewall.log 2013-10-20 10:56 - 2009-05-20 22:26 - 00393216 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2013-10-20 10:55 - 2013-10-20 10:55 - 00000000 ____D C:\FRST 2013-10-20 10:54 - 2013-10-20 10:54 - 01087515 _____ (Farbar) C:\Documents and Settings\Grand Poo Bah\Desktop\FRST.exe 2013-10-20 10:43 - 2012-07-13 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-20 10:37 - 2008-01-22 18:42 - 00000266 _____ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2013-10-20 10:33 - 2013-10-20 10:17 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\RK_Quarantine 2013-10-20 10:20 - 2013-10-20 10:20 - 00004733 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\RKreport[0]_S_10202013_102016.txt 2013-10-20 10:19 - 2010-01-30 16:48 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-20 10:14 - 2012-06-08 22:44 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox 2013-10-20 10:13 - 2012-06-09 18:14 - 00000000 ___RD C:\Documents and Settings\Grand Poo Bah\My Documents\Dropbox 2013-10-20 10:13 - 2012-02-27 16:26 - 00000000 ____D C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity 2013-10-20 10:13 - 2009-04-13 18:57 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Tracing 2013-10-20 10:12 - 2011-09-23 18:48 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Local Settings\Application Data\Htc 2013-10-20 10:11 - 2012-07-16 20:17 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2013-10-20 10:11 - 2010-01-30 16:48 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-20 10:11 - 2002-08-29 22:00 - 00013754 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-20 10:01 - 2007-12-20 20:52 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job 2013-10-20 09:59 - 2009-06-29 18:22 - 01780075 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-20 09:58 - 2009-06-29 18:29 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-10-20 09:58 - 2009-06-29 18:29 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-20 09:58 - 2007-12-17 05:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-19 21:06 - 2013-01-27 13:18 - 00393216 _____ C:\WINDOWS\system32\config\VPN.evt 2013-10-19 21:06 - 2009-06-29 18:28 - 00032356 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-19 21:06 - 2008-01-27 09:08 - 00000178 ___SH C:\Documents and Settings\Grand Poo Bah\ntuser.ini 2013-10-19 20:46 - 2007-12-18 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Documents\NTP 2013-10-19 20:29 - 2013-10-19 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-19 20:29 - 2013-10-19 19:25 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\mbar 2013-10-19 19:59 - 2013-10-19 19:28 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-10-19 19:52 - 2008-04-27 20:36 - 00007864 _____ C:\Documents and Settings\Grand Poo Bah\_viminfo 2013-10-19 19:52 - 2008-01-27 09:08 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah 2013-10-19 19:46 - 2013-10-19 19:46 - 00065536 _____ C:\WINDOWS\Minidump\Mini101913-01.dmp 2013-10-19 19:46 - 2007-12-25 07:46 - 00000000 __SHD C:\WINDOWS\CSC 2013-10-19 19:46 - 2007-12-17 06:40 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-19 19:45 - 2013-03-19 20:53 - 3219673088 _____ C:\WINDOWS\MEMORY.DMP 2013-10-19 19:25 - 2013-10-19 19:25 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-10-19 19:18 - 2010-09-12 20:25 - 04033300 _____ C:\WINDOWS\pfirewall.log.old 2013-10-19 14:15 - 2013-10-19 14:13 - 00000000 ___SD C:\ComboFix 2013-10-19 14:14 - 2007-12-20 11:30 - 00000178 ___SH C:\Documents and Settings\ntp\ntuser.ini 2013-10-19 13:25 - 2007-12-17 09:13 - 00000000 ____D C:\WINDOWS\ime 2013-10-19 13:18 - 2013-06-02 20:37 - 00079195 _____ C:\WINDOWS\setupapi.log 2013-10-19 10:36 - 2013-10-19 10:36 - 00000000 ____D C:\Qoobox 2013-10-19 10:35 - 2013-10-19 10:35 - 00000000 ____D C:\WINDOWS\erdnt 2013-10-19 10:31 - 2013-10-19 10:31 - 05134711 ____R (Swearware) C:\Documents and Settings\Grand Poo Bah\Desktop\ComboFix.exe 2013-10-18 20:41 - 2011-09-14 19:45 - 00000000 ____D C:\Program Files\Oracle 2013-10-18 20:39 - 2013-10-18 20:39 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-18 20:38 - 2013-10-18 20:38 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log 2013-10-18 20:38 - 2013-10-18 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-18 20:38 - 2007-12-18 21:23 - 00000000 ____D C:\Program Files\Java 2013-10-16 22:44 - 2013-10-16 20:45 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Doctor Web 2013-10-16 21:19 - 2013-10-16 20:45 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2013-10-16 20:40 - 2013-10-16 20:40 - 00001003 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Shortcut to SecurityCheck.exe.lnk 2013-10-16 20:36 - 2013-10-16 20:25 - 132765616 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\cureit.exe 2013-10-15 22:19 - 2013-10-15 22:18 - 00006709 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\myotlcustom.txt 2013-10-15 20:21 - 2013-10-15 20:21 - 00000000 ____D C:\_OTL 2013-10-14 19:33 - 2013-10-14 07:01 - 00002263 _____ C:\Documents and Settings\All Users\Desktop\PrintMaster Platinum 18.lnk 2013-10-14 19:29 - 2012-04-26 12:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-14 12:31 - 2013-10-14 11:49 - 00270300 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.Txt 2013-10-14 12:31 - 2013-10-14 11:49 - 00102844 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Extras.Txt 2013-10-14 11:31 - 2013-10-14 11:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.exe 2013-10-14 11:30 - 2013-03-03 20:54 - 00000000 ____D C:\Documents and Settings\Rumpus Room\Application Data\uTorrent 2013-10-14 07:52 - 2007-12-17 17:57 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\My Documents\Printmaster 2013-10-14 07:01 - 2013-10-14 07:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMaster Platinum 18 2013-10-14 07:01 - 2007-12-24 14:53 - 00000000 ____D C:\Program Files\PrintMaster Platinum 18 2013-10-14 03:06 - 2007-12-17 06:22 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-13 16:02 - 2013-10-13 16:02 - 00027823 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\dds.txt 2013-10-13 16:02 - 2013-10-13 16:02 - 00023404 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\attach.txt 2013-10-13 15:38 - 2013-10-12 19:43 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-13 15:29 - 2008-01-27 20:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-13 15:29 - 2007-12-17 15:30 - 01247680 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-12 23:54 - 2011-09-15 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-10-12 23:51 - 2007-12-17 15:30 - 00620060 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-12 23:44 - 2013-10-12 23:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-12 23:44 - 2013-10-12 11:03 - 00133424 _____ C:\WINDOWS\KB2847311.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00161246 _____ C:\WINDOWS\iis6.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00148394 _____ C:\WINDOWS\FaxSetup.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00075504 _____ C:\WINDOWS\ocgen.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00067708 _____ C:\WINDOWS\tsoc.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00049698 _____ C:\WINDOWS\comsetup.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00045562 _____ C:\WINDOWS\msmqinst.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00030083 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00025992 _____ C:\WINDOWS\netfxocm.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00014830 _____ C:\WINDOWS\updspapi.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00010200 _____ C:\WINDOWS\MedCtrOC.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00008208 _____ C:\WINDOWS\ocmsn.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00007464 _____ C:\WINDOWS\tabletoc.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00007416 _____ C:\WINDOWS\msgsocm.log 2013-10-12 23:44 - 2013-06-12 19:20 - 00001393 _____ C:\WINDOWS\imsins.log 2013-10-12 23:43 - 2013-10-12 23:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-12 23:43 - 2013-10-12 23:42 - 00131771 _____ C:\WINDOWS\KB2862335.log 2013-10-12 23:43 - 2013-06-12 19:20 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-12 23:32 - 2013-08-16 23:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-12 23:26 - 2007-12-17 18:32 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-12 23:25 - 2011-10-12 20:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2013-10-12 23:22 - 2013-10-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$ 2013-10-12 23:22 - 2013-10-12 23:21 - 00010226 _____ C:\WINDOWS\KB2884256.log 2013-10-12 23:21 - 2013-10-12 23:21 - 00010781 _____ C:\WINDOWS\KB2868038.log 2013-10-12 23:21 - 2013-10-12 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-12 23:19 - 2013-10-12 23:19 - 00012051 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-12 23:19 - 2013-10-12 23:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-12 23:19 - 2009-05-21 06:14 - 00000000 ____D C:\WINDOWS\ie8updates 2013-10-12 23:18 - 2013-10-12 23:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-12 19:22 - 2013-08-16 13:48 - 00003753 _____ C:\Documents and Settings\Grand Poo Bah\My Documents\SyncSettings.ffs_gui 2013-10-12 19:21 - 2008-03-09 18:49 - 00000000 ____D C:\Program Files\SpywareBlaster 2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster 2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses 2013-10-12 17:36 - 2007-12-21 05:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-10-12 14:43 - 2012-04-02 06:40 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-12 14:43 - 2011-05-26 10:06 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-12 13:21 - 2013-10-12 13:21 - 00000793 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Malwarebytes 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-12 12:22 - 2013-10-12 12:22 - 00001416 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\JRT.txt 2013-10-12 12:04 - 2013-10-12 12:04 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-12 12:02 - 2008-05-11 17:35 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Free Download Manager 2013-10-12 11:51 - 2013-10-12 11:47 - 00000000 ____D C:\AdwCleaner 2013-10-12 11:36 - 2008-07-02 11:51 - 00000000 ____D C:\Program Files\Nokia 2013-10-12 11:34 - 2011-03-11 20:12 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Local Settings\Application Data\NokiaAccount 2013-10-12 11:33 - 2008-07-02 11:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Installations 2013-10-12 11:32 - 2013-10-12 11:31 - 00017050 _____ C:\WINDOWS\DPINST.LOG 2013-10-12 11:22 - 2013-10-12 11:22 - 00000821 _____ C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileSync.lnk 2013-10-12 11:22 - 2013-10-12 11:22 - 00000797 _____ C:\Documents and Settings\All Users\Start Menu\Programs\RealtimeSync.lnk 2013-10-12 11:22 - 2013-08-14 20:22 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\FreeFileSync.lnk 2013-10-12 11:15 - 2009-04-27 19:33 - 00000178 ___SH C:\Documents and Settings\Rumpus Room\ntuser.ini 2013-10-12 11:15 - 2009-04-27 19:33 - 00000000 ____D C:\Documents and Settings\Rumpus Room 2013-10-12 10:50 - 2009-05-17 16:07 - 00000000 ____D C:\Documents and Settings\Rumpus Room\Tracing 2013-10-12 10:49 - 2011-09-22 19:54 - 00000000 ____D C:\Documents and Settings\Rumpus Room\Local Settings\Application Data\Htc 2013-10-08 07:50 - 2013-10-18 20:38 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-08 07:46 - 2013-10-18 20:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-08 07:46 - 2013-10-18 20:38 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-08 07:46 - 2013-10-18 20:38 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-08 07:29 - 2013-10-18 20:39 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-06 20:22 - 2013-10-12 20:41 - 00452196 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131012-204138.backup 2013-10-06 20:17 - 2007-12-20 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2013-10-06 11:14 - 2007-12-18 18:40 - 00000178 ___SH C:\Documents and Settings\Alistair\ntuser.ini 2013-10-06 11:14 - 2007-12-18 18:40 - 00000000 ____D C:\Documents and Settings\Alistair 2013-10-06 08:24 - 2012-06-17 13:15 - 00000000 ____D C:\Documents and Settings\Alistair\Local Settings\Application Data\Htc 2013-09-24 21:51 - 2007-12-17 05:42 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT 2013-09-24 04:33 - 2012-06-13 19:58 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-09-24 04:33 - 2010-06-12 09:30 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-09-24 04:33 - 2009-07-29 17:12 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2013-09-24 04:33 - 2009-07-29 17:12 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2013-09-24 04:33 - 2009-06-10 10:37 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2013-09-24 04:33 - 2009-06-10 10:37 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2013-09-24 04:33 - 2009-06-10 10:37 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-09-24 04:33 - 2009-06-10 10:37 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-09-24 04:33 - 2008-04-14 04:42 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2013-09-24 04:33 - 2008-04-14 04:42 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2013-09-24 04:33 - 2008-04-14 04:42 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2013-09-24 04:33 - 2008-04-14 04:41 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2013-09-24 04:33 - 2007-12-17 05:40 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2013-09-24 04:33 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-24 04:33 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-24 04:33 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2013-09-24 04:33 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-24 04:06 - 2008-04-13 23:07 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2013-09-23 23:36 - 2008-04-14 04:42 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-23 23:36 - 2008-04-14 04:42 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2013-09-22 10:03 - 2008-01-06 08:39 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2013-09-20 15:52 - 2008-03-31 19:13 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job Files to move or delete: ==================== C:\Documents and Settings\Grand Poo Bah\jagex_cl_runescape_LIVE.dat C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences.dat C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences2.dat C:\Documents and Settings\John\jagex_runescape_preferences.dat C:\Documents and Settings\Rebekah\jagex_cl_runescape_LIVE.dat C:\Documents and Settings\Rebekah\jagex_runescape_preferences.dat C:\Documents and Settings\Rebekah\jagex_runescape_preferences2.dat C:\Documents and Settings\Rebekah\jagex__preferences3.dat C:\Documents and Settings\Rumpus Room\jagex_cl_runescape_LIVE.dat C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences.dat C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences2.dat C:\Documents and Settings\Rumpus Room\jagex__preferences3.dat Some content of TEMP: ==================== C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\ntdll_dump.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition.txt
  9. RogueKiller V8.7.4 [Oct 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Grand Poo Bah [Admin rights] Mode : Scan -- Date : 10/20/2013 10:20:16 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ][PUM] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ][PUM] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0A520) [inline] EAT @explorer.exe (LdrUnloadDll) : ntdll.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0A630) [inline] EAT @explorer.exe (ChangeServiceConfig2A) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0C370) [inline] EAT @explorer.exe (ChangeServiceConfig2W) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0C5C0) [inline] EAT @explorer.exe (ChangeServiceConfigA) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0BB20) [inline] EAT @explorer.exe (ChangeServiceConfigW) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0BF90) [inline] EAT @explorer.exe (CreateServiceA) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0ACD0) [inline] EAT @explorer.exe (CreateServiceW) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0B1A0) [inline] EAT @explorer.exe (DeleteService) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0B8B0) [inline] EAT @explorer.exe (SetServiceObjectSecurity) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0E980) [inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78CEC2B2) [inline] EAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D11400) [inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D116D0) [inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D118A0) [inline] EAT @explorer.exe (UnhookWinEvent) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D115A0) [inline] EAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D11A70) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 .supercocklol.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG SP0802N +++++ --- User --- [MBR] d6b5d5459f520fc935018b9293f7f742 [bSP] 6c31d7f23084fae2ad6827144452f389 : Linux MBR Code Partition table: 0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 500 Mo 1 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 1026048 | Size: 69851 Mo 2 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 144080896 | Size: 5999 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) (Standard disk drives) - NVIDIA MIRROR 465.76G +++++ --- User --- [MBR] e2a5fad19270ce57fcb312e0baa8c89f [bSP] f58a0000fc959adbc23abb9bb1192053 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ SCSI) (Standard disk drives) - HDT72251 6DLAT80 SCSI Disk Device +++++ --- User --- [MBR] 30c8b3f11ccf265833d03fe4d24db07d [bSP] e965cc7fcca3663dec2b6290027acaab : Empty MBR Code Partition table: 0 - [XXXXXX] FAT12 (0x11) [HIDDEN!] Offset (sectors): 63 | Size: 156705 Mo 1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 63 | Size: 200 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_10202013_102016.txt >>
  10. Also, if it would help I could try running the ComboFix overnight?
  11. Mbar was scanning when my compter BSOD'd Here is the system-log from that run. system-log.txt It didn't get up to reporting any malware, or offering to cleanup Should I try running it again? or do it from Safe mode? Regards, John
  12. I've tried running ComboFix, and it gets as far as saying: Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double I left it run for 3 hours and it did not progress. Is this an excessive length of time for this to take? Regards, John
  13. I tried running malwarebytes full scan last night, and after 2 1/2 hours, it had found 7 objects, and was still running, so I left it run overnight. When I got up this morning to check, I found that it had crashed again.
  14. I've re-run cureit, and attached the log that it output. Ihave also attached a screenshot of the quarantine Manager cureit.log
  15. After running OTL fix in Safe mode I got the log file pasted below When I ran Dr Web Cureit, it started up in an Enhanced Protection Mode which it states doesn't allow any other applications to launch. It removed 10 threats that it found, but when it finished I couldn't see the open report link. Is it possible to access the report after restarting? also pasted is the security check output. All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1060284298-1757981266-725345543-1011\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C17590D2-ECB4-4b15-8820-F58798DCC118} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C17590D2-ECB4-4b15-8820-F58798DCC118}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_USERS\S-1-5-21-1060284298-1757981266-725345543-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found. C:\Documents and Settings\Mama Bear\Start Menu\Programs\Startup\Webshots.lnk moved successfully. Starting removal of ActiveX control {B94C2238-346E-4C5E-9B36-8CC627F35574} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31de30ba-8100-11df-af1d-005056c00008}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31de30ba-8100-11df-af1d-005056c00008}\ not found. File D:\StartPortableApps.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found. File move failed. D:\setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac863885-1105-11dd-af04-005056c00008}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac863885-1105-11dd-af04-005056c00008}\ not found. File F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found. File D:\autorun.exe not found. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCall.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla17.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla18.exe deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla19.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla2.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla20.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla21.dll deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla21.exe deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseData.ini deleted successfully. C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP folder deleted successfully. C:\WINDOWS\msdownld.tmp folder deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job moved successfully. C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully. C:\Program Files\temp01 moved successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB333CFC deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:36A39835 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F067037 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B60D5127 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3F2212BB deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:99A29126 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:90015502 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F6BF312D deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:80FE037D deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A988B257 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:178093AE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B83F1B83 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B15F8C8 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B093E177 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F21A3A5E deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:2C321309 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:064877B6 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:04560D68 deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 35234 bytes User: Alistair ->Temp folder emptied: 532657 bytes ->Temporary Internet Files folder emptied: 78278178 bytes ->Google Chrome cache emptied: 229808946 bytes ->Flash cache emptied: 50324 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 57472 bytes User: Grand Poo Bah ->Temp folder emptied: 4961157 bytes ->Temporary Internet Files folder emptied: 40454284 bytes ->Java cache emptied: 27520621 bytes ->FireFox cache emptied: 83364432 bytes ->Google Chrome cache emptied: 12018312 bytes ->Flash cache emptied: 74414 bytes User: John ->Temp folder emptied: 4369625 bytes ->Temporary Internet Files folder emptied: 51644379 bytes ->Java cache emptied: 11955200 bytes ->FireFox cache emptied: 72250468 bytes ->Google Chrome cache emptied: 27063203 bytes ->Flash cache emptied: 1369 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 13165418 bytes User: Mama Bear ->Temp folder emptied: 319973 bytes ->Temporary Internet Files folder emptied: 215436292 bytes ->Java cache emptied: 68022042 bytes ->Flash cache emptied: 25848 bytes User: NetworkService ->Temp folder emptied: 510262 bytes ->Temporary Internet Files folder emptied: 1060231 bytes User: ntp ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1319908 bytes User: Rebekah ->Temp folder emptied: 163207847 bytes ->Temporary Internet Files folder emptied: 379826525 bytes ->Java cache emptied: 35231322 bytes ->FireFox cache emptied: 438784343 bytes ->Google Chrome cache emptied: 5067959 bytes ->Flash cache emptied: 139186 bytes User: Rumpus Room ->Temp folder emptied: 531773203 bytes ->Temporary Internet Files folder emptied: 49047222 bytes ->Java cache emptied: 34884921 bytes ->FireFox cache emptied: 493146626 bytes ->Google Chrome cache emptied: 6444177 bytes ->Flash cache emptied: 107204 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5745043 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 523963024 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 99954483 bytes Total Files Cleaned = 3,540.00 mb Unable to start System Restore Service. Error code 10 OTL by OldTimer - Version 3.2.69.0 log created on 10152013_222240 Files\Folders moved on Reboot... File move failed. D:\setup.exe scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Results of screen317's Security Check version 0.99.74 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Scholastic's I SPY Fantasy SpywareBlaster 5.0 SpyroDriver Spybot - Search & Destroy SpyroPortalDriver SUPERAntiSpyware Free Edition Windows Defender Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner JavaFX 2.1.1 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (24.0) Google Chrome 29.0.1547.76 Google Chrome 30.0.1599.69 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe Windows Defender MSASCui.exe Alwil Software Avast5 AvastSvc.exe ALWILS~1 Avast5 avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 2% ````````````````````End of Log``````````````````````
  16. couldn't get it to work until I tried from Safe mode. Following the remaining steps now. Will post all logs once I've completed the remaining steps.
  17. I pressed the reset button, and rebooted. I've pressed the RunFix button with no other windows open, and OTL now says "killing processes. DO NOT INTERUPT..." it's been like that for 5 minutes. how long should it take to run?
  18. Hi Kevin, I have a problem. I ran OTL as you requested with the custom scan code, and pressing the Run Fix button, but my computer appears to have frozen OTL says on the bottom of the window "Killing Processes. DO NOT INTERUPT" It has been sitting like that for the past 40 minutes, but nothing is responding. I still had firefox open on this thread when I pressed the OTL Run Fix button. Firefox was still functioning, and I was reading the rest of your post, but then I noticed that when I moved the firefox window, it left a trail on the screen, and I then realised that nothing else was working. I'm sending this reply from another computer. The windows status bar is frozen in time at 8:22. Is this normal, and I should just wait for OTL to complete, or is there something wrong here? Regards, John
  19. Ok, I just re-ran the scan with the Custom Scan text pasted direct from the browser, and I can see that the new OTL.Txt file contains "Custom Scan" section that is missing from the original, so here is the files with the correct Custom Scan parameters. Sorry about that. Extras.Txt OTL.Txt
  20. When I ran the otl command, I cut and pasted the Custom Scan part from the webmail text. As I was viewing your reply in the browser, I noticed that the formatting in webmail is vastly different than when viewing the post in the forum in a browser. That scan had all the text in one line. When I cut and paste from the browser, the Custom scan text comes in on multiple lines. Will this impact on the results? I can re-run if needed...
  21. Tried to cut and paste the output as you requested, but I'm getting an error about post being too long, so I'm attaching them to this post OTL.Txt Extras.Txt
  22. I noticed a suspious program in my task list just the other day, and found I had PC Speed Up installed. I tried following the steps here http://malwaretips.com/blogs/pc-speed-up-virus/ to remove it, and got as far as step 4. But Malwarebytes crashes after scanning for some time. By the time it crashes it has found 10 threats, but as it crashes, I cannot remove them. Some googling suggested that Malwarebytes crashing was caused by the presence of Malware, and that I should come to this forum for assistance. I've had 20 years experience in the computer industry, but that is all looking after Unix servers, so while my experience with windows is limited to using, I am confident to perform any instructions that anyone on this forum recomments. Please find attached a copy of the HJT logs for review. (ps, not sure if it is related, but every time someone logs in on this computer, the My Documents folder always opens, and I have not had any success determining why. This has been happening for quite a while now, so that everyone using this computer is now used to this happening...) Any help will be greatly apreciated. Regards, John DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Grand Poo Bah at 16:02:16 on 2013-10-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1622 [GMT 10:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\NTP\bin\ntpd.exe C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity\Create Synchronicity.exe C:\Program Files\IncrediMail\Bin\ImApp.exe C:\Program Files\Samsung\Kies\Kies.exe C:\Program Files\Samsung\Kies\KiesAirMessage.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\PROGRA~1\Webshots\315~1.761\Webshots.scr C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\DOCUME~1\GRANDP~1\LOCALS~1\Temp\nsi10.tmp\ns11.tmp C:\DOCUME~1\GRANDP~1\LOCALS~1\Temp\nsi10.tmp\MBR.DAT C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned> mWinlogon: Userinit = c:\windows\system32\userinit.exe,userinit.exe, BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll uRun: [incrediMail] c:\program files\incredimail\bin\IncMail.exe /c uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Create Synchronicity - Scheduler] c:\documents and settings\rebekah\my documents\create synchronicity\Create Synchronicity.exe /scheduler uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon mRun: [iJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [MDS_Menu] "c:\program files\cyberlink\mediaespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediaespresso" updatewithcreateonce "software\cyberlink\mediaespresso\6.5" mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [LGODDFU] "c:\program files\lg_fwupdate\lgfw.exe" blrun mRun: [updatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\grandp~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\grand poo bah\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\grandp~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE StartupFolder: c:\docume~1\grandp~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7613\Launcher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\vmware\vmware server\vsocklib.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\grand poo bah\application data\mozilla\firefox\profiles\jo9o0vi5.default\ FF - component: c:\documents and settings\grand poo bah\application data\mozilla\firefox\profiles\jo9o0vi5.default\extensions\{d40b90b4-d3b1-4d6b-a5d7- dc041c1b76c0}\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2009-06-24 21:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-3 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-3 177864] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-16 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-6 369584] R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2011-8-15 20512] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664] R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-7-20 8576] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-11-18 116608] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-6 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-3 66336] R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [2008-3-1 164992] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-14 46808] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 EIO1;EIO1;c:\windows\system32\drivers\EIO1.sys [2008-5-11 12672] R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-5-11 233472] R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [2008-3-1 12544] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-12 418376] R2 NTP;Network Time Protocol Daemon;c:\program files\ntp\bin\ntpd.exe -g -c "c:\program files\ntp\etc\ntp.conf" --> c:\program files\ntp\bin\ntpd.exe -g -c c:\program files\ntp\etc\ntp.conf [?] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R2 PDFSfilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-2-12 603896] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-6-2 103040] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-5-11 37344] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S0 uGuru;uGuru;c:\windows\system32\drivers\uguru.sys --> c:\windows\system32\drivers\uGuru.sys [?] S2 AGCoreService;AG Core Services;"c:\program files\agi\core\3.1\agcoreservice.exe" --> c:\program files\agi\core\3.1\AGCoreService.exe [?] S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/12/28 20:38:46;c:\program files\cyberlink\powerdvd10\navfilter\kmsvc.exe [2012-8-27 243728] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-12 701512] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 ABIT-IO;ABIT-IO;\??\c:\documents and settings\john\abit-io.sys --> c:\documents and settings\john\ABIT-IO.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-11 83864] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-13 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-12 22856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-12 40776] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-11 181912] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-6 104280] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?] S3 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2009-3-26 322096] S3 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2009-3-27 57344] S3 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2009-3-26 29744] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392] S4 SpyroService;Spyro Portal Service;"c:\program files\fs\spyro portal\flashportal.exe" --> c:\program files\fs\spyro portal\FlashPortal.exe [?] . =============== Created Last 30 ================ . 2013-10-12 09:20:54 -------- d-----w- c:\documents and settings\all users\application data\Licenses 2013-10-12 03:21:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-10-12 03:21:40 -------- d-----w- c:\documents and settings\grand poo bah\application data\Malwarebytes 2013-10-12 03:21:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-10-12 03:21:25 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-12 03:21:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-10-12 02:04:41 -------- d-----w- c:\windows\ERUNT 2013-10-12 01:47:21 -------- d-----w- C:\AdwCleaner 2013-10-12 01:05:21 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{daf331f9 -c1e0-475a-b8ec-802aefd0a9dd}\mpengine.dll 2013-10-12 01:03:13 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys 2013-10-12 01:03:13 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys 2013-10-12 01:01:32 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys 2013-10-12 01:01:32 46848 -c----w- c:\windows\system32\dllcache\irbus.sys 2013-10-12 01:01:32 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys 2013-10-12 01:00:09 5376 -c----w- c:\windows\system32\dllcache\usbd.sys 2013-10-12 01:00:09 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys 2013-10-12 01:00:09 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys 2013-10-12 01:00:09 144128 -c----w- c:\windows\system32\dllcache\usbport.sys 2013-09-14 07:53:33 56320 ----a-w- c:\windows\system32\iyvu9_32.dll 2013-09-14 07:52:22 182032 ----a-w- c:\windows\system32\dxtmsft3.dll . ==================== Find3M ==================== . 2013-10-12 04:43:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-12 04:43:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec 2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr 2013-08-29 01:31:44 1878656 ------w- c:\windows\system32\win32k.sys 2013-08-29 00:56:06 26240 ----a-w- c:\windows\system32\drivers\usbser.sys 2013-08-09 01:56:45 386560 ------w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-06 18:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-03 04:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-18 15:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-17 00:58:17 123008 ------w- c:\windows\system32\drivers\usbvideo.sys 2013-07-17 00:58:06 46848 ------w- c:\windows\system32\drivers\irbus.sys 2007-10-21 17:31:06 76808 ----a-w- c:\program files\DSETUP.dll 2007-10-21 17:31:06 502792 ----a-w- c:\program files\DXSETUP.exe 2007-10-21 17:31:06 1673224 ----a-w- c:\program files\dsetup32.dll 2004-03-11 03:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ============= FINISH: 16:02:28.26 =============== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.