gerry7

Honorary Members

View Profile See their activity

Posts
40
Joined
January 30, 2014
Last visited
March 3, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by gerry7

Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Thanks. I am not sure if this is a hit or miss or partial success. This is the first part of the log which refers to Folder move failed. All the rest seems to refer to everything being empty. All processes killed Folder move failed ========== FILES ========== . C:\FRST\Quarantine scheduled to be moved on reboot. C:\FRST\Logs folder moved successfully. C:\FRST\Hives\Users\00000002 folder moved successfully. C:\FRST\Hives\Users\00000001 folder moved successfully. C:\FRST\Hives\Users folder moved successfully. C:\FRST\Hives folder moved successfully. C:\FRST folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP]
- February 20, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

regrets: sorry to have to trouble you again; I have tried this half-a-dozen times without success. I have closed all windows, ensured that both items are on the desktop and not duplicated in downloads folder. Each time I get the same error message that I posted. Gerry
- February 20, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01 Ran by Al (administrator) on YOUR-5511792FEB on 19-02-2014 22:23:07 Running from C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Lavasoft) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Kenonic Controls Ltd.) C:\WINDOWS\system32\crypserv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) C:\WINDOWS\system32\vmnat.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe (VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (SupportSoft, Inc.) C:\Program Files\TalkTalk\bin\sprtcmd.exe (Musicmatch, Inc.) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe () C:\Program Files\Sony\SonicStage\SSAAD.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (-) C:\Program Files\Eraser\eraser.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe () C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (OpenOffice.org) C:\Program Files\program\soffice.exe (OpenOffice.org) C:\Program Files\program\soffice.bin (Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\Paprport.exe (Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\Pplinks.exe (Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\PPSCANMG.EXE (Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe () C:\Program Files\ScanSoft\PaperPort\PPPRINT.EXE (Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TalkTalk] - C:\Program Files\TalkTalk\bin\sprtcmd.exe [192512 2005-08-15] (SupportSoft, Inc.) HKLM\...\Run: [MMTray] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [135168 2006-01-17] (Musicmatch, Inc.) HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [273544 2011-03-17] (RealNetworks, Inc.) HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [EaseUs Watch] - "K:\Todo Backup\bin\EuWatch.exe" HKLM\...\Run: [EaseUs Tray] - "K:\Todo Backup\bin\TrayNotify.exe" HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe" HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...RunServicesOnce: [washindex] - C:\Program Files\Washer\washidx.exe "Al" No File Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoStartMenuMorePrograms] 0 HKU\.DEFAULT\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Power2GoExpress] - [X] HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [ssAAD.exe] - C:\Program Files\Sony\SonicStage\SSAAD.exe [476728 2007-02-05] () HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Google Update] - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-03-10] (Google Inc.) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-16] (SUPERAntiSpyware) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Eraser] - C:\Program Files\Eraser\eraser.exe [536576 2003-07-25] (-) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-16] (Google Inc.) HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preload HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [AVG-Secure-Search-Update_0214c] - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e409b6cc904347d1b912d1191024e9fb-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=0214c HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: E - E:\buyer.exe HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: {d2f52bae-bfc6-11de-99ee-005056c00008} - K:\laucher.exe Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe () Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE () Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Family and Friends Reminders.lnk ShortcutTarget: Corel Family and Friends Reminders.lnk -> C:\Program Files\Corel\Print House Magic\cffrem.exe (Corel Corporation) Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe () Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mama.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/ URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.) URLSearchHook: HKCU - MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll () SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKCU - {334EDF47-31D2-4CEA-B295-318F33898875} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms} BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKCU - No Name - {7435856C-6CA1-45CF-A00D-82178387F223} - No File Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File Toolbar: HKCU - No Name - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-12] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{C8084B80-B3C7-46A3-B95A-A018DA82D1B8}: [NameServer]4.2.2.2,4.2.2.3 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2007-11-29] FF Extension: United States English Spellchecker - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\en-US@dictionaries.addons.mozilla.org [2011-07-12] FF Extension: Diccionario de Español/España - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\es-es@dictionaries.addons.mozilla.org [2009-05-11] FF Extension: Dictionnaire HunSpell en Français (réforme 1990) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\fr@dictionaries.addons.mozilla.org [2009-05-11] FF Extension: Hebrew spell-checking dictionary (from HSpell) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\he@dictionaries.addons.mozilla.org [2011-07-12] FF Extension: Romanian Dictionary - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\ro@dictionaries.addons.mozilla.org [2007-11-29] FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-12] FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-05-11] FF Extension: DownloadHelper - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-05-27] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007-07-01] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007-05-19] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007-10-08] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007-10-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008-07-29] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-03-31] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-02-15] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-26] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-16] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-14] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-24] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-18] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-25] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-03] FF Extension: Family Toolbar - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010-04-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-17] FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll No File CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\WINDOWS\system32\npdeployJava1.dll No File CHR Extension: (YouTube) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15] CHR Extension: (Google Search) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-03-17] CHR Extension: (Google Wallet) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27] CHR Extension: (Gmail) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-17] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com) R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [607576 2008-03-19] (Lavasoft) S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-10-26] () R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.) S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation) S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation) R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2008-03-03] (VMware, Inc.) R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [121392 2008-03-03] (VMware, Inc.) R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.) R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [150064 2008-03-03] (VMware, Inc.) S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X] S2 Avg7Alrt; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [X] S2 Avg7UpdSvc; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [X] S2 EaseUS Agent; K:\Todo Backup\bin\Agent.exe [X] S2 Guard Agent; K:\Todo Backup\bin\GuardAgent.exe [X] S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd) R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [462940 2003-08-21] (Realtek Semiconductor Corp.) S1 Avg7Core; C:\WINDOWS\System32\Drivers\avg7core.sys [820928 2007-08-11] (GRISOFT, s.r.o.) S1 Avg7RsW; C:\WINDOWS\System32\Drivers\avg7rsw.sys [4224 2007-08-10] (GRISOFT, s.r.o.) S1 Avg7RsXP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [27776 2007-08-10] (GRISOFT, s.r.o.) R1 AvgClean; C:\WINDOWS\system32\drivers\avgclean.sys [3968 2007-08-10] (GRISOFT, s.r.o.) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) S2 AvgTdi; C:\WINDOWS\System32\Drivers\avgtdi.sys [4960 2007-08-10] (GRISOFT, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13056 2003-07-16] (B.H.A Corporation) S3 DCamUSBSQTECH; C:\WINDOWS\System32\Drivers\SQcaptur.sys [30921 2003-01-10] (Service & Quality Technology.) R3 DtvAudio; C:\WINDOWS\System32\DRIVERS\DtvAudio.sys [10330 2004-02-26] (TwinHan Provide) R3 DtvVideo; C:\WINDOWS\System32\DRIVERS\DtvVideo.sys [26730 2004-02-26] (TwinHan Provide) R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [50248 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40648 2012-10-19] () R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14920 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185032 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd) R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. ) S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) R2 hcmon; C:\WINDOWS\system32\Drivers\hcmon.sys [34864 2008-03-03] (VMware, Inc.) R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.) R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.) R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.) S3 NCHSSVAD; C:\WINDOWS\System32\drivers\nchssvad.sys [23616 2007-11-26] (NCH Swift Sound) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [24608 2000-02-03] () S3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.) R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH) S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [115000 2006-12-22] (Symantec Corporation) S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [26667 2005-03-11] (Windows ® 2000 DDK provider) S1 UimCrAes; C:\WINDOWS\System32\Drivers\UimCrAes.sys [35925 2005-03-11] () S1 UimCrStd; C:\WINDOWS\System32\Drivers\UimCrStd.sys [41829 2005-03-11] () S1 Uim_Ed; C:\WINDOWS\System32\Drivers\Uim_Ed.sys [32686 2005-03-11] () S2 UMAXPCLS; C:\WINDOWS\system32\Drivers\UMAXPCLS.sys [22912 2001-08-17] (Microsoft Corporation) S3 UnlockerDriver4; D:\Program Files\Unlocker\UnlockerDriver4.sys [3584 2005-04-24] () R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.) R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [77312 2003-10-31] (VIA Technologies inc,.ltd) S3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [20912 2008-03-03] (VMware, Inc.) R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16816 2008-03-03] (VMware, Inc.) R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [28592 2008-03-03] (VMware, Inc.) R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [25136 2008-03-03] (VMware, Inc.) R2 VMparport; C:\WINDOWS\system32\Drivers\VMparport.sys [15920 2008-03-03] (VMware, Inc.) R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [925104 2008-03-03] (VMware, Inc.) R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.) R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-03] (Conexant Systems, Inc.) S3 AFGMp50; System32\Drivers\AFGMp50.sys [X] S3 AFGSp50; System32\Drivers\AFGSp50.sys [X] S3 catchme; \??\C:\DOCUME~1\AL914F~1.YOU\LOCALS~1\Temp\catchme.sys [X] S0 fjodwnd; system32\drivers\joaso.sys [X] S3 HwIOctl; \??\C:\Bios\HwIOctl.sys [X] S4 IntelIde; No ImagePath S3 Memctl; \??\C:\Bios\Memctl.sys [X] S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-19 20:49 - 2014-02-19 22:23 - 00033136 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.txt 2014-02-19 20:35 - 2014-02-19 20:35 - 00000029 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\fixlist.txt 2014-02-19 11:16 - 2014-02-19 11:16 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-02-19 11:16 - 2014-02-19 11:16 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-02-19 10:45 - 2014-02-19 10:45 - 00000000 ____D () C:\_OTM 2014-02-19 10:16 - 2014-02-19 10:16 - 00001870 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Spybot - Search & Destroy.lnk 2014-02-18 14:14 - 2014-02-18 14:14 - 00399518 _____ () C:\Documents and Settings\Guest\Desktop\Brace yourself forMDIF.mdi 2014-02-17 17:08 - 2014-02-17 17:08 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\AVG2014 2014-02-17 17:07 - 2014-02-17 17:07 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Avg2014 2014-02-17 09:05 - 2014-02-17 09:05 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-02-17 08:56 - 2014-02-17 08:56 - 01037530 _____ (Thisisu) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\JRT.exe 2014-02-17 08:21 - 2014-02-17 08:44 - 00000000 ____D () C:\AdwCleaner 2014-02-16 19:10 - 2014-02-19 22:10 - 00000000 ____D () C:\FRST 2014-02-16 19:09 - 2014-02-16 19:09 - 01141248 _____ (Farbar) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.exe 2014-02-16 16:48 - 2014-02-16 16:57 - 00000000 ___SD () C:\ComboFix 2014-02-16 16:45 - 2014-02-16 16:46 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe 2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG2014 2014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk 2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software 2014-02-15 09:09 - 2014-02-15 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-02-15 09:03 - 2014-02-15 17:19 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg2014 2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData 2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons 2014-02-15 07:49 - 2009-04-30 10:27 - 00000211 _____ () C:\Boot.bak 2014-02-15 07:49 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr 2014-02-14 17:59 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-02-14 17:59 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-02-14 17:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-02-14 17:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-02-14 17:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-02-14 17:59 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-02-14 17:59 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-02-14 17:59 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-02-14 17:59 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-13 03:05 - 2014-02-13 03:06 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log 2014-02-13 03:04 - 2014-02-13 03:05 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-02-12 22:52 - 2014-02-13 03:19 - 00013693 _____ () C:\WINDOWS\KB2916036.log 2014-02-06 13:35 - 2014-02-14 11:28 - 00000000 ____D () C:\Qoobox 2014-02-01 18:42 - 2014-02-01 18:43 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone 2014-01-30 11:04 - 2014-01-30 13:38 - 00000000 ____D () C:\Program Files\MarkAny 2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump 2014-01-30 10:17 - 2014-02-06 12:57 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk 2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk 2014-01-30 10:14 - 2014-01-30 10:16 - 00000000 ____D () C:\Program Files\ERUNT 2014-01-30 10:14 - 2014-01-30 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-01-30 09:43 - 2014-01-30 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung 2014-01-30 09:41 - 2013-04-18 19:06 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\system32\dgderapi.dll 2014-01-30 09:41 - 2013-04-18 19:06 - 00319456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DIFxAPI.dll 2014-01-30 09:41 - 2013-04-18 19:06 - 00020032 _____ (Devguru Co., Ltd) C:\WINDOWS\system32\Drivers\dgderdrv.sys 2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx 2014-01-29 13:43 - 2014-01-29 13:49 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG 2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z 2014-01-29 13:40 - 2014-01-29 14:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites 2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log 2014-01-28 12:39 - 2014-01-30 11:45 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung 2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung 2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung 2014-01-28 11:01 - 2013-04-18 19:08 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\system32\Redemption.dll 2014-01-28 10:55 - 2014-01-30 11:45 - 00000000 ____D () C:\Program Files\Samsung 2014-01-28 10:55 - 2014-01-30 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung 2014-01-28 10:44 - 2014-01-30 11:25 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations 2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG 2014-01-27 12:54 - 2014-01-27 12:52 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx 2014-01-27 12:51 - 2014-01-27 12:52 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial 2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk 2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys 2014-01-20 12:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-01-20 12:33 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-01-20 12:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-01-20 12:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-01-20 12:31 - 2014-01-20 12:33 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log ==================== One Month Modified Files and Folders ======= 2014-02-19 22:23 - 2014-02-19 20:49 - 00039523 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.txt 2014-02-19 22:10 - 2014-02-16 19:10 - 00000000 ____D () C:\FRST 2014-02-19 22:06 - 2012-03-29 08:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-02-19 21:54 - 2010-03-10 17:30 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006UA.job 2014-02-19 21:38 - 2010-05-04 09:17 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-19 20:35 - 2014-02-19 20:35 - 00000029 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\fixlist.txt 2014-02-19 20:28 - 2007-10-09 13:04 - 00002483 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Microsoft Word.lnk 2014-02-19 17:57 - 2011-06-24 09:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-02-19 15:15 - 2005-09-08 12:07 - 00000224 _____ () C:\WINDOWS\Twui120.ini 2014-02-19 15:14 - 2005-05-26 19:19 - 00013030 _____ () C:\PDOXUSRS.NET 2014-02-19 15:13 - 2013-06-03 14:30 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-02-19 15:13 - 2012-05-08 09:53 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-312397509-71834488-3752936468-1006.job 2014-02-19 15:13 - 2011-03-11 12:39 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-312397509-71834488-3752936468-1006.job 2014-02-19 15:13 - 2010-05-04 09:17 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-19 15:13 - 2005-04-04 23:10 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt 2014-02-19 15:13 - 2004-10-18 19:55 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl 2014-02-19 15:12 - 2005-04-04 23:07 - 01736070 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-19 15:11 - 2008-03-17 10:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\VMware 2014-02-19 15:11 - 2008-03-17 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VMware 2014-02-19 15:11 - 2005-04-04 23:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-02-19 15:11 - 2005-04-04 16:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-02-19 15:11 - 2005-04-04 16:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-02-19 15:09 - 2006-09-16 07:45 - 00000000 ____D () C:\Program Files\Eraser 2014-02-19 15:09 - 2005-05-01 02:26 - 00000278 ___SH () C:\Documents and Settings\Al.YOUR-5511792FEB\ntuser.ini 2014-02-19 11:17 - 2005-05-01 18:44 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Adobe 2014-02-19 11:16 - 2014-02-19 11:16 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-02-19 11:16 - 2014-02-19 11:16 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-02-19 11:15 - 2011-07-19 09:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-02-19 11:15 - 2008-09-28 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe 2014-02-19 11:15 - 2005-05-01 18:42 - 00000000 ____D () C:\Program Files\Adobe 2014-02-19 10:45 - 2014-02-19 10:45 - 00000000 ____D () C:\_OTM 2014-02-19 10:36 - 2005-05-21 23:55 - 00164528 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\GDIPFONTCACHEV1.DAT 2014-02-19 10:16 - 2014-02-19 10:16 - 00001870 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Spybot - Search & Destroy.lnk 2014-02-19 09:54 - 2010-03-10 17:30 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006Core.job 2014-02-18 22:06 - 2011-07-10 02:00 - 00297754 _____ () C:\WINDOWS\setupapi.log 2014-02-18 17:35 - 2008-09-09 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Family letters 2014-02-18 17:05 - 2009-04-29 12:36 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shared Documents.lnk 2014-02-18 17:03 - 2011-12-25 11:23 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shortcut to Shared Documents (2).lnk 2014-02-18 14:14 - 2014-02-18 14:14 - 00399518 _____ () C:\Documents and Settings\Guest\Desktop\Brace yourself forMDIF.mdi 2014-02-17 17:13 - 2005-04-04 16:01 - 00000000 ____D () C:\WINDOWS\pchealth 2014-02-17 17:09 - 2008-09-28 12:42 - 00000000 ____D () C:\Documents and Settings\Guest\My Documents\MyHeritage 2014-02-17 17:08 - 2014-02-17 17:08 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\AVG2014 2014-02-17 17:07 - 2014-02-17 17:07 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Avg2014 2014-02-17 09:05 - 2014-02-17 09:05 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-02-17 08:56 - 2014-02-17 08:56 - 01037530 _____ (Thisisu) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\JRT.exe 2014-02-17 08:44 - 2014-02-17 08:21 - 00000000 ____D () C:\AdwCleaner 2014-02-17 08:44 - 2007-03-20 14:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-02-17 08:12 - 2005-05-13 17:23 - 00000000 ____D () C:\Documents and Settings\Guest 2014-02-16 23:14 - 2007-08-13 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2014-02-16 19:09 - 2014-02-16 19:09 - 01141248 _____ (Farbar) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.exe 2014-02-16 16:57 - 2014-02-16 16:48 - 00000000 ___SD () C:\ComboFix 2014-02-16 16:46 - 2014-02-16 16:45 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe 2014-02-15 17:19 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg2014 2014-02-15 09:18 - 2011-06-24 09:07 - 00000000 ____D () C:\Program Files\AVG 2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG2014 2014-02-15 09:14 - 2014-02-15 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk 2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software 2014-02-15 09:10 - 2011-06-24 10:11 - 00000000 ___HD () C:\$AVG 2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData 2014-02-15 08:51 - 2011-06-24 09:07 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG 2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons 2014-02-15 07:49 - 2004-10-18 19:55 - 00000327 __RSH () C:\boot.ini 2014-02-14 18:04 - 2005-05-10 23:03 - 00000000 __SHD () C:\Documents and Settings\Al.YOUR-5511792FEB\UserData 2014-02-14 18:04 - 2005-05-01 02:26 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB 2014-02-14 12:34 - 2010-12-19 18:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-02-14 11:28 - 2014-02-06 13:35 - 00000000 ____D () C:\Qoobox 2014-02-14 11:21 - 2008-09-09 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Computer 2014-02-13 03:33 - 2007-09-16 23:04 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-13 03:19 - 2014-02-12 22:52 - 00013693 _____ () C:\WINDOWS\KB2916036.log 2014-02-13 03:19 - 2007-08-16 02:00 - 02659618 _____ () C:\WINDOWS\FaxSetup.log 2014-02-13 03:19 - 2007-08-16 02:00 - 01272260 _____ () C:\WINDOWS\ocgen.log 2014-02-13 03:19 - 2007-08-16 02:00 - 01012587 _____ () C:\WINDOWS\tsoc.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00824309 _____ () C:\WINDOWS\comsetup.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00502110 _____ () C:\WINDOWS\ntdtcsetup.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00415268 _____ () C:\WINDOWS\updspapi.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00414863 _____ () C:\WINDOWS\iis6.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00139218 _____ () C:\WINDOWS\ocmsn.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00132359 _____ () C:\WINDOWS\msgsocm.log 2014-02-13 03:19 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-02-13 03:16 - 2005-04-04 16:05 - 00542514 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-13 03:13 - 2013-08-07 02:03 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-02-13 03:07 - 2005-05-11 20:39 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-02-13 03:06 - 2014-02-13 03:05 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log 2014-02-13 03:06 - 2009-04-27 09:52 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-02-13 03:06 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-02-13 03:05 - 2014-02-13 03:04 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log 2014-02-11 02:46 - 2008-10-19 18:02 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla 2014-02-10 18:47 - 2008-09-22 08:20 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shortcut to Shared Documents.lnk 2014-02-10 15:05 - 2008-02-01 21:05 - 00000000 ____D () C:\WINDOWS\Minidump 2014-02-10 10:48 - 2013-08-26 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection 2014-02-06 13:17 - 2008-08-21 12:50 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Computer 2014-02-06 12:57 - 2014-01-30 10:17 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-02-06 09:02 - 2009-01-01 09:56 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\calendars and 2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-05 23:26 - 2012-06-13 20:17 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-05 23:26 - 2010-06-11 01:25 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-05 23:26 - 2009-06-10 00:20 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-05 23:26 - 2009-06-10 00:20 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-05 23:26 - 2007-06-27 14:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-05 23:26 - 2007-06-27 14:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-05 23:26 - 2007-06-27 14:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-05 23:26 - 2007-06-27 14:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-05 23:26 - 2006-11-07 20:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-05 23:26 - 2006-11-07 20:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-05 23:26 - 2006-11-07 20:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-05 23:26 - 2006-10-17 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-05 23:26 - 2005-04-04 23:07 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-05 22:24 - 2004-10-18 19:55 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-05 10:20 - 2007-06-01 11:26 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Banking 2014-02-05 09:50 - 2006-10-11 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Complaints 2014-02-04 00:03 - 2010-03-09 11:58 - 00002291 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk 2014-02-03 22:58 - 2010-03-10 17:34 - 00002390 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Google Chrome.lnk 2014-02-01 19:33 - 2010-11-01 13:37 - 00000689 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2014-02-01 19:33 - 2007-06-07 15:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-01 19:23 - 2010-08-27 09:02 - 00000401 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Shortcut to Shared Documents.lnk 2014-02-01 18:43 - 2014-02-01 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone 2014-01-31 15:43 - 2008-09-17 08:27 - 00002483 _____ () C:\Documents and Settings\Guest\Desktop\Microsoft Word.lnk 2014-01-30 13:38 - 2014-01-30 11:04 - 00000000 ____D () C:\Program Files\MarkAny 2014-01-30 11:51 - 2014-01-30 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung 2014-01-30 11:45 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung 2014-01-30 11:45 - 2014-01-28 10:55 - 00000000 ____D () C:\Program Files\Samsung 2014-01-30 11:26 - 2005-04-04 09:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-01-30 11:25 - 2014-01-28 10:44 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations 2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump 2014-01-30 10:16 - 2014-01-30 10:14 - 00000000 ____D () C:\Program Files\ERUNT 2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk 2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk 2014-01-30 10:15 - 2014-01-30 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-01-30 09:38 - 2014-01-28 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung 2014-01-29 17:45 - 2008-03-24 16:21 - 00000000 ____D () C:\Program Files\SpywareBlaster 2014-01-29 14:45 - 2007-02-18 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926436$ 2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2014-01-29 14:38 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites 2014-01-29 13:49 - 2014-01-29 13:43 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG 2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx 2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z 2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log 2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung 2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung 2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG 2014-01-27 12:52 - 2014-01-27 12:54 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx 2014-01-27 12:52 - 2014-01-27 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial 2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk 2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys 2014-01-21 10:52 - 2011-09-16 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Addresses 2014-01-20 18:17 - 2012-02-01 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3 2014-01-20 18:17 - 2007-05-20 17:24 - 00000000 ____D () C:\Program Files\Picasa2 2014-01-20 12:33 - 2014-01-20 12:31 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log 2014-01-20 12:33 - 2007-05-19 15:37 - 00000000 ____D () C:\Program Files\Java 2014-01-20 11:49 - 2008-09-09 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Holidays ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
- February 19, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Regret another snag as per attached. Gerry error screen.doc
- February 19, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Sorry - I cannot find " attached fixlist.txt file" Gerry
- February 19, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Thanks. All OK except Adobe Reader 9 Adobe Reader does not appear in list of installed programs. All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\cmd.bat deleted successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\cmd.txt deleted successfully.File/Folder C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z\Zip not found.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup328.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup400.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup401.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (2).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup409.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup410.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup207.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup208.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215 (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim (1).exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\tb_free.exe moved successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ZipOpenerSetup.exe moved successfully.C:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622679_stp\wajam_validate.exe moved successfully.C:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622921_stp\uninstaller.exe moved successfully.C:\Documents and Settings\Guest\My Documents\Downloads\FaceMorpherLiteSetup.exe moved successfully.C:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim (1).exe moved successfully.C:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim.exe moved successfully.DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dllC:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll moved successfully.DllUnregisterServer procedure not found in C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLLC:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL moved successfully.C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL moved successfully.C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 481433 bytes User: Al->Temporary Internet Files folder emptied: 1246130 bytes User: Al.YOUR-5511792FEB->Temp folder emptied: 6819706 bytes->Temporary Internet Files folder emptied: 8067284 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 83652266 bytes->Google Chrome cache emptied: 29163622 bytes->Flash cache emptied: 58000 bytes User: All Users User: Default User->Temporary Internet Files folder emptied: 32902 bytes->Flash cache emptied: 57472 bytes User: Guest->Temp folder emptied: 23728364 bytes->Temporary Internet Files folder emptied: 9432910 bytes->Java cache emptied: 1388877 bytes->FireFox cache emptied: 96010940 bytes->Google Chrome cache emptied: 34368647 bytes->Flash cache emptied: 58000 bytes User: LocalService->Temp folder emptied: 65984 bytes->Temporary Internet Files folder emptied: 33703147 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 606180 bytes User: Ric->Temp folder emptied: 479 bytes->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 3768320 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 11915059 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 793658638 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 812979 bytes Total Files Cleaned = 1,086.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 02192014_104601All processes killed OTM by OldTimer - Version 3.1.21.0 log created on 02192014_104503 Files moved on Reboot...File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp1EE.tmp not found!File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp216.tmp not found!File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp66C5.tmp not found!File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp673D.tmp not found!File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp6754.tmp not found!C:\Documents and Settings\Guest\Local Settings\Temp\IMG165.tmp moved successfully.File C:\Documents and Settings\Guest\Local Settings\Temp\Perflib_Perfdata_fa8.dat not found!File C:\Documents and Settings\Guest\Local Settings\Temp\tmp21E.tmp not found!File C:\Documents and Settings\Guest\Local Settings\Temp\tmp22E.tmp not found! Registry entries deleted on Reboot...
- February 19, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Thanks.Here are the 2 logs: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup207.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup208.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe applicationC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.IX potentially unwanted applicationC:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622679_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted applicationC:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622921_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted applicationC:\Documents and Settings\Guest\My Documents\Downloads\FaceMorpherLiteSetup.exe Win32/OpenCandy potentially unsafe applicationC:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch potentially unwanted applicationC:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch potentially unwanted applicationC:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch potentially unwanted applicationC:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application Results of screen317's Security Check version 0.99.79 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG 2014 `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! CA Yahoo! Anti-Spy (remove only) SpywareBlaster 5.0 Spybot - Search & Destroy SUPERAntiSpyware Free Edition HijackThis 2.0.2 CCleaner Java 6 Update 16 Java 7 Update 51 Java 6 Update 7 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (3.0.9) Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 9% ````````````````````End of Log`````````````````````` Gerry
- February 19, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

That seems to have done the trick. Thank you so much.
- February 18, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Google chrome
- February 17, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

SORRY. For some reason this one did not attach. I have just opened when "myspeeddialer" reappeared in the address bar. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.17.02 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Al :: YOUR-5511792FEB [administrator] 17/02/2014 09:28:17mbam-log-2014-02-17 (09-28-17).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 576429Time elapsed: 3 hour(s), 29 minute(s), 51 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 5C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. (end)
- February 17, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Thanks for your patience. Logs follow: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01Ran by Al at 2014-02-17 08:12:46 Run:1Running from C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\DownloadsBoot Mode: Normal ============================================== Content of fixlist:*****************StartHKLM\...\Run: [WinGuard Pro] - [X]HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: E - E:\buyer.exeHKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: {d2f52bae-bfc6-11de-99ee-005056c00008} - K:\laucher.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\sversion.iniC:\Documents and Settings\Guest\gotomypc_438.exeTask: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\AL914F~1.YOU\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONC:\Windows\Tasks\At1.jobAlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZZZ.Z..ZZZZ:1AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34End***************** HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinGuard Pro => Value deleted successfully.HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-312397509-71834488-3752936468-1006 => Key not found.HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2f52bae-bfc6-11de-99ee-005056c00008} => Key not found.HKCR\CLSID\{d2f52bae-bfc6-11de-99ee-005056c00008} => Key not found.HKLM\SOFTWARE\Policies\Google => Key deleted successfully.C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\sversion.ini => Moved successfully.C:\Documents and Settings\Guest\gotomypc_438.exe => Moved successfully.C:\WINDOWS\Tasks\At1.job => Moved successfully."C:\Windows\Tasks\At1.job" => File/Directory not found.C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZZZ.Z..ZZZZ => ":1" ADS removed successfully.C:\Documents and Settings\All Users\Application Data\TEMP => ":1CA73D29" ADS removed successfully.C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully. ==== End of Fixlog ==== # AdwCleaner v3.018 - Report created 17/02/2014 at 08:43:14# Updated 28/01/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Al - YOUR-5511792FEB# Running from : C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure SearchFolder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security ToolbarFolder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIPFolder Deleted : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!Folder Deleted : C:\Program Files\AVG Secure SearchFolder Deleted : C:\Program Files\BabylonFolder Deleted : C:\Program Files\FreeRIP3Folder Deleted : C:\Program Files\myfree codecFolder Deleted : C:\Program Files\openitFolder Deleted : C:\Program Files\ViewpointFolder Deleted : C:\Program Files\Common Files\AVG Secure SearchFile Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnkFile Deleted : C:\WINDOWS\pack.epkFile Deleted : C:\WINDOWS\Uninstall.exeFile Deleted : C:\Program Files\Mozilla Firefox\.autoregFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml ***** [ Shortcuts ] ***** [x] Not Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Sweet & Maxwell\Sentencing Service (2).lnk[x] Not Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Sweet & Maxwell\Sentencing Service.lnk ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondaryKey Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerKey Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\AVG Security ToolbarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\dsiteproductsKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ParetoLogicKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\InstallCoreKey Deleted : HKLM\Software\MetaStreamKey Deleted : HKLM\Software\ParetoLogicKey Deleted : HKLM\Software\ViewpointKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener PackagesKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodecKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdialKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Mozilla Firefox v3.0.9 (en-GB) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [12643 octets] - [17/02/2014 08:22:01]AdwCleaner[s0].txt - [12246 octets] - [17/02/2014 08:43:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12307 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Microsoft Windows XP x86Ran by Al on 17/02/2014 at 9:05:16.53~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA0ED91C-6046-42BF-B0B4-E1739407F332}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders ~~~ FireFox Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"Successfully deleted: [File] C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\user.jsSuccessfully deleted: [File] C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\searchplugins\mysearchdial.xmlSuccessfully deleted: [Folder] C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}Successfully deleted the following from C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\prefs.js user_pref("browser.search.defaultenginename", "Mysearchdial");user_pref("browser.search.selectedEngine", "Mysearchdial"); Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.17.02 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Al :: YOUR-5511792FEB [administrator] 17/02/2014 09:28:17mbam-log-2014-02-17 (09-28-17).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 576429Time elapsed: 3 hour(s), 29 minute(s), 51 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 5C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. (end) Thanks again ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 17/02/2014 at 9:21:19.09End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- February 17, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Addition txt.txtThanks. Results: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01Ran by Al (administrator) on YOUR-5511792FEB on 16-02-2014 19:13:01Running from C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\DownloadsMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Kenonic Controls Ltd.) C:\WINDOWS\system32\crypserv.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE(VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(SupportSoft, Inc.) C:\Program Files\TalkTalk\bin\sprtcmd.exe(Musicmatch, Inc.) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe() C:\Program Files\AVG Secure Search\vprot.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe() C:\Program Files\Sony\SonicStage\SSAAD.exe(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe() C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe(OpenOffice.org) C:\Program Files\program\soffice.exe(OpenOffice.org) C:\Program Files\program\soffice.bin(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\system32\freecell.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TalkTalk] - C:\Program Files\TalkTalk\bin\sprtcmd.exe [192512 2005-08-15] (SupportSoft, Inc.)HKLM\...\Run: [MMTray] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [135168 2006-01-17] (Musicmatch, Inc.)HKLM\...\Run: [WinGuard Pro] - [X]HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [273544 2011-03-17] (RealNetworks, Inc.)HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -uHKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2486296 2014-01-08] ()HKLM\...\Run: [EaseUs Watch] - "K:\Todo Backup\bin\EuWatch.exe"HKLM\...\Run: [EaseUs Tray] - "K:\Todo Backup\bin\TrayNotify.exe"HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)HKLM\...RunServicesOnce: [washindex] - C:\Program Files\Washer\washidx.exe "Al" No FileWinlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoStartMenuMorePrograms] 0HKU\.DEFAULT\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Power2GoExpress] - [X]HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [ssAAD.exe] - C:\Program Files\Sony\SonicStage\SSAAD.exe [476728 2007-02-05] ()HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Google Update] - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-03-10] (Google Inc.)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-16] (SUPERAntiSpyware)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Eraser] - C:\Program Files\Eraser\eraser.exe [536576 2003-07-25] (-)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-16] (Google Inc.)HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preloadHKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe RunHKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: E - E:\buyer.exeHKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: {d2f52bae-bfc6-11de-99ee-005056c00008} - K:\laucher.exeStartup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnkShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\ERUNT AutoBackup.lnkShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnkShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Family and Friends Reminders.lnkShortcutTarget: Corel Family and Friends Reminders.lnk -> C:\Program Files\Corel\Print House Magic\cffrem.exe (Corel Corporation)Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnkShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnkShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mama.com/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comHKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)URLSearchHook: HKCU - MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearchSearchScopes: HKCU - {334EDF47-31D2-4CEA-B295-318F33898875} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={258CBBB7-5A4F-4591-808B-1BEFBDEEE9B9}&mid=e409b6cc904347d1b912d1191024e9fb-b602d594afd2b0b327e07a06f36ca6a7e42546d0〈=us&ds=AVG&pr=fr&d=2011-12-13 20:53:53&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileToolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileToolbar: HKCU - No Name - {7435856C-6CA1-45CF-A00D-82178387F223} - No FileToolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No FileToolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No FileToolbar: HKCU - No Name - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CABDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cabDPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dllDPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabDPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cabDPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cabDPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocxDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-12] (SuperAdBlocker.com)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\..\Interfaces\{C8084B80-B3C7-46A3-B95A-A018DA82D1B8}: [NameServer]4.2.2.2,4.2.2.3 FireFox:========FF ProfilePath: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.defaultFF user.js: detected! => C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\user.jsFF DefaultSearchEngine: MysearchdialFF SelectedSearchEngine: MysearchdialFF Keyword.URL: user_pref("keyword.URL", "");FF NetworkProxy: "backup.ftp", ""FF NetworkProxy: "backup.ftp_port", 0FF NetworkProxy: "backup.gopher", ""FF NetworkProxy: "backup.gopher_port", 0FF NetworkProxy: "backup.socks", "localhost"FF NetworkProxy: "backup.socks_port", 9050FF NetworkProxy: "backup.ssl", "localhost"FF NetworkProxy: "backup.ssl_port", 8118FF NetworkProxy: "ftp", "localhost"FF NetworkProxy: "ftp_port", 8091FF NetworkProxy: "gopher", "localhost"FF NetworkProxy: "gopher_port", 8091FF NetworkProxy: "http", "localhost"FF NetworkProxy: "http_port", 8091FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "localhost"FF NetworkProxy: "socks_port", 8091FF NetworkProxy: "socks_remote_dns", trueFF NetworkProxy: "ssl", "localhost"FF NetworkProxy: "ssl_port", 8091FF NetworkProxy: "type", 4FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)FF SearchPlugin: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\searchplugins\Mysearchdial.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xmlFF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2007-11-29]FF Extension: United States English Spellchecker - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\en-US@dictionaries.addons.mozilla.org [2011-07-12]FF Extension: Diccionario de Español/España - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\es-es@dictionaries.addons.mozilla.org [2009-05-11]FF Extension: Dictionnaire HunSpell en Français (réforme 1990) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\fr@dictionaries.addons.mozilla.org [2009-05-11]FF Extension: Hebrew spell-checking dictionary (from HSpell) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\he@dictionaries.addons.mozilla.org [2011-07-12]FF Extension: Romanian Dictionary - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\ro@dictionaries.addons.mozilla.org [2007-11-29]FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-12]FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-05-11]FF Extension: MySearchDial NewTab - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-29]FF Extension: DownloadHelper - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-05-27]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007-07-01]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007-05-19]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007-10-08]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007-10-11]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008-07-29]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-03-31]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-09-28]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-02-15]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-26]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010-11-09]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-16]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-14]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-24]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-11]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-18]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-25]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-03]FF Extension: Family Toolbar - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010-04-20]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-17]FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igearedFF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-08] Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No FileCHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\WINDOWS\system32\npdeployJava1.dll No FileCHR Extension: (YouTube) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]CHR Extension: (Google Search) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-03-17]CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-11-14]CHR Extension: (Google Wallet) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]CHR Extension: (Gmail) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-17]CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08]CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [607576 2008-03-19] (Lavasoft)S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-10-26] ()R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.)S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX)S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2008-03-03] (VMware, Inc.)R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [121392 2008-03-03] (VMware, Inc.)R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.)R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [150064 2008-03-03] (VMware, Inc.)R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]S2 Avg7Alrt; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [X]S2 Avg7UpdSvc; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [X]S2 EaseUS Agent; K:\Todo Backup\bin\Agent.exe [X]S2 Guard Agent; K:\Todo Backup\bin\GuardAgent.exe [X] ==================== Drivers (Whitelisted) ==================== R3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd)R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [462940 2003-08-21] (Realtek Semiconductor Corp.)S1 Avg7Core; C:\WINDOWS\System32\Drivers\avg7core.sys [820928 2007-08-11] (GRISOFT, s.r.o.)S1 Avg7RsW; C:\WINDOWS\System32\Drivers\avg7rsw.sys [4224 2007-08-10] (GRISOFT, s.r.o.)S1 Avg7RsXP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [27776 2007-08-10] (GRISOFT, s.r.o.)R1 AvgClean; C:\WINDOWS\system32\drivers\avgclean.sys [3968 2007-08-10] (GRISOFT, s.r.o.)R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)S2 AvgTdi; C:\WINDOWS\System32\Drivers\avgtdi.sys [4960 2007-08-10] (GRISOFT, s.r.o.)R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13056 2003-07-16] (B.H.A Corporation)S3 DCamUSBSQTECH; C:\WINDOWS\System32\Drivers\SQcaptur.sys [30921 2003-01-10] (Service & Quality Technology.)R3 DtvAudio; C:\WINDOWS\System32\DRIVERS\DtvAudio.sys [10330 2004-02-26] (TwinHan Provide)R3 DtvVideo; C:\WINDOWS\System32\DRIVERS\DtvVideo.sys [26730 2004-02-26] (TwinHan Provide)R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [50248 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40648 2012-10-19] ()R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14920 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185032 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )R2 hcmon; C:\WINDOWS\system32\Drivers\hcmon.sys [34864 2008-03-03] (VMware, Inc.)R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)S3 NCHSSVAD; C:\WINDOWS\System32\drivers\nchssvad.sys [23616 2007-11-26] (NCH Swift Sound)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [24608 2000-02-03] ()S3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [115000 2006-12-22] (Symantec Corporation)S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [26667 2005-03-11] (Windows ® 2000 DDK provider)S1 UimCrAes; C:\WINDOWS\System32\Drivers\UimCrAes.sys [35925 2005-03-11] ()S1 UimCrStd; C:\WINDOWS\System32\Drivers\UimCrStd.sys [41829 2005-03-11] ()S1 Uim_Ed; C:\WINDOWS\System32\Drivers\Uim_Ed.sys [32686 2005-03-11] ()S2 UMAXPCLS; C:\WINDOWS\system32\Drivers\UMAXPCLS.sys [22912 2001-08-17] (Microsoft Corporation)S3 UnlockerDriver4; D:\Program Files\Unlocker\UnlockerDriver4.sys [3584 2005-04-24] ()R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [77312 2003-10-31] (VIA Technologies inc,.ltd)S3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [20912 2008-03-03] (VMware, Inc.)R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16816 2008-03-03] (VMware, Inc.)R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [28592 2008-03-03] (VMware, Inc.)R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [25136 2008-03-03] (VMware, Inc.)R2 VMparport; C:\WINDOWS\system32\Drivers\VMparport.sys [15920 2008-03-03] (VMware, Inc.)R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [925104 2008-03-03] (VMware, Inc.)R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-03] (Conexant Systems, Inc.)S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]S3 catchme; \??\C:\DOCUME~1\AL914F~1.YOU\LOCALS~1\Temp\catchme.sys [X]S0 fjodwnd; system32\drivers\joaso.sys [X]S3 HwIOctl; \??\C:\Bios\HwIOctl.sys [X]S4 IntelIde; No ImagePathS3 Memctl; \??\C:\Bios\Memctl.sys [X]S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-16 19:10 - 2014-02-16 19:13 - 00000000 ____D () C:\FRST2014-02-16 16:48 - 2014-02-16 16:57 - 00000000 ___SD () C:\ComboFix2014-02-16 16:45 - 2014-02-16 16:46 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG20142014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software2014-02-15 09:09 - 2014-02-15 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG20142014-02-15 09:03 - 2014-02-15 17:19 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg20142014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons2014-02-15 07:49 - 2009-04-30 10:27 - 00000211 _____ () C:\Boot.bak2014-02-15 07:49 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr2014-02-14 17:59 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe2014-02-14 17:59 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe2014-02-14 17:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2014-02-14 17:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2014-02-14 17:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2014-02-14 17:59 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2014-02-14 17:59 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe2014-02-14 17:59 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe2014-02-14 17:59 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$2014-02-13 03:05 - 2014-02-13 03:06 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log2014-02-13 03:04 - 2014-02-13 03:05 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log2014-02-12 22:52 - 2014-02-13 03:19 - 00013693 _____ () C:\WINDOWS\KB2916036.log2014-02-06 13:35 - 2014-02-14 11:28 - 00000000 ____D () C:\Qoobox2014-02-01 18:42 - 2014-02-01 18:43 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone2014-01-30 11:04 - 2014-01-30 13:38 - 00000000 ____D () C:\Program Files\MarkAny2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump2014-01-30 10:29 - 2014-01-30 10:29 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill run1.txt2014-01-30 10:17 - 2014-02-06 12:57 - 00000000 ____D () C:\WINDOWS\ERDNT2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk2014-01-30 10:14 - 2014-01-30 10:16 - 00000000 ____D () C:\Program Files\ERUNT2014-01-30 10:14 - 2014-01-30 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-30 10:09 - 2014-01-30 10:26 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill.txt2014-01-30 09:43 - 2014-01-30 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung2014-01-30 09:41 - 2013-04-18 19:06 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\system32\dgderapi.dll2014-01-30 09:41 - 2013-04-18 19:06 - 00319456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DIFxAPI.dll2014-01-30 09:41 - 2013-04-18 19:06 - 00020032 _____ (Devguru Co., Ltd) C:\WINDOWS\system32\Drivers\dgderdrv.sys2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx2014-01-29 13:43 - 2014-01-29 13:49 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z2014-01-29 13:40 - 2014-02-16 18:40 - 00000428 _____ () C:\WINDOWS\Tasks\At1.job2014-01-29 13:40 - 2014-01-29 14:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites2014-01-29 13:40 - 2014-01-29 13:40 - 00000770 _____ () C:\Documents and Settings\All Users\Desktop\Open It!.lnk2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Program Files\OpenIt2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Open It!2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log2014-01-28 12:39 - 2014-01-30 11:45 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung2014-01-28 11:03 - 2014-01-29 09:26 - 00000000 ____D () C:\Program Files\MyFree Codec2014-01-28 11:01 - 2013-04-18 19:08 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\system32\Redemption.dll2014-01-28 10:55 - 2014-01-30 11:45 - 00000000 ____D () C:\Program Files\Samsung2014-01-28 10:55 - 2014-01-30 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung2014-01-28 10:44 - 2014-01-30 11:25 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG2014-01-27 12:54 - 2014-01-27 12:52 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx2014-01-27 12:51 - 2014-01-27 12:52 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys2014-01-20 12:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-01-20 12:33 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-01-20 12:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-01-20 12:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-01-20 12:31 - 2014-01-20 12:33 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys ==================== One Month Modified Files and Folders ======= 2014-02-16 19:13 - 2014-02-16 19:10 - 00000000 ____D () C:\FRST2014-02-16 19:06 - 2012-03-29 08:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-02-16 18:54 - 2010-03-10 17:30 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006UA.job2014-02-16 18:40 - 2014-01-29 13:40 - 00000428 _____ () C:\WINDOWS\Tasks\At1.job2014-02-16 18:38 - 2010-05-04 09:17 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-02-16 18:07 - 2011-06-24 09:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-02-16 17:40 - 2006-09-16 07:45 - 00000000 ____D () C:\Program Files\Eraser2014-02-16 17:40 - 2005-05-26 19:19 - 00013030 _____ () C:\PDOXUSRS.NET2014-02-16 17:39 - 2013-06-03 14:30 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job2014-02-16 17:39 - 2012-05-08 09:53 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-312397509-71834488-3752936468-1006.job2014-02-16 17:39 - 2011-03-11 12:39 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-312397509-71834488-3752936468-1006.job2014-02-16 17:39 - 2010-05-04 09:17 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-02-16 17:39 - 2004-10-18 19:55 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl2014-02-16 17:23 - 2005-04-04 23:07 - 01680148 _____ () C:\WINDOWS\WindowsUpdate.log2014-02-16 17:22 - 2008-03-17 10:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\VMware2014-02-16 17:22 - 2008-03-17 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VMware2014-02-16 17:22 - 2005-04-04 23:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-02-16 17:22 - 2005-04-04 16:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log2014-02-16 17:22 - 2005-04-04 16:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log2014-02-16 16:57 - 2014-02-16 16:48 - 00000000 ___SD () C:\ComboFix2014-02-16 16:49 - 2005-04-04 23:10 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt2014-02-16 16:46 - 2014-02-16 16:45 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe2014-02-16 16:31 - 2005-05-01 02:26 - 00000278 ___SH () C:\Documents and Settings\Al.YOUR-5511792FEB\ntuser.ini2014-02-16 09:54 - 2010-03-10 17:30 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006Core.job2014-02-15 17:19 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg20142014-02-15 09:18 - 2011-06-24 09:07 - 00000000 ____D () C:\Program Files\AVG2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG20142014-02-15 09:14 - 2014-02-15 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG20142014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software2014-02-15 09:12 - 2011-07-10 02:00 - 00297263 _____ () C:\WINDOWS\setupapi.log2014-02-15 09:10 - 2011-06-24 10:11 - 00000000 ___HD () C:\$AVG2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData2014-02-15 08:51 - 2011-06-24 09:07 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons2014-02-15 07:49 - 2004-10-18 19:55 - 00000327 __RSH () C:\boot.ini2014-02-14 18:04 - 2005-05-10 23:03 - 00000000 __SHD () C:\Documents and Settings\Al.YOUR-5511792FEB\UserData2014-02-14 18:04 - 2005-05-01 02:26 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB2014-02-14 12:34 - 2010-12-19 18:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-02-14 11:28 - 2014-02-06 13:35 - 00000000 ____D () C:\Qoobox2014-02-14 11:21 - 2008-09-09 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Computer2014-02-13 03:33 - 2007-09-16 23:04 - 00000000 ____D () C:\WINDOWS\Microsoft.NET2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$2014-02-13 03:19 - 2014-02-12 22:52 - 00013693 _____ () C:\WINDOWS\KB2916036.log2014-02-13 03:19 - 2007-08-16 02:00 - 02659618 _____ () C:\WINDOWS\FaxSetup.log2014-02-13 03:19 - 2007-08-16 02:00 - 01272260 _____ () C:\WINDOWS\ocgen.log2014-02-13 03:19 - 2007-08-16 02:00 - 01012587 _____ () C:\WINDOWS\tsoc.log2014-02-13 03:19 - 2007-08-16 02:00 - 00824309 _____ () C:\WINDOWS\comsetup.log2014-02-13 03:19 - 2007-08-16 02:00 - 00502110 _____ () C:\WINDOWS\ntdtcsetup.log2014-02-13 03:19 - 2007-08-16 02:00 - 00415268 _____ () C:\WINDOWS\updspapi.log2014-02-13 03:19 - 2007-08-16 02:00 - 00414863 _____ () C:\WINDOWS\iis6.log2014-02-13 03:19 - 2007-08-16 02:00 - 00139218 _____ () C:\WINDOWS\ocmsn.log2014-02-13 03:19 - 2007-08-16 02:00 - 00132359 _____ () C:\WINDOWS\msgsocm.log2014-02-13 03:19 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.log2014-02-13 03:16 - 2005-04-04 16:05 - 00542514 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-02-13 03:13 - 2013-08-07 02:03 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-02-13 03:07 - 2005-05-11 20:39 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-02-13 03:06 - 2014-02-13 03:05 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log2014-02-13 03:06 - 2009-04-27 09:52 - 00000000 ____D () C:\WINDOWS\ie8updates2014-02-13 03:06 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK2014-02-13 03:05 - 2014-02-13 03:04 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log2014-02-11 09:41 - 2007-08-13 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2014-02-11 09:40 - 2005-05-13 17:23 - 00000000 ____D () C:\Documents and Settings\Guest2014-02-11 02:46 - 2008-10-19 18:02 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla2014-02-10 18:47 - 2008-09-22 08:20 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shortcut to Shared Documents.lnk2014-02-10 15:05 - 2008-02-01 21:05 - 00000000 ____D () C:\WINDOWS\Minidump2014-02-10 10:48 - 2013-08-26 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection2014-02-06 13:17 - 2008-08-21 12:50 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Computer2014-02-06 12:57 - 2014-01-30 10:17 - 00000000 ____D () C:\WINDOWS\ERDNT2014-02-06 09:02 - 2009-01-01 09:56 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\calendars and2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-02-05 23:26 - 2012-06-13 20:17 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll2014-02-05 23:26 - 2010-06-11 01:25 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll2014-02-05 23:26 - 2009-06-10 00:20 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll2014-02-05 23:26 - 2009-06-10 00:20 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll2014-02-05 23:26 - 2007-06-27 14:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll2014-02-05 23:26 - 2007-06-27 14:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll2014-02-05 23:26 - 2007-06-27 14:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll2014-02-05 23:26 - 2007-06-27 14:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll2014-02-05 23:26 - 2006-11-07 20:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-02-05 23:26 - 2006-11-07 20:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-02-05 23:26 - 2006-11-07 20:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll2014-02-05 23:26 - 2006-10-17 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-02-05 23:26 - 2005-04-04 23:07 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll2014-02-05 22:24 - 2004-10-18 19:55 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec2014-02-05 10:20 - 2007-06-01 11:26 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Banking2014-02-05 09:50 - 2006-10-11 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Complaints2014-02-04 12:00 - 2007-10-09 13:04 - 00002483 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Microsoft Word.lnk2014-02-04 00:03 - 2010-03-09 11:58 - 00002291 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk2014-02-03 22:58 - 2010-03-10 17:34 - 00002390 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Google Chrome.lnk2014-02-01 19:33 - 2010-11-01 13:37 - 00000689 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk2014-02-01 19:33 - 2007-06-07 15:47 - 00000000 ____D () C:\Program Files\CCleaner2014-02-01 19:23 - 2010-08-27 09:02 - 00000401 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Shortcut to Shared Documents.lnk2014-02-01 18:43 - 2014-02-01 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone2014-02-01 09:45 - 2008-09-09 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Family letters2014-01-31 15:43 - 2008-09-17 08:27 - 00002483 _____ () C:\Documents and Settings\Guest\Desktop\Microsoft Word.lnk2014-01-30 13:47 - 2009-04-29 12:36 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shared Documents.lnk2014-01-30 13:38 - 2014-01-30 11:04 - 00000000 ____D () C:\Program Files\MarkAny2014-01-30 11:51 - 2014-01-30 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung2014-01-30 11:45 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung2014-01-30 11:45 - 2014-01-28 10:55 - 00000000 ____D () C:\Program Files\Samsung2014-01-30 11:26 - 2005-04-04 09:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-01-30 11:25 - 2014-01-28 10:44 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump2014-01-30 10:29 - 2014-01-30 10:29 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill run1.txt2014-01-30 10:26 - 2014-01-30 10:09 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill.txt2014-01-30 10:16 - 2014-01-30 10:14 - 00000000 ____D () C:\Program Files\ERUNT2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk2014-01-30 10:15 - 2014-01-30 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-30 09:38 - 2014-01-28 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung2014-01-29 17:45 - 2008-03-24 16:21 - 00000000 ____D () C:\Program Files\SpywareBlaster2014-01-29 14:45 - 2007-02-18 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926436$2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2014-01-29 14:38 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites2014-01-29 13:49 - 2014-01-29 13:43 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z2014-01-29 13:40 - 2014-01-29 13:40 - 00000770 _____ () C:\Documents and Settings\All Users\Desktop\Open It!.lnk2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Program Files\OpenIt2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Open It!2014-01-29 09:26 - 2014-01-28 11:03 - 00000000 ____D () C:\Program Files\MyFree Codec2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG2014-01-27 12:52 - 2014-01-27 12:54 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx2014-01-27 12:52 - 2014-01-27 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys2014-01-21 10:52 - 2011-09-16 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Addresses2014-01-20 18:17 - 2012-02-01 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 32014-01-20 18:17 - 2007-05-20 17:24 - 00000000 ____D () C:\Program Files\Picasa22014-01-20 12:33 - 2014-01-20 12:31 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log2014-01-20 12:33 - 2007-05-19 15:37 - 00000000 ____D () C:\Program Files\Java2014-01-20 11:49 - 2008-09-09 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Holidays2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys2014-01-17 15:39 - 2008-08-21 13:17 - 00000000 ____D () C:\Documents and Settings\Guest\My Documents\My Albums2014-01-17 13:35 - 2008-08-21 13:14 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\My Albums2014-01-17 13:35 - 2007-09-16 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\My Deliveries2014-01-17 10:32 - 2011-07-19 09:58 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk2014-01-17 10:29 - 2011-07-19 09:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe Files to move or delete:====================C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\sversion.iniC:\Documents and Settings\Guest\gotomypc_438.exeC:\Windows\Tasks\At1.job ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legitC:\WINDOWS\system32\winlogon.exe => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\User32.dll => MD5 is legitC:\WINDOWS\system32\userinit.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
- February 16, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Combofix failure Unfortunately I have been unable to get combofix to run properly. I moved the program to the desktop from the download folder as you suggested. Over the past three days I have made a least a dozen attempts. On the first occasion the licence acceptance screen appeared and eventually the recovery console was successfully installed. All subsequent efforts went straight to the program starting. When the screen "scanning... may take 10 minutes.." arrived, with its flashing cursor nothing more happened and the computer crashed. I have tried leaving that screen on for up to one and a-half hours. I have tried to get the download on a different computer and putting it on a a flash drive; I have also tried e-mail and going direct to the bleeping computer website to get the download. I have deleted the previous downloads on each occasion. Are you able to help please?
- February 16, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

I have run into trouble -again. When trying to download the combofix program via the link, I do not get the option to save; the program just runs. It is currently in the downloads folder as a 4.9 megabyte application. Is there any way round this please? I am running windows X P
- February 14, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 replied to gerry7's topic in Resolved Malware Removal Logs

Many thanks. I have no time to do this today but hope to be able to post the log tomorrow. Thank you for getting me on the right track.
- February 13, 2014
- 74 replies
Zip open package.openit .myspeeddialer

gerry7 posted a topic in Resolved Malware Removal Logs

I was trying to load a driver on my PC to back up my mobile phone and downloaded a program called something similar to Winzip. On checking with a website Forum is seemed to have a clean bill of health. I downloaded it and then discovered that it was try to do all sorts of tricks including something called my speed dialler and installing openit!. In a a panic I ran Malwarebytes which discovered that number of PUP threats which I removed. I was then unable to uninstall the original program which appears as a "zip open package" in the uninstall pane in Control Panel. I also now have a desktop icon INTREGOPT. I have followed the instructions and run Rkill which I attach. Rkill run1.txt Help please.
- January 30, 2014
- 74 replies

Sign In

gerry7

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by gerry7

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Zip open package.openit .myspeeddialer

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information