Jump to content

PC Speed Up removal problem


Recommended Posts

I noticed a suspious program in my task list just the other day, and found I had PC Speed Up installed.

 

I tried following the steps here http://malwaretips.com/blogs/pc-speed-up-virus/ to remove it, and got as far as step 4.

 

 But Malwarebytes crashes after scanning for some time.  By the time it crashes it has found 10 threats, but as it crashes, I cannot remove them.

 

Some googling suggested that Malwarebytes crashing was caused by the presence of Malware, and that I should come to this forum for assistance.

 

I've had 20 years experience in the computer industry, but that is all looking after Unix servers, so while my experience with windows is limited to using, I am confident to perform any instructions that anyone on this forum recomments.

 

Please find attached a copy of the HJT logs for review.

 

 

(ps, not sure if it is related, but every time someone logs in on this computer, the My Documents folder always opens, and I have not had any success determining why.  This has been happening for quite a while now, so that everyone using this computer is now used to this happening...)

 

Any help will be greatly apreciated.

 

Regards,

John

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Grand Poo Bah at 16:02:16 on 2013-10-13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1622 [GMT 10:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NTP\bin\ntpd.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity\Create Synchronicity.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\PROGRA~1\Webshots\315~1.761\Webshots.scr
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\GRANDP~1\LOCALS~1\Temp\nsi10.tmp\ns11.tmp
C:\DOCUME~1\GRANDP~1\LOCALS~1\Temp\nsi10.tmp\MBR.DAT
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.






uURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe,userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [incrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Create Synchronicity - Scheduler] c:\documents and settings\rebekah\my documents\create synchronicity\Create Synchronicity.exe /scheduler
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [iJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce

"software\cyberlink\labelprint\2.5"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediaespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediaespresso" updatewithcreateonce

"software\cyberlink\mediaespresso\6.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce

"software\cyberlink\power2go\6.0"
mRun: [updatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer"

updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce

"software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [updatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite"

updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\grandp~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\grand poo bah\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\grandp~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\grandp~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7613\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\vmware\vmware server\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
































Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings

--verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\grand poo bah\application data\mozilla\firefox\profiles\jo9o0vi5.default\
FF - component: c:\documents and settings\grand poo bah\application data\mozilla\firefox\profiles\jo9o0vi5.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-

dc041c1b76c0}\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-06-24 21:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-3 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-3 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-16 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-6 369584]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2011-8-15 20512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-7-20 8576]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-11-18 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-6 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-3 66336]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [2008-3-1 164992]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-14 46808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 EIO1;EIO1;c:\windows\system32\drivers\EIO1.sys [2008-5-11 12672]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-5-11 233472]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [2008-3-1 12544]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-12 418376]
R2 NTP;Network Time Protocol Daemon;c:\program files\ntp\bin\ntpd.exe -g -c "c:\program files\ntp\etc\ntp.conf" --> c:\program files\ntp\bin\ntpd.exe -g -c

c:\program files\ntp\etc\ntp.conf [?]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 PDFSfilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-8-23 69016]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-2-12 603896]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-6-2 103040]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-5-11 37344]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 uGuru;uGuru;c:\windows\system32\drivers\uguru.sys --> c:\windows\system32\drivers\uGuru.sys [?]
S2 AGCoreService;AG Core Services;"c:\program files\agi\core\3.1\agcoreservice.exe" --> c:\program files\agi\core\3.1\AGCoreService.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/12/28 20:38:46;c:\program files\cyberlink\powerdvd10\navfilter\kmsvc.exe [2012-8-27 243728]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-12 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 ABIT-IO;ABIT-IO;\??\c:\documents and settings\john\abit-io.sys --> c:\documents and settings\john\ABIT-IO.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-5-11 83864]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-10-13 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-12 22856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-12 40776]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-5-11 181912]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-6-6 104280]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 VMwareHostd;VMware Host Agent;c:\program files\vmware\vmware server\vmware-hostd.exe [2009-3-26 322096]
S3 VMwareServerWebAccess;VMware Server Web Access;c:\program files\vmware\vmware server\tomcat\bin\tomcat6.exe [2009-3-27 57344]
S3 vmwriter;VMware VSS Writer;c:\program files\vmware\vmware server\vmVssWriter.exe [2009-3-26 29744]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20

756392]
S4 SpyroService;Spyro Portal Service;"c:\program files\fs\spyro portal\flashportal.exe" --> c:\program files\fs\spyro portal\FlashPortal.exe [?]
.
=============== Created Last 30 ================
.
2013-10-12 09:20:54    --------    d-----w-    c:\documents and settings\all users\application data\Licenses
2013-10-12 03:21:40    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-12 03:21:40    --------    d-----w-    c:\documents and settings\grand poo bah\application data\Malwarebytes
2013-10-12 03:21:27    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-10-12 03:21:25    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-12 03:21:25    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-12 02:04:41    --------    d-----w-    c:\windows\ERUNT
2013-10-12 01:47:21    --------    d-----w-    C:\AdwCleaner
2013-10-12 01:05:21    7328304    ----a-w-    c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{daf331f9

-c1e0-475a-b8ec-802aefd0a9dd}\mpengine.dll
2013-10-12 01:03:13    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-12 01:03:13    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-12 01:01:32    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-12 01:01:32    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-12 01:01:32    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-12 01:00:09    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-12 01:00:09    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-12 01:00:09    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-12 01:00:09    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-09-14 07:53:33    56320    ----a-w-    c:\windows\system32\iyvu9_32.dll
2013-09-14 07:52:22    182032    ----a-w-    c:\windows\system32\dxtmsft3.dll
.
==================== Find3M  ====================
.
2013-10-12 04:43:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 04:43:54    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-08-30 07:48:13    177864    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12    770344    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-29 01:31:44    1878656    ------w-    c:\windows\system32\win32k.sys
2013-08-29 00:56:06    26240    ----a-w-    c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56:45    386560    ------w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-06 18:22:04    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 04:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-07-18 15:18:04    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58:17    123008    ------w-    c:\windows\system32\drivers\usbvideo.sys
2013-07-17 00:58:06    46848    ------w-    c:\windows\system32\drivers\irbus.sys
2007-10-21 17:31:06    76808    ----a-w-    c:\program files\DSETUP.dll
2007-10-21 17:31:06    502792    ----a-w-    c:\program files\DXSETUP.exe
2007-10-21 17:31:06    1673224    ----a-w-    c:\program files\dsetup32.dll
2004-03-11 03:27:22    40960    ----a-w-    c:\program files\Uninstall_CDS.exe
.
============= FINISH: 16:02:28.26 ===============
 

attach.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download OTLI.gifOTL from any of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTL.exe

http://itxassociates.com/OT-Tools/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.scr


  •    
  • Double click on the icon otlDesktopIcon.png to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
       
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
       
  • Select Scan all users
       
  • Under the Extra Registry section, check Use SafeList
       
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
       
  • Under the Custom Scan box paste this in:
     
    netsvcs%systemroot%\*. /mp /s%systemroot%\*. /rp /smsconfig%SYSTEMDRIVE%\*.exe%LOCALAPPDATA%\*.exe/md5startconsrv.dllexplorer.exewinlogon.exeUserinit.exesvchost.exe/md5stopCREATERESTOREPOINT
     
       
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.
       
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
       
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

 

Kevin....

Link to post
Share on other sites

When I ran the otl command, I cut and pasted the Custom Scan part from the webmail text.

 

As I was viewing your reply in the browser, I noticed that the formatting in webmail is vastly different than when viewing the post in the forum in a browser.  That scan had all the text in one line.  When I cut and paste from the browser, the Custom scan text comes in on multiple lines.   Will this impact on the results?

 

I can re-run if needed...

Link to post
Share on other sites

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLIE - HKU\S-1-5-21-1060284298-1757981266-725345543-1011\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1060284298-1757981266-725345543-1011\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.O4 - Startup: C:\Documents and Settings\Mama Bear\Start Menu\Programs\Startup\Webshots.lnk =  File not foundO16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)O33 - MountPoints2\{31de30ba-8100-11df-af1d-005056c00008}\Shell\AutoRun\command - "" = D:\StartPortableApps.exeO33 - MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- [2006/09/29 05:24:22 | 000,294,912 | R--- | M] (LucasArts                                                 )O33 - MountPoints2\{ac863885-1105-11dd-af04-005056c00008}\Shell\AutoRun\command - "" = F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exeO33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][2013/10/14 06:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job[2013/10/14 00:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job[2013/10/13 18:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job[2013/10/12 12:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job[2013/10/06 12:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job[2008/06/30 08:53:07 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B@Alternate Data Stream - 246 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB333CFC@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36A39835@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8F067037@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B60D5127@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2212BB@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99A29126@Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90015502@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6BF312D@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80FE037D@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:178093AE@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B83F1B83@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B15F8C8@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B093E177@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F21A3A5E@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:064877B6@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04560D68:Files:Commands[emptytemp][CREATERESTOREPOINT]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive, Attach it to your next reply…

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

Link to post
Share on other sites

Hi Kevin,

 

I have a problem.

 

I ran OTL as you requested with the custom scan code, and pressing the Run Fix button, but my computer appears to have frozen

 

OTL says on the bottom of the window "Killing Processes. DO NOT INTERUPT"

 

It has been sitting like that for the past 40 minutes, but nothing is responding.  I still had firefox open on this thread when I pressed the OTL Run Fix button.  Firefox was still functioning, and I was reading the rest of your post, but then I noticed that when I moved the firefox window, it left a trail on the screen, and I then realised that nothing else was working.  I'm sending this reply from another computer.

 

The windows status bar is frozen in time at 8:22.

 

Is this normal, and I should just wait for OTL to complete, or is there something wrong here?

 

Regards,

John

Link to post
Share on other sites

After running OTL fix in Safe mode I got the log file pasted below

 

When I ran Dr Web Cureit, it started up in an Enhanced Protection Mode which it states doesn't allow any other applications to launch.  It removed 10 threats that it found, but when it finished I couldn't see the open report link.  Is it possible to access the report after restarting?

 

also pasted is the security check output.

 

 

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1060284298-1757981266-725345543-1011\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C17590D2-ECB4-4b15-8820-F58798DCC118} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C17590D2-ECB4-4b15-8820-F58798DCC118}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1060284298-1757981266-725345543-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
C:\Documents and Settings\Mama Bear\Start Menu\Programs\Startup\Webshots.lnk moved successfully.
Starting removal of ActiveX control {B94C2238-346E-4C5E-9B36-8CC627F35574}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B94C2238-346E-4C5E-9B36-8CC627F35574}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31de30ba-8100-11df-af1d-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31de30ba-8100-11df-af1d-005056c00008}\ not found.
File D:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{864ca7b6-50d1-11e2-976c-806d6172696f}\ not found.
File move failed. D:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac863885-1105-11dd-af04-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac863885-1105-11dd-af04-005056c00008}\ not found.
File F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla17.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla18.exe deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla19.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla2.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla20.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla21.dll deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseCustomCalla21.exe deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\B3CB613C58D34692B2DA8F3EAC6288D4.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Program Files\temp01 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB333CFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E22C5DB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:36A39835 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8F067037 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B60D5127 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:55F44B88 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3F2212BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99A29126 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F141B68 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:90015502 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7715B65F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F6BF312D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:80FE037D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A988B257 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:82ED8454 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:178093AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:810FAD5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93B0BB6F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B83F1B83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4DCAC4BC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B15F8C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C1EFEB8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B093E177 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F21A3A5E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2C321309 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DFF1A8A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:064877B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:04560D68 deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35234 bytes
 
User: Alistair
->Temp folder emptied: 532657 bytes
->Temporary Internet Files folder emptied: 78278178 bytes
->Google Chrome cache emptied: 229808946 bytes
->Flash cache emptied: 50324 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Grand Poo Bah
->Temp folder emptied: 4961157 bytes
->Temporary Internet Files folder emptied: 40454284 bytes
->Java cache emptied: 27520621 bytes
->FireFox cache emptied: 83364432 bytes
->Google Chrome cache emptied: 12018312 bytes
->Flash cache emptied: 74414 bytes
 
User: John
->Temp folder emptied: 4369625 bytes
->Temporary Internet Files folder emptied: 51644379 bytes
->Java cache emptied: 11955200 bytes
->FireFox cache emptied: 72250468 bytes
->Google Chrome cache emptied: 27063203 bytes
->Flash cache emptied: 1369 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 13165418 bytes
 
User: Mama Bear
->Temp folder emptied: 319973 bytes
->Temporary Internet Files folder emptied: 215436292 bytes
->Java cache emptied: 68022042 bytes
->Flash cache emptied: 25848 bytes
 
User: NetworkService
->Temp folder emptied: 510262 bytes
->Temporary Internet Files folder emptied: 1060231 bytes
 
User: ntp
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1319908 bytes
 
User: Rebekah
->Temp folder emptied: 163207847 bytes
->Temporary Internet Files folder emptied: 379826525 bytes
->Java cache emptied: 35231322 bytes
->FireFox cache emptied: 438784343 bytes
->Google Chrome cache emptied: 5067959 bytes
->Flash cache emptied: 139186 bytes
 
User: Rumpus Room
->Temp folder emptied: 531773203 bytes
->Temporary Internet Files folder emptied: 49047222 bytes
->Java cache emptied: 34884921 bytes
->FireFox cache emptied: 493146626 bytes
->Google Chrome cache emptied: 6444177 bytes
->Flash cache emptied: 107204 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5745043 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 523963024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 99954483 bytes
 
Total Files Cleaned = 3,540.00 mb
 
Unable to start System Restore Service. Error code 10
 
OTL by OldTimer - Version 3.2.69.0 log created on 10152013_222240

Files\Folders moved on Reboot...
File move failed. D:\setup.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

 Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Scholastic's I SPY Fantasy  
 SpywareBlaster 5.0    
 SpyroDriver     
 Spybot - Search & Destroy
 SpyroPortalDriver     
 SUPERAntiSpyware Free Edition   
 Windows Defender    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 8 Adobe Reader out of Date!
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.76  
 Google Chrome 30.0.1599.69  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Windows Defender MSASCui.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Windows Defender MsMpEng.exe   
 Windows Defender MSASCui.exe   
 Alwil Software Avast5 AvastSvc.exe  
 ALWILS~1 Avast5 avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````


 

Link to post
Share on other sites

Open Malwarebytes and run a Full scan, post that log....

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. Check and make sure the following are gone:

 

JavaFX 2.1.1    
Java 7 Update 25

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system. Check and make sure the following are gone:

 

Adobe Reader 8
Adobe Reader 10.1.8

 

Let me know how your system is responding, also if any remaining issues or concerns...

Link to post
Share on other sites

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

I've tried running ComboFix, and it gets as far as saying:

 

Scanning for infected files . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double
 

 

I left it run for 3 hours and it did not progress.

 

Is this an excessive length of time for this to take?

 

Regards,

John

Link to post
Share on other sites

If there are serious infections such as rootkits then the scan time can run for an excessive time, 3 hours is not uncommon. Maybe better solution is wanted, ok we continue differently:

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Kevin....

Link to post
Share on other sites

No leave MBAR and CF for now, run this please;

 

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller

Link to post
Share on other sites

RogueKiller V8.7.4 [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Grand Poo Bah [Admin rights]
Mode : Scan -- Date : 10/20/2013 10:20:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ][PUM] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ][PUM] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0A520)
[inline] EAT @explorer.exe (LdrUnloadDll) : ntdll.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0A630)
[inline] EAT @explorer.exe (ChangeServiceConfig2A) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0C370)
[inline] EAT @explorer.exe (ChangeServiceConfig2W) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0C5C0)
[inline] EAT @explorer.exe (ChangeServiceConfigA) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0BB20)
[inline] EAT @explorer.exe (ChangeServiceConfigW) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0BF90)
[inline] EAT @explorer.exe (CreateServiceA) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0ACD0)
[inline] EAT @explorer.exe (CreateServiceW) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0B1A0)
[inline] EAT @explorer.exe (DeleteService) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0B8B0)
[inline] EAT @explorer.exe (SetServiceObjectSecurity) : ADVAPI32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D0E980)
[inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78CEC2B2)
[inline] EAT @explorer.exe (SetWinEventHook) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D11400)
[inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D116D0)
[inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D118A0)
[inline] EAT @explorer.exe (UnhookWinEvent) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D115A0)
[inline] EAT @explorer.exe (UnhookWindowsHookEx) : USER32.dll -> HOOKED (C:\Program Files\Alwil Software\Avast5\snxhk.dll @ 0x64D11A70)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    .supercocklol.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG SP0802N +++++
--- User ---
[MBR] d6b5d5459f520fc935018b9293f7f742
[bSP] 6c31d7f23084fae2ad6827144452f389 : Linux MBR Code
Partition table:
0 - [ACTIVE] LINUX (0x83) [VISIBLE] Offset (sectors): 2048 | Size: 500 Mo
1 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 1026048 | Size: 69851 Mo
2 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 144080896 | Size: 5999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) (Standard disk drives) - NVIDIA  MIRROR   465.76G +++++
--- User ---
[MBR] e2a5fad19270ce57fcb312e0baa8c89f
[bSP] f58a0000fc959adbc23abb9bb1192053 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ SCSI) (Standard disk drives) - HDT72251 6DLAT80 SCSI Disk Device +++++
--- User ---
[MBR] 30c8b3f11ccf265833d03fe4d24db07d
[bSP] e965cc7fcca3663dec2b6290027acaab : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT12 (0x11) [HIDDEN!] Offset (sectors): 63 | Size: 156705 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 63 | Size: 200 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_10202013_102016.txt >>



 

Link to post
Share on other sites

Hiya John,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by Grand Poo Bah (administrator) on JTBLACKBURN on 20-10-2013 10:55:47
Running from C:\Documents and Settings\Grand Poo Bah\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\Program Files\NTP\bin\ntpd.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvraidservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(AVAST Software) C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\Cyberlink\Shared files\brs.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Dropbox, Inc.) C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NVRaidService] - C:\WINDOWS\system32\nvraidservice.exe [180520 2006-11-21] (NVIDIA Corporation)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [avast5] - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-22] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-13] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [iMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2002-08-29] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-04-08] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1611160 2011-03-28] (CANON INC.)
HKLM\...\Run: [iJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-06] (Microsoft Corporation)
HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [651264 2012-04-17] ()
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [updateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\CyberLink\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM\...\Run: [updateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [updatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [uCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\lgfw.exe [27760 2012-12-28] (Bitleader)
HKLM\...\Run: [updatePSTShortCut] - C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2011-08-31] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl10] - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM\...\Run: [bDRegion] - C:\Program Files\Cyberlink\Shared files\brs.exe [78352 2012-08-27] (cyberlink)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe,userinit.exe,
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5706480 2013-10-12] (SUPERAntiSpyware)
HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-13] (Google Inc.)
HKCU\...\Run: [Create Synchronicity - Scheduler] - C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity\Create Synchronicity.exe [245248 2012-03-11] (Create Software)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2012-07-02] (Hewlett-Packard Company)
HKU\Alistair\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2013-05-01] (Apple Inc.)
HKU\Alistair\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.)
HKU\Alistair\...\Run: [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKU\Alistair\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company)
HKU\Default User\...\Run: [Nokia.PCSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\John\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\John\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.)
HKU\John\...\Run: [PC Suite Tray] - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\John\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company)
HKU\Mama Bear\...\Run: [Nokia.PCSync] - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\Mama Bear\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [ 2013-01-16] (FreeDownloadManager.ORG)
HKU\Mama Bear\...\Run: [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKU\Mama Bear\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Mama Bear\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.)
HKU\Mama Bear\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company)
HKU\Rebekah\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.)
HKU\Rebekah\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\Rebekah\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Rebekah\...\Run: [RoboForm] - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKU\Rebekah\...\Run: [Power2GoExpress] - "C:\Program Files\CyberLink DVD Solution\Power2Go\Power2GoExpress.exe"
HKU\Rebekah\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\wcescomm.exe [ 2006-11-13] (Microsoft Corporation)
HKU\Rebekah\...\Run: [Create Synchronicity - Scheduler] - C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity\Create Synchronicity.exe [ 2012-03-11] (Create Software)
HKU\Rebekah\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company)
HKU\Rebekah\...\Run: [ABIT uGuruIII] - C:\Program Files\U-ABIT\abitEQ\abiteq.exe [ 2007-09-05] (Universal ABIT Corporation)
HKU\Rebekah\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-01-08] (Skype Technologies S.A.)
HKU\Rumpus Room\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [ 2010-04-16] (Microsoft Corporation)
HKU\Rumpus Room\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Rumpus Room\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [ 2006-11-13] (Microsoft Corporation)
HKU\Rumpus Room\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2012-07-02] (Hewlett-Packard Company)
HKU\Rumpus Room\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [ 2013-01-16] (FreeDownloadManager.ORG)
HKU\Rumpus Room\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2013-04-13] (Google Inc.)
HKU\Rumpus Room\...\Run: [AtiTrayTools] - C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe [ 2011-10-30] (Ray Adams)
HKU\Rumpus Room\...\Run: [Create Synchronicity - Scheduler] - C:\Stuff\Create Synchronicity\Create Synchronicity.exe /scheduler
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\Grand Poo Bah\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Grand Poo Bah\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Grand Poo Bah\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
Startup: C:\Documents and Settings\Rebekah\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Rebekah\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bom.gov.au/qld/forecasts/secoast.shtml
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C17590D2-ECB4-4B15-8820-F58798DCC118} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242849507962
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2013-01-09] (SuperAdBlocker.com)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 06 C:\Program Files\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.)
Winsock: Catalog9 07 C:\Program Files\VMware\VMware Server\vsocklib.dll [313904] (VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @sun.com/npsopluginmi;version=1.0 - C:\Program Files\OpenOffice.org 2.4\program No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Visualisateur 3D de 20-20 - C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: Free Download Manager plugin - C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Grand Poo Bah\Application Data\Mozilla\Firefox\Profiles\jo9o0vi5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [toolbar@webshots.com] - C:\Program Files\Webshots\3.1.5.7613\Firefox
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

Chrome:
=======


CHR DefaultSearchURL: (Search Here) - http://www.mysearchresults.com/search?&c=3512&t=07&q={searchTerms}
CHR DefaultSuggestURL: (Search Here) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\GRANDP~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-01-09] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S2 CLKMSVC10_B91CB6D3; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-08-27] (CyberLink)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2007-10-12] ()
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1415032 2012-10-04] (Raxco Software, Inc.)
R3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2166648 2012-10-04] (Raxco Software, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [244904 2009-07-03] ()
S3 VMAuthdService; C:\Program Files\VMware\VMware Server\vmware-authd.exe [121392 2009-03-26] (VMware, Inc.)
S3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [326192 2009-03-26] (VMware, Inc.)
S3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [399920 2009-03-26] (VMware, Inc.)
S3 VMwareHostd; C:\Documents and Settings\All Users\Application Data\VMware\VMware Server\hostd\config.xml [22625 2009-06-01] ()
S3 VMwareServerWebAccess; C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe [57344 2009-03-27] (Apache Software Foundation)
S3 vmwriter; C:\Program Files\VMware\VMware Server\vmVssWriter.exe [29744 2009-03-26] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 AGCoreService; "C:\Program Files\AGI\core\3.1\AGCoreService.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
R2 NTP; C:\Program Files\NTP\bin\ntpd.exe -g -c "C:\Program Files\NTP\etc\ntp.conf"
S4 SpyroService; "C:\Program Files\FS\Spyro Portal\FlashPortal.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [12416 2008-03-21] (ASUSTeK Computer Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R2 athsgt; C:\Windows\System32\DRIVERS\athsgt.sys [164992 2008-03-01] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] ()
R1 atitray; C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [20512 2011-08-15] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2009-06-25] ()
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-09-09] (Avanquest Software)
R1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13056 2003-07-16] (B.H.A Corporation)
S3 DCamUSBSQTECH; C:\Windows\System32\Drivers\SQcaptur.sys [30970 2002-12-16] (Service & Quality Technology.)
R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.)
R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-07-12] (ASUSTeK Computer Inc.)
R2 EIO1; C:\WINDOWS\system32\drivers\EIO1.sys [12672 2007-08-08] (ASUSTeK Computer Inc.)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [27672 2007-09-07] (EnTech Taiwan)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-12-14] (LogMeIn, Inc.)
R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-03-26] (VMware, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\AtiHdAud.sys [84992 2008-05-11] (ATI Research Inc.)
S3 LHidUsbK; C:\Windows\System32\Drivers\LHidUsbK.Sys [36480 2005-05-20] (Logitech, Inc.)
R2 limsgt; C:\Windows\System32\DRIVERS\limsgt.sys [12544 2008-03-01] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-06-25] ()
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Memctl; C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [4047 2006-04-18] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [89088 2008-05-05] (NVIDIA Corporation)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16694 2009-10-31] (PalmSource, Inc.)
R2 PDFSfilter; C:\Windows\System32\Drivers\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-20] (Padus, Inc.)
R0 PnP680r; C:\Windows\System32\DRIVERS\pnp680r.sys [110120 2007-07-19] (Silicon Image, Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-11-18] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2013-01-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 U81xbus; C:\Windows\System32\DRIVERS\U81xbus.sys [52352 2005-07-15] (MCCI)
S3 U81xmdfl; C:\Windows\System32\DRIVERS\U81xmdfl.sys [6064 2005-07-15] (MCCI)
S3 U81xmdm; C:\Windows\System32\DRIVERS\U81xmdm.sys [84480 2005-07-15] (MCCI)
S3 U81xmgmt; C:\Windows\System32\DRIVERS\U81xmgmt.sys [77472 2005-07-15] (MCCI)
S3 U81xobex; C:\Windows\System32\DRIVERS\U81xobex.sys [75456 2005-07-15] (MCCI)
R1 vcdrom; C:\WINDOWS\system32\drivers\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16560 2009-03-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [31280 2009-03-26] (VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-03-26] (VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [857520 2009-03-26] (VMware, Inc.)
S3 WINFLASH; C:\Program Files\U-ABIT\BlackBox\WinFlash.sys [3548 2002-09-17] ()
R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [250496 2006-11-22] (Marvell)
S3 ABIT-IO; \??\C:\Documents and Settings\John\ABIT-IO.sys [x]
S3 catchme; \??\C:\DOCUME~1\GRANDP~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S0 uGuru; system32\Drivers\uGuru.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 Video3D; System32\Drivers\Video3D32.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 10:55 - 2013-10-20 10:55 - 00000000 ____D C:\FRST
2013-10-20 10:54 - 2013-10-20 10:54 - 01087515 _____ (Farbar) C:\Documents and Settings\Grand Poo Bah\Desktop\FRST.exe
2013-10-20 10:20 - 2013-10-20 10:20 - 00004733 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\RKreport[0]_S_10202013_102016.txt
2013-10-20 10:17 - 2013-10-20 10:33 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\RK_Quarantine
2013-10-19 19:46 - 2013-10-19 19:46 - 00065536 _____ C:\WINDOWS\Minidump\Mini101913-01.dmp
2013-10-19 19:28 - 2013-10-19 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-19 19:28 - 2013-10-19 19:59 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-19 19:25 - 2013-10-19 20:29 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\mbar
2013-10-19 19:25 - 2013-10-19 19:25 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-19 14:13 - 2013-10-19 14:15 - 00000000 ___SD C:\ComboFix
2013-10-19 10:36 - 2013-10-19 10:36 - 00000000 ____D C:\Qoobox
2013-10-19 10:36 - 2011-06-26 16:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-19 10:36 - 2010-11-08 03:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-19 10:36 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-19 10:36 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-19 10:36 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-19 10:36 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-19 10:36 - 2000-08-31 10:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-19 10:36 - 2000-08-31 10:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-19 10:36 - 2000-08-31 10:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-19 10:35 - 2013-10-19 10:35 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-19 10:31 - 2013-10-19 10:31 - 05134711 ____R (Swearware) C:\Documents and Settings\Grand Poo Bah\Desktop\ComboFix.exe
2013-10-18 20:41 - 2012-05-04 19:29 - 00772504 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-10-18 20:41 - 2012-05-04 19:29 - 00687504 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-10-18 20:39 - 2013-10-18 20:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-18 20:39 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-18 20:39 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-18 20:38 - 2013-10-18 20:38 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-18 20:38 - 2013-10-18 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-18 20:38 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-18 20:38 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-18 20:38 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-16 20:45 - 2013-10-16 22:44 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Doctor Web
2013-10-16 20:45 - 2013-10-16 21:19 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-10-16 20:40 - 2013-10-16 20:40 - 00001003 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Shortcut to SecurityCheck.exe.lnk
2013-10-16 20:25 - 2013-10-16 20:36 - 132765616 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\cureit.exe
2013-10-15 22:18 - 2013-10-15 22:19 - 00006709 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\myotlcustom.txt
2013-10-15 20:21 - 2013-10-15 20:21 - 00000000 ____D C:\_OTL
2013-10-14 11:49 - 2013-10-14 12:31 - 00270300 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.Txt
2013-10-14 11:49 - 2013-10-14 12:31 - 00102844 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Extras.Txt
2013-10-14 11:31 - 2013-10-14 11:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.exe
2013-10-14 07:01 - 2013-10-14 19:33 - 00002263 _____ C:\Documents and Settings\All Users\Desktop\PrintMaster Platinum 18.lnk
2013-10-14 07:01 - 2013-10-14 07:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMaster Platinum 18
2013-10-13 16:02 - 2013-10-13 16:02 - 00027823 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\dds.txt
2013-10-13 16:02 - 2013-10-13 16:02 - 00023404 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\attach.txt
2013-10-12 23:44 - 2013-10-12 23:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-12 23:43 - 2013-10-12 23:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-12 23:42 - 2013-10-12 23:43 - 00131771 _____ C:\WINDOWS\KB2862335.log
2013-10-12 23:22 - 2013-10-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-12 23:21 - 2013-10-12 23:22 - 00010226 _____ C:\WINDOWS\KB2884256.log
2013-10-12 23:21 - 2013-10-12 23:21 - 00010781 _____ C:\WINDOWS\KB2868038.log
2013-10-12 23:21 - 2013-10-12 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-12 23:19 - 2013-10-12 23:19 - 00012051 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-12 23:18 - 2013-10-12 23:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-12 23:18 - 2013-10-12 23:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-12 20:41 - 2013-10-06 20:22 - 00452196 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131012-204138.backup
2013-10-12 19:43 - 2013-10-13 15:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2013-10-12 13:21 - 2013-10-12 13:21 - 00000793 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Malwarebytes
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-12 13:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-12 12:22 - 2013-10-12 12:22 - 00001416 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\JRT.txt
2013-10-12 12:04 - 2013-10-12 12:04 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 11:47 - 2013-10-12 11:51 - 00000000 ____D C:\AdwCleaner
2013-10-12 11:31 - 2013-10-12 11:32 - 00017050 _____ C:\WINDOWS\DPINST.LOG
2013-10-12 11:22 - 2013-10-12 11:22 - 00000821 _____ C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileSync.lnk
2013-10-12 11:22 - 2013-10-12 11:22 - 00000797 _____ C:\Documents and Settings\All Users\Start Menu\Programs\RealtimeSync.lnk
2013-10-12 11:03 - 2013-10-12 23:44 - 00133424 _____ C:\WINDOWS\KB2847311.log
2013-10-12 11:03 - 2013-07-03 12:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-12 11:03 - 2013-07-03 11:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-10-12 11:01 - 2013-07-17 10:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-12 11:01 - 2013-07-17 10:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-12 11:01 - 2013-07-17 10:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-12 11:00 - 2013-08-09 10:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-12 11:00 - 2013-08-09 10:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-12 11:00 - 2013-08-09 10:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-12 11:00 - 2009-03-18 21:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-06 20:22 - 2012-12-08 22:14 - 00446493 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131006-202209.backup

==================== One Month Modified Files and Folders =======

2013-10-20 10:56 - 2010-09-12 20:25 - 00481225 _____ C:\WINDOWS\pfirewall.log
2013-10-20 10:56 - 2009-05-20 22:26 - 00393216 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-10-20 10:55 - 2013-10-20 10:55 - 00000000 ____D C:\FRST
2013-10-20 10:54 - 2013-10-20 10:54 - 01087515 _____ (Farbar) C:\Documents and Settings\Grand Poo Bah\Desktop\FRST.exe
2013-10-20 10:43 - 2012-07-13 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-20 10:37 - 2008-01-22 18:42 - 00000266 _____ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2013-10-20 10:33 - 2013-10-20 10:17 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\RK_Quarantine
2013-10-20 10:20 - 2013-10-20 10:20 - 00004733 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\RKreport[0]_S_10202013_102016.txt
2013-10-20 10:19 - 2010-01-30 16:48 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-20 10:14 - 2012-06-08 22:44 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Dropbox
2013-10-20 10:13 - 2012-06-09 18:14 - 00000000 ___RD C:\Documents and Settings\Grand Poo Bah\My Documents\Dropbox
2013-10-20 10:13 - 2012-02-27 16:26 - 00000000 ____D C:\Documents and Settings\Rebekah\My Documents\Create Synchronicity
2013-10-20 10:13 - 2009-04-13 18:57 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Tracing
2013-10-20 10:12 - 2011-09-23 18:48 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Local Settings\Application Data\Htc
2013-10-20 10:11 - 2012-07-16 20:17 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-20 10:11 - 2010-01-30 16:48 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-20 10:11 - 2002-08-29 22:00 - 00013754 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-20 10:01 - 2007-12-20 20:52 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2013-10-20 09:59 - 2009-06-29 18:22 - 01780075 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-20 09:58 - 2009-06-29 18:29 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-20 09:58 - 2009-06-29 18:29 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-20 09:58 - 2007-12-17 05:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-19 21:06 - 2013-01-27 13:18 - 00393216 _____ C:\WINDOWS\system32\config\VPN.evt
2013-10-19 21:06 - 2009-06-29 18:28 - 00032356 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-19 21:06 - 2008-01-27 09:08 - 00000178 ___SH C:\Documents and Settings\Grand Poo Bah\ntuser.ini
2013-10-19 20:46 - 2007-12-18 21:42 - 00000000 ____D C:\Documents and Settings\All Users\Documents\NTP
2013-10-19 20:29 - 2013-10-19 19:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-19 20:29 - 2013-10-19 19:25 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Desktop\mbar
2013-10-19 19:59 - 2013-10-19 19:28 - 00105176 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-10-19 19:52 - 2008-04-27 20:36 - 00007864 _____ C:\Documents and Settings\Grand Poo Bah\_viminfo
2013-10-19 19:52 - 2008-01-27 09:08 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah
2013-10-19 19:46 - 2013-10-19 19:46 - 00065536 _____ C:\WINDOWS\Minidump\Mini101913-01.dmp
2013-10-19 19:46 - 2007-12-25 07:46 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-19 19:46 - 2007-12-17 06:40 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-19 19:45 - 2013-03-19 20:53 - 3219673088 _____ C:\WINDOWS\MEMORY.DMP
2013-10-19 19:25 - 2013-10-19 19:25 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-10-19 19:18 - 2010-09-12 20:25 - 04033300 _____ C:\WINDOWS\pfirewall.log.old
2013-10-19 14:15 - 2013-10-19 14:13 - 00000000 ___SD C:\ComboFix
2013-10-19 14:14 - 2007-12-20 11:30 - 00000178 ___SH C:\Documents and Settings\ntp\ntuser.ini
2013-10-19 13:25 - 2007-12-17 09:13 - 00000000 ____D C:\WINDOWS\ime
2013-10-19 13:18 - 2013-06-02 20:37 - 00079195 _____ C:\WINDOWS\setupapi.log
2013-10-19 10:36 - 2013-10-19 10:36 - 00000000 ____D C:\Qoobox
2013-10-19 10:35 - 2013-10-19 10:35 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-19 10:31 - 2013-10-19 10:31 - 05134711 ____R (Swearware) C:\Documents and Settings\Grand Poo Bah\Desktop\ComboFix.exe
2013-10-18 20:41 - 2011-09-14 19:45 - 00000000 ____D C:\Program Files\Oracle
2013-10-18 20:39 - 2013-10-18 20:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-18 20:38 - 2013-10-18 20:38 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-18 20:38 - 2013-10-18 20:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-18 20:38 - 2007-12-18 21:23 - 00000000 ____D C:\Program Files\Java
2013-10-16 22:44 - 2013-10-16 20:45 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Doctor Web
2013-10-16 21:19 - 2013-10-16 20:45 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-10-16 20:40 - 2013-10-16 20:40 - 00001003 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Shortcut to SecurityCheck.exe.lnk
2013-10-16 20:36 - 2013-10-16 20:25 - 132765616 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\cureit.exe
2013-10-15 22:19 - 2013-10-15 22:18 - 00006709 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\myotlcustom.txt
2013-10-15 20:21 - 2013-10-15 20:21 - 00000000 ____D C:\_OTL
2013-10-14 19:33 - 2013-10-14 07:01 - 00002263 _____ C:\Documents and Settings\All Users\Desktop\PrintMaster Platinum 18.lnk
2013-10-14 19:29 - 2012-04-26 12:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-14 12:31 - 2013-10-14 11:49 - 00270300 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.Txt
2013-10-14 12:31 - 2013-10-14 11:49 - 00102844 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\Extras.Txt
2013-10-14 11:31 - 2013-10-14 11:31 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Grand Poo Bah\Desktop\OTL.exe
2013-10-14 11:30 - 2013-03-03 20:54 - 00000000 ____D C:\Documents and Settings\Rumpus Room\Application Data\uTorrent
2013-10-14 07:52 - 2007-12-17 17:57 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\My Documents\Printmaster
2013-10-14 07:01 - 2013-10-14 07:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PrintMaster Platinum 18
2013-10-14 07:01 - 2007-12-24 14:53 - 00000000 ____D C:\Program Files\PrintMaster Platinum 18
2013-10-14 03:06 - 2007-12-17 06:22 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-13 16:02 - 2013-10-13 16:02 - 00027823 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\dds.txt
2013-10-13 16:02 - 2013-10-13 16:02 - 00023404 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\attach.txt
2013-10-13 15:38 - 2013-10-12 19:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-13 15:29 - 2008-01-27 20:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 15:29 - 2007-12-17 15:30 - 01247680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-12 23:54 - 2011-09-15 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-10-12 23:51 - 2007-12-17 15:30 - 00620060 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-12 23:44 - 2013-10-12 23:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-12 23:44 - 2013-10-12 11:03 - 00133424 _____ C:\WINDOWS\KB2847311.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00161246 _____ C:\WINDOWS\iis6.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00148394 _____ C:\WINDOWS\FaxSetup.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00075504 _____ C:\WINDOWS\ocgen.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00067708 _____ C:\WINDOWS\tsoc.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00049698 _____ C:\WINDOWS\comsetup.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00045562 _____ C:\WINDOWS\msmqinst.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00030083 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00025992 _____ C:\WINDOWS\netfxocm.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00014830 _____ C:\WINDOWS\updspapi.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00010200 _____ C:\WINDOWS\MedCtrOC.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00008208 _____ C:\WINDOWS\ocmsn.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00007464 _____ C:\WINDOWS\tabletoc.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00007416 _____ C:\WINDOWS\msgsocm.log
2013-10-12 23:44 - 2013-06-12 19:20 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-12 23:43 - 2013-10-12 23:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-12 23:43 - 2013-10-12 23:42 - 00131771 _____ C:\WINDOWS\KB2862335.log
2013-10-12 23:43 - 2013-06-12 19:20 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-12 23:32 - 2013-08-16 23:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-12 23:26 - 2007-12-17 18:32 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-12 23:25 - 2011-10-12 20:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-12 23:22 - 2013-10-12 23:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2884256$
2013-10-12 23:22 - 2013-10-12 23:21 - 00010226 _____ C:\WINDOWS\KB2884256.log
2013-10-12 23:21 - 2013-10-12 23:21 - 00010781 _____ C:\WINDOWS\KB2868038.log
2013-10-12 23:21 - 2013-10-12 23:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-12 23:19 - 2013-10-12 23:19 - 00012051 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-12 23:19 - 2013-10-12 23:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-12 23:19 - 2009-05-21 06:14 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-12 23:18 - 2013-10-12 23:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-12 19:22 - 2013-08-16 13:48 - 00003753 _____ C:\Documents and Settings\Grand Poo Bah\My Documents\SyncSettings.ffs_gui
2013-10-12 19:21 - 2008-03-09 18:49 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
2013-10-12 19:20 - 2013-10-12 19:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2013-10-12 17:36 - 2007-12-21 05:43 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-12 14:43 - 2012-04-02 06:40 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-12 14:43 - 2011-05-26 10:06 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-12 13:21 - 2013-10-12 13:21 - 00000793 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Malwarebytes
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-12 13:21 - 2013-10-12 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-12 12:22 - 2013-10-12 12:22 - 00001416 _____ C:\Documents and Settings\Grand Poo Bah\Desktop\JRT.txt
2013-10-12 12:04 - 2013-10-12 12:04 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-12 12:02 - 2008-05-11 17:35 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Application Data\Free Download Manager
2013-10-12 11:51 - 2013-10-12 11:47 - 00000000 ____D C:\AdwCleaner
2013-10-12 11:36 - 2008-07-02 11:51 - 00000000 ____D C:\Program Files\Nokia
2013-10-12 11:34 - 2011-03-11 20:12 - 00000000 ____D C:\Documents and Settings\Grand Poo Bah\Local Settings\Application Data\NokiaAccount
2013-10-12 11:33 - 2008-07-02 11:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Installations
2013-10-12 11:32 - 2013-10-12 11:31 - 00017050 _____ C:\WINDOWS\DPINST.LOG
2013-10-12 11:22 - 2013-10-12 11:22 - 00000821 _____ C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileSync.lnk
2013-10-12 11:22 - 2013-10-12 11:22 - 00000797 _____ C:\Documents and Settings\All Users\Start Menu\Programs\RealtimeSync.lnk
2013-10-12 11:22 - 2013-08-14 20:22 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\FreeFileSync.lnk
2013-10-12 11:15 - 2009-04-27 19:33 - 00000178 ___SH C:\Documents and Settings\Rumpus Room\ntuser.ini
2013-10-12 11:15 - 2009-04-27 19:33 - 00000000 ____D C:\Documents and Settings\Rumpus Room
2013-10-12 10:50 - 2009-05-17 16:07 - 00000000 ____D C:\Documents and Settings\Rumpus Room\Tracing
2013-10-12 10:49 - 2011-09-22 19:54 - 00000000 ____D C:\Documents and Settings\Rumpus Room\Local Settings\Application Data\Htc
2013-10-08 07:50 - 2013-10-18 20:38 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-08 07:46 - 2013-10-18 20:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-08 07:46 - 2013-10-18 20:38 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-08 07:46 - 2013-10-18 20:38 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-08 07:29 - 2013-10-18 20:39 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-06 20:22 - 2013-10-12 20:41 - 00452196 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131012-204138.backup
2013-10-06 20:17 - 2007-12-20 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-10-06 11:14 - 2007-12-18 18:40 - 00000178 ___SH C:\Documents and Settings\Alistair\ntuser.ini
2013-10-06 11:14 - 2007-12-18 18:40 - 00000000 ____D C:\Documents and Settings\Alistair
2013-10-06 08:24 - 2012-06-17 13:15 - 00000000 ____D C:\Documents and Settings\Alistair\Local Settings\Application Data\Htc
2013-09-24 21:51 - 2007-12-17 05:42 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-09-24 04:33 - 2012-06-13 19:58 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-09-24 04:33 - 2010-06-12 09:30 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-09-24 04:33 - 2009-07-29 17:12 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-09-24 04:33 - 2009-07-29 17:12 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-09-24 04:33 - 2009-06-10 10:37 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-09-24 04:33 - 2009-06-10 10:37 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-09-24 04:33 - 2009-06-10 10:37 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-09-24 04:33 - 2009-06-10 10:37 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-09-24 04:33 - 2008-04-14 04:42 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-09-24 04:33 - 2008-04-14 04:42 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-09-24 04:33 - 2008-04-14 04:42 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2013-09-24 04:33 - 2008-04-14 04:41 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2013-09-24 04:33 - 2007-12-17 05:40 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-09-24 04:33 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-24 04:33 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-24 04:33 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-09-24 04:33 - 2007-08-13 18:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-24 04:06 - 2008-04-13 23:07 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2013-09-23 23:36 - 2008-04-14 04:42 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 23:36 - 2008-04-14 04:42 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-09-22 10:03 - 2008-01-06 08:39 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-09-20 15:52 - 2008-03-31 19:13 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

Files to move or delete:
====================
C:\Documents and Settings\Grand Poo Bah\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences.dat
C:\Documents and Settings\Grand Poo Bah\jagex_runescape_preferences2.dat
C:\Documents and Settings\John\jagex_runescape_preferences.dat
C:\Documents and Settings\Rebekah\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Rebekah\jagex_runescape_preferences.dat
C:\Documents and Settings\Rebekah\jagex_runescape_preferences2.dat
C:\Documents and Settings\Rebekah\jagex__preferences3.dat
C:\Documents and Settings\Rumpus Room\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences.dat
C:\Documents and Settings\Rumpus Room\jagex_runescape_preferences2.dat
C:\Documents and Settings\Rumpus Room\jagex__preferences3.dat


Some content of TEMP:
====================
C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Grand Poo Bah\Local Settings\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.