Requesting help to remove Police ransome screen

[paul66h]

I have searched the forums and used the self help to put Kapersky rescue disc onto a USB stick and scanned my computer to remove viruses etc.  After this I ran the computer normally and the screen displaying the Cheshire police authority page appeared so I assume there must be more to do to get rid of it.  I've seen in other posts about editing the registry using the Kapersky Registry Editor.  I've looked in:

HKEY_LOCAL_MACHINE and found

 

AOL Spyware protection  REG_SZ C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

 

and

 

ISUSPM Startup  REG_SZ  C:\PROGRA~1\COMMON~1\INSAL~1\UPDATE~1\SUSPM.exe -startup

 

There are may other lines but these are the only 2 that are in capitals and have the ~1 in the path.

 

Am I on the right track and should I delete these or is that not the correct approach?

 

Regards,

Paul

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[paul66h]

Hello,

I'm unsure how to proceed.  I can't start my computer without getting the lock out screen.  So I've downloaded the file through the Kapersky desktop and copied it onto that desktop.  When I double click I get a dialog box asking me what I should use to open FRST.exe 

 

Can you help me with this please.

 

Regards,

Paul

[kevinf80]

Hiya Paul,

 

When the lockout screen shows from a normal boot select Alt and F4 keys together, does that give the option to close out the current window. If so do that. Now run your AV program or Malwarebytes if you have it.

 

If you cannot do that, what version of windows do you have? xp vista, windows 7 or 8. Do you have access to another PC and also USB stick

[paul66h]

Hi Kevinf80,

I tried the Alt+F4 but it didn't work.  I've managed to get rid of the lockout screen buy luck - started shutting down and managed to get to the start menu and started AVG running.  I've now been able to run Farbar recovery scan.  Here are the content of the .txt files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Paul (administrator) on HOMEDESKTOP on 10-11-2013 21:35:25
Running from C:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)
HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)
HKLM\...\Run: [P17Helper] - Rundll32 P17.dll,P17Helper
HKLM\...\Run: [updReg] - C:\WINDOWS\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\realplay.exe [26112 2005-10-18] (RealNetworks, Inc.)
HKLM\...\Run: [AOL Spyware Protection] - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [147456 2004-02-16] (AOL Spyware Protection)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-05] (Apple Inc.)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [wltray.exe] - C:\WINDOWS\system32\wltray.exe [696422 2005-01-29] (BT Voyager Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer\Run: [NoActiveDesktopChanges] - 0x00000000 No File
HKLM\...\Policies\Explorer\Run: [NoActiveDesktop] - 0 No File
HKLM\...\Policies\Explorer\Run: [NoSaveSettings] - 0 No File
HKLM\...\Policies\Explorer\Run: [ClassicShell] - 0 No File
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKCU\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation)
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispScrSavPage] 0
HKCU\...\Policies\system: [NoDispCPL] 0
HKCU\...\Policies\Explorer: [NoActiveDesktopChanges] 0x00000000
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [ClassicShell] 0
HKU\Amanda\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Amanda\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Amanda\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\Amanda\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [x]
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Emily\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Emily\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\Emily\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [x]
HKU\Lydia\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Lydia\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2010-11-29] (Apple Inc.)
HKU\Lydia\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [ 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\Lydia\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2012-09-06] (Google Inc.)
HKU\Lydia\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
ShortcutTarget: AOL 9.0 Tray Icon.lnk -> C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
ShortcutTarget: Wireless USB 2.0 WLAN Card Utility.lnk -> C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
Startup: C:\Documents and Settings\Amanda\Start Menu\Programs\Startup\g7t0jd9.lnk
ShortcutTarget: g7t0jd9.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss (Microsoft Corporation)
Startup: C:\Documents and Settings\Lydia\Start Menu\Programs\Startup\g7t0jd9.lnk
ShortcutTarget: g7t0jd9.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss (Microsoft Corporation)
Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\g7t0jd9.lnk
ShortcutTarget: g7t0jd9.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\DESRCAS.DLL ()
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\DESRCAS.DLL ()
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
R2 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [1123440 2004-02-25] (America Online, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S4 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [57344 2004-10-04] (Conexant Systems, Inc.)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss [143360 2013-11-09] (Microsoft Corporation)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [876649 2005-01-29] (BT Voyager Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-10-18] (Windows ® 2000 DDK provider)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
R3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 P17; C:\Windows\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-18] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [157264 2013-10-01] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [230448 2013-10-01] (Trusteer Ltd.)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-10 21:35 - 2013-11-10 21:35 - 00000000 ____D C:\FRST
2013-11-10 21:32 - 2013-11-10 21:32 - 00000000 ____D C:\Documents and Settings\Paul\Desktop\New Folder
2013-11-10 18:42 - 2013-11-10 18:42 - 01957590 _____ (Farbar) C:\FRST64.exe
2013-11-10 18:15 - 2013-11-10 18:15 - 01090275 _____ (Farbar) C:\FRST.exe
2013-11-10 18:07 - 2013-11-10 18:07 - 00000069 _____ C:\.directory
2013-11-10 08:21 - 2013-11-10 21:14 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-10 06:11 - 2013-11-10 06:11 - 00000000 __SHD C:\found.000
2013-11-09 07:41 - 2013-11-09 07:41 - 08126464 _____ C:\WINDOWS\system32\config\SYSTEM.bhv
2013-11-09 07:41 - 2013-11-09 07:41 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.bhv
2013-11-09 07:41 - 2013-11-09 07:41 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bhv
2013-11-09 07:41 - 2013-11-09 07:41 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bhv
2013-11-09 07:40 - 2013-11-09 07:40 - 40632320 _____ C:\WINDOWS\system32\config\SOFTWARE.bhv
2013-11-09 06:53 - 2013-11-09 06:53 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-11-09 00:30 - 2013-11-10 21:17 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv
2013-11-09 00:30 - 2013-11-09 00:30 - 00000387 _____ C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg
2013-11-09 00:29 - 2013-11-10 21:32 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx
2013-11-09 00:29 - 2013-11-09 00:29 - 00143360 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\9dj0t7g.dss
2013-10-29 23:17 - 2013-10-29 23:17 - 00000000 ____D C:\Documents and Settings\Lydia\Local Settings\Application Data\Trusteer
2013-10-18 22:15 - 2013-10-18 22:15 - 00000000 ____D C:\Documents and Settings\Amanda\Local Settings\Application Data\Trusteer
2013-10-18 19:37 - 2013-10-18 19:37 - 00000000 ____D C:\Program Files\Trusteer
2013-10-18 19:37 - 2013-10-18 19:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\Trusteer
2013-10-18 19:37 - 2013-10-18 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2013-10-18 19:36 - 2013-10-18 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trusteer
2013-10-11 17:44 - 2013-10-11 17:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG

==================== One Month Modified Files and Folders =======

2013-11-10 21:35 - 2013-11-10 21:35 - 00000000 ____D C:\FRST
2013-11-10 21:33 - 2011-02-21 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-10 21:32 - 2013-11-10 21:32 - 00000000 ____D C:\Documents and Settings\Paul\Desktop\New Folder
2013-11-10 21:32 - 2013-11-09 00:29 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx
2013-11-10 21:32 - 2004-08-10 12:02 - 01508514 ____H C:\WINDOWS\WindowsUpdate.log
2013-11-10 21:20 - 2012-03-30 05:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-10 21:17 - 2013-11-09 00:30 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv
2013-11-10 21:17 - 2004-08-10 11:59 - 00000050 ____H C:\WINDOWS\wiaservc.log
2013-11-10 21:16 - 2012-09-06 05:57 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 21:16 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-10 21:14 - 2013-11-10 08:21 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-11-10 18:42 - 2013-11-10 18:42 - 01957590 _____ (Farbar) C:\FRST64.exe
2013-11-10 18:15 - 2013-11-10 18:15 - 01090275 _____ (Farbar) C:\FRST.exe
2013-11-10 18:07 - 2013-11-10 18:07 - 00000069 _____ C:\.directory
2013-11-10 10:50 - 2012-06-12 07:16 - 00303514 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-11-10 10:50 - 2011-02-21 20:39 - 00000178 ___SH C:\Documents and Settings\Paul\ntuser.ini
2013-11-10 10:50 - 2004-08-10 12:08 - 00032582 ____H C:\WINDOWS\SchedLgU.Txt
2013-11-10 10:41 - 2012-09-06 05:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 06:24 - 2011-02-21 22:49 - 00000178 ___SH C:\Documents and Settings\Lydia\ntuser.ini
2013-11-10 06:11 - 2013-11-10 06:11 - 00000000 __SHD C:\found.000
2013-11-10 05:56 - 2004-08-10 11:51 - 00002206 ____H C:\WINDOWS\system32\wpa.dbl
2013-11-09 19:37 - 2011-02-21 21:39 - 00000000 ____D C:\Documents and Settings\Paul\My Documents\Paul's
2013-11-09 07:41 - 2013-11-09 07:41 - 08126464 _____ C:\WINDOWS\system32\config\SYSTEM.bhv
2013-11-09 07:41 - 2013-11-09 07:41 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.bhv
2013-11-09 07:41 - 2013-11-09 07:41 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bhv
2013-11-09 07:41 - 2013-11-09 07:41 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bhv
2013-11-09 07:41 - 2011-02-21 22:49 - 00000000 ____D C:\Documents and Settings\Lydia
2013-11-09 07:41 - 2011-02-21 22:47 - 00000000 ____D C:\Documents and Settings\Emily
2013-11-09 07:41 - 2011-02-21 22:14 - 00000000 ____D C:\Documents and Settings\Amanda
2013-11-09 07:41 - 2011-02-21 20:39 - 00000000 ____D C:\Documents and Settings\Paul
2013-11-09 07:40 - 2013-11-09 07:40 - 40632320 _____ C:\WINDOWS\system32\config\SOFTWARE.bhv
2013-11-09 06:53 - 2013-11-09 06:53 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-11-09 01:16 - 2012-06-12 07:16 - 00353136 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat
2013-11-09 01:01 - 2011-02-21 22:14 - 00000178 ___SH C:\Documents and Settings\Amanda\ntuser.ini
2013-11-09 00:30 - 2013-11-09 00:30 - 00000387 _____ C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg
2013-11-09 00:29 - 2013-11-09 00:29 - 00143360 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\9dj0t7g.dss
2013-11-08 17:39 - 2011-02-21 22:38 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\MailWasherFree
2013-11-06 07:16 - 2011-07-17 10:31 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-11-03 22:16 - 2004-08-10 12:01 - 00000000 ___HD C:\WINDOWS\system32\FxsTmp
2013-11-03 18:00 - 2012-09-14 17:17 - 00000468 _____ C:\WINDOWS\Tasks\fba_General Backup .job
2013-11-02 07:30 - 2012-09-15 06:10 - 00000484 _____ C:\WINDOWS\Tasks\fba_Outlook Express Backup.job
2013-10-31 11:51 - 2013-02-16 09:54 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-29 23:17 - 2013-10-29 23:17 - 00000000 ____D C:\Documents and Settings\Lydia\Local Settings\Application Data\Trusteer
2013-10-27 05:28 - 2011-10-30 06:55 - 00528456 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2013-10-21 15:36 - 2011-03-10 18:40 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\HpUpdate
2013-10-20 17:26 - 2011-02-21 22:43 - 00000000 ____D C:\Documents and Settings\Amanda\My Documents\General
2013-10-18 22:15 - 2013-10-18 22:15 - 00000000 ____D C:\Documents and Settings\Amanda\Local Settings\Application Data\Trusteer
2013-10-18 19:37 - 2013-10-18 19:37 - 00000000 ____D C:\Program Files\Trusteer
2013-10-18 19:37 - 2013-10-18 19:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\Trusteer
2013-10-18 19:37 - 2013-10-18 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2013-10-18 19:36 - 2013-10-18 19:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Trusteer
2013-10-14 22:22 - 2011-03-07 21:27 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-14 15:34 - 2011-04-29 15:30 - 00000000 ____D C:\Documents and Settings\Amanda\Application Data\HpUpdate
2013-10-11 17:44 - 2013-10-11 17:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-11 17:44 - 2013-09-27 14:29 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-10-11 17:44 - 2011-02-21 22:16 - 00000000 ___HD C:\$AVG
2013-10-11 17:44 - 2005-10-18 07:56 - 00149519 _____ C:\WINDOWS\setupapi.log
2013-10-11 08:04 - 2012-02-07 19:40 - 00000000 ____D C:\Documents and Settings\Amanda\My Documents\My Scans

Some content of TEMP:
====================
C:\Documents and Settings\Amanda\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Lydia\Local Settings\Temp\DeltaTB.exe
C:\Documents and Settings\Paul\Local Settings\Temp\5g5qqzyv.dll
C:\Documents and Settings\Paul\Local Settings\Temp\5xnccbur.dll
C:\Documents and Settings\Paul\Local Settings\Temp\bwcdco1r.dll
C:\Documents and Settings\Paul\Local Settings\Temp\cj2wnkg1.dll
C:\Documents and Settings\Paul\Local Settings\Temp\dsx1meo3.dll
C:\Documents and Settings\Paul\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Paul\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Paul\Local Settings\Temp\~tmf4784137670608574892.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01
Ran by Paul at 2013-11-10 21:48:38
Running from C:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Help Center 2.1 (Version: 2.1)
Adobe Photoshop Elements 5.0 (Version: 5.0)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
AOL Coach Version 1.0(Build:20040201.2 uk)
AOL Connectivity Services
AOL Spyware Protection (Version: 1.0.59)
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.1.116)
ARTEuro (Version: 1.00.0000)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Bonjour (Version: 2.0.5.0)
BT Voyager Wireless Utility (Version: 1.00.010)
BufferChm (Version: 130.0.331.000)
CoffeeCup Free FTP (Version: 4.4.4)
Conexant D850 56K V.9x DFVc Modem
Copy (Version: 130.0.366.000)
Creative MediaSource
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience (Version: 3.00)
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell Support 5.0.0 (630)
Dell System Restore (Version: 2.00.0000)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Digital Line Detect (Version: 1.10)
DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000)
eReg (Version: 1.20.138.34)
F4500 (Version: 130.0.406.000)
FBackup 4
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
GPBaseService2 (Version: 130.0.371.000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
Internet Explorer Default Page (Version: 1.00.03)
iTunes (Version: 10.3.0.54)
Jasc Paint Shop Photo Album 5 (Version: 5.22)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 6 Update 29 (Version: 6.0.290)
Learn2 Player (Uninstall Only)
Logitech SetPoint 6.20 (Version: 6.20.64)
MailWasher Free 6.5.2
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4763.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 7.0 (Version: 07.02.0620)
Modem Helper (Version: 2.40)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MyWay Search Assistant (Version: 1.0.1)
NetWaiting (Version: 2.5.12)
Network (Version: 130.0.572.000)
OLYMPUS Master 2 (Version: 1.0.6)
PowerDVD 5.5
QuickTime (Version: 7.69.80.9)
Rapport (Version: 3.5.1304.9)
RealPlayer Basic
Safari (Version: 5.33.18.5)
Samsung Kies (Version: 2.3.2.12054_19)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Sonic DLA (Version: 4.95)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sound Blaster Live! 24-bit
Spell Checker For OE 2.1
Status (Version: 130.0.373.000)
Tiscali Internet (Version: 1.0.0.25)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
TrueCrypt (Version: 6.1a)
Trusteer Endpoint Protection (Version: 3.5.1304.9)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB 2.0 Wireless LAN Card Utility (Version: 8.1.20)
Viewpoint Media Player
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Wanadoo Europe Installer (Version: 1.02.008)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows PowerShell 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Detect
Yahoo! Toolbar

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.

==================== Hosts content: ==========================

2004-08-10 11:51 - 2004-08-04 04:00 - 00000734 ___AH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\fba_General Backup .job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\fba_Outlook Express Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 05:57:17 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070570.

Error: (11/09/2013 00:19:49 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/08/2013 11:47:45 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/31/2013 06:59:58 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2013 06:59:58 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/27/2013 05:28:14 AM) (Source: LoadPerf) (User: )
Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
Error code is the first DWORD in Data section.

Error: (10/27/2013 05:28:14 AM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (10/08/2013 07:13:19 AM) (Source: Application Error) (User: )
Description: Fault bucket -1991658114.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/08/2013 07:00:46 AM) (Source: Application Error) (User: )
Description: Faulting application asp.exe, version 1.0.0.59, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00002caf.
Processing media-specific event for [asp.exe!ws!]

Error: (10/02/2013 03:13:34 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (11/10/2013 09:51:15 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:50:41 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:50:08 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:49:38 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:49:08 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:39:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:38:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:38:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:37:34 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (11/10/2013 09:37:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 2046.07 MB
Available physical RAM: 644.45 MB
Total Pagefile: 3938.52 MB
Available Pagefile: 2861.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1956.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:229.76 GB) (Free:155.42 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================

[kevinf80]

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• Ensure that Combofix is saved directly to the Desktop <--- Very important
   
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
   
  
• Close any open browsers and any other programs you might have running
   
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
   
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
   
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
   
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

• 
  

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

[paul66h]

Hi Kevin,

I ran the Combofix and the content of the combofix.txt file is below.  After it ran the system restarted and I still got the lockout screen.  I've managed to get around it by starting a shutdown and starting another application as it shuts down.

 

Regards,

Paul

 

ComboFix 13-11-10.02 - Paul 10/11/2013  23:36:11.1.2 - x86
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
C:\Program Files\MyWaySA
C:\Program Files\MyWaySA\SrchAsDe\DESRCAS.DLL

(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))

2013-11-10 21:35:08 . 2013-11-10 21:35:08 -------- d-----w- C:\FRST
2013-11-10 08:21:57 . 2013-11-10 21:14:36 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-10 06:11:46 . 2013-11-10 06:11:46 -------- d-----w- C:\found.000
2013-11-09 06:53:54 . 2013-11-09 06:53:54 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-11-09 00:30:46 . 2013-11-11 00:04:36 387 ----a-w- C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg
2013-11-09 00:29:53 . 2013-11-09 00:29:53 143360 ----a-w- C:\Documents and Settings\All Users\Application Data\9dj0t7g.dss
2013-10-29 23:17:44 . 2013-10-29 23:17:44 -------- d-----w- C:\Documents and Settings\Lydia\Local Settings\Application Data\Trusteer
2013-10-18 19:37:58 . 2013-10-18 19:37:58 -------- d-----w- C:\Documents and Settings\Paul\Local Settings\Application Data\Trusteer
2013-10-18 19:37:52 . 2013-10-18 19:37:52 -------- d-----w- C:\Program Files\Trusteer
2013-10-18 19:36:05 . 2013-10-18 19:36:05 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Trusteer
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-10-27 05:28:14 . 2011-10-30 06:55:12 528456 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP
2013-10-09 19:20:45 . 2012-03-30 05:35:51 692616 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 19:20:45 . 2011-05-13 19:38:08 71048 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-01 18:23:36 . 2013-10-01 18:23:36 108816 ----a-w- C:\WINDOWS\system32\drivers\RapportKELL.sys
2013-09-25 19:57:14 . 2013-08-01 15:06:14 120632 ----a-w- C:\WINDOWS\system32\drivers\avgdiskx.sys
2013-09-10 21:11:44 . 2011-12-23 12:32:08 22840 ----a-w- C:\WINDOWS\system32\drivers\avgidsshimx.sys
2013-09-08 21:12:16 . 2010-09-07 03:48:50 27448 ----a-w- C:\WINDOWS\system32\drivers\avgrkx86.sys
2013-09-02 09:39:32 . 2010-12-08 04:12:38 176952 ----a-w- C:\WINDOWS\system32\drivers\avgldx86.sys
2013-09-02 09:28:06 . 2012-04-19 03:50:26 145720 ----a-w- C:\WINDOWS\system32\drivers\avgidshx.sys
2013-09-02 09:28:04 . 2011-12-23 12:32:00 209208 ----a-w- C:\WINDOWS\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28:00 . 2012-09-21 03:46:00 223032 ----a-w- C:\WINDOWS\system32\drivers\avglogx.sys
2013-08-20 21:54:04 . 2010-09-07 03:48:56 102200 ----a-w- C:\WINDOWS\system32\drivers\avgmfx86.sys

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 06:51:24 306688]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 19:42:26 95632]
"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2012-05-29 17:17:52 958392]
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 17:18:06 21432]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05:00 344064]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43:36 57344]
"P17Helper"="P17.dll" [2004-06-10 15:51:00 60928]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19:56 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-18 08:15:40 26112]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 13:04:36 147456]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 00:02:00 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05:00 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50:42 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50:18 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 07:55:52 61440]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 23:32:48 1352272]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 14:49:32 49208]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 19:42:24 54672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-29 16:38:18 421888]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-06-05 18:52:10 421160]
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 13:54:26 91520]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 17:17:54 3521464]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-01-29 01:09:42 696422]
"AVG_UI"="C:\Program Files\AVG\AVG2014\avgui.exe" [2013-10-07 18:54:20 4908592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 00:12:29 53760]

C:\Documents and Settings\Lydia\Start Menu\Programs\Startup\
g7t0jd9.lnk - C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss,XL200 [2004-8-10 33280]

C:\Documents and Settings\Paul\Start Menu\Programs\Startup\
g7t0jd9.lnk - C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss,XL200 [2004-8-10 33280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe -check [2005-10-18 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-10-18 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13:40 64592 ----a-w- c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"C:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=

R0 AVGIDSHX;AVGIDSHX;C:\WINDOWS\system32\drivers\avgidshx.sys [19/04/2012 03:50:26 145720]
R0 Avglogx;AVG Logging Driver;C:\WINDOWS\system32\drivers\avglogx.sys [21/09/2012 03:46:00 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [07/09/2010 03:48:50 27448]
R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [01/10/2013 18:23:36 108816]
R1 Avgdiskx;AVG Disk Driver;C:\WINDOWS\system32\drivers\avgdiskx.sys [01/08/2013 15:06:14 120632]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32:00 209208]
R1 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\drivers\avgidsshimx.sys [23/12/2011 12:32:08 22840]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [08/12/2010 04:12:38 176952]
R1 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\drivers\avgtdix.sys [12/11/2010 13:19:38 193848]
R1 RapportCerberus_59849;RapportCerberus_59849;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 19:39:09 340432]
R1 RapportEI;RapportEI;C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [01/10/2013 18:23:36 157264]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [01/10/2013 18:23:36 230448]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00:24 3538480]
R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47:22 301152]
R2 LBeepKE;Logitech Beep Suppression Driver;C:\WINDOWS\system32\drivers\LBeepKE.sys [15/02/2011 20:56:07 10448]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/10/2013 18:23:26 1444120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [12/06/2012 06:51:19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [12/06/2012 06:51:19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [12/06/2012 06:51:19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;C:\WINDOWS\system32\drivers\ss_bserd.sys [12/06/2012 06:51:20 100224]
S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.exe [18/10/2005 08:12:45 57344]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ    HPSLPSVC
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

[kevinf80]

Combofix log is not complete??  It will be here: C:\Combofix.txt

[paul66h]

Hi Kevin,

Perhaps it didn't work properly last time because I hadn't switched off the screensaver.  I also had to log in to my account after the reboot and the lockout screen appeared again. 

 

This time I've switched off the screen saver.  After the reboot and logging in to my account the lockout screen has not appeared.  The log.txt file opened in notepad automatically.  I've openned the combofix.txt file and copied the content below:

 

ComboFix 13-11-11.01 - Paul 11/11/2013  18:07:09.2.2 - x86
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\documents and settings\All Users\Application Data\9dj0t7g.dss
c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
---- Previous Run -------
.
c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\program files\MyWaySA\SrchAsDe\DESRCAS.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))
.
.
2013-11-10 21:35 . 2013-11-10 21:35 -------- d-----w- C:\FRST
2013-11-10 08:21 . 2013-11-10 21:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-10 06:11 . 2013-11-10 06:11 -------- d-----w- C:\found.000
2013-11-09 06:53 . 2013-11-09 06:53 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-11-09 00:30 . 2013-11-11 00:04 387 ----a-w- c:\documents and settings\All Users\Application Data\g7t0jd9.reg
2013-10-29 23:17 . 2013-10-29 23:17 -------- d-----w- c:\documents and settings\Lydia\Local Settings\Application Data\Trusteer
2013-10-18 19:37 . 2013-10-18 19:37 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Trusteer
2013-10-18 19:37 . 2013-10-18 19:37 -------- d-----w- c:\program files\Trusteer
2013-10-18 19:36 . 2013-10-18 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 05:28 . 2011-10-30 06:55 528456 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-10-09 19:20 . 2012-03-30 05:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:20 . 2011-05-13 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 18:23 . 2013-10-01 18:23 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2010-12-08 04:12 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-20 21:54 . 2010-09-07 03:48 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-29 958392]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [bU]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 21432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-18 26112]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 3521464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Lydia\Start Menu\Programs\Startup\
g7t0jd9.lnk - c:\windows\system32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss,XL200 [2004-8-10 33280]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
g7t0jd9.lnk - c:\windows\system32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss,XL200 [2004-8-10 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe -check [2005-10-18 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [01/10/2013 18:23 108816]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 193848]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 19:39 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [01/10/2013 18:23 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/10/2013 18:23 230448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/02/2011 20:56 10448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/10/2013 18:23 1444120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/06/2012 06:51 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/06/2012 06:51 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/06/2012 06:51 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [12/06/2012 06:51 100224]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [18/10/2005 08:12 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ    HPSLPSVC
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57]
.
.
------- Supplementary Scan -------
.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-11 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(5836)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\AOL 9.0\aoltray.exe
c:\program files\Dell Wireless\PRISMCFG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2013-11-11  19:30:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-11 19:30
.
Pre-Run: 176,332,804,096 bytes free
Post-Run: 176,449,175,552 bytes free
.
- - End Of File - - 0F5770C01622A938111E213603176422
A03E065717CB65F3034AD33AD58B6BBA
 

[kevinf80]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

File::c:\documents and settings\All Users\Application Data\g7t0jd9.regc:\documents and settings\Lydia\Start Menu\Programs\Startup\g7t0jd9.lnkc:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dssc:\documents and settings\Paul\Start Menu\Programs\Startup\g7t0jd9.lnkClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report here

 

Let me see those logs, also give update on any remaining issues/concerns...

 

Kevin

[paul66h]

Hi Kevin,

I've put SFScript into the Combofix.exe file and run that: Combofix.txt below.  Also run the Eset scanner as instructed: ESET SCAN.txt also below.

 

During a restart I have a "RUNDLL" diallog box appear that states: "Error loading C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss  The specified module could not be found"  only option is to click OK.

 

I had stopped AVG during the scans but I've realised that I had an application running that I didn't stop called "Trusteer Rapport" http://www.trusteer.com/support/faq  Could this have caused any problems with the Combofix & Eset scans?  Do you want me to repeat them?

 

Many thanks for your assistance with this. 

 

ComboFix 13-11-11.01 - Paul 11/11/2013  21:10:45.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1325 [GMT 0:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss"
"c:\documents and settings\All Users\Application Data\g7t0jd9.reg"
"c:\documents and settings\Lydia\Start Menu\Programs\Startup\g7t0jd9.lnk"
"c:\documents and settings\Paul\Start Menu\Programs\Startup\g7t0jd9.lnk"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11  )))))))))))))))))))))))))))))))
.
.
2013-11-10 21:35 . 2013-11-10 21:35 -------- d-----w- C:\FRST
2013-11-10 08:21 . 2013-11-10 21:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-11-10 06:11 . 2013-11-10 06:11 -------- d-----w- C:\found.000
2013-11-09 06:53 . 2013-11-09 06:53 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-11-09 00:30 . 2013-11-11 00:04 387 ----a-w- c:\documents and settings\All Users\Application Data\g7t0jd9.reg
2013-10-29 23:17 . 2013-10-29 23:17 -------- d-----w- c:\documents and settings\Lydia\Local Settings\Application Data\Trusteer
2013-10-18 19:37 . 2013-10-18 19:37 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Trusteer
2013-10-18 19:37 . 2013-10-18 19:37 -------- d-----w- c:\program files\Trusteer
2013-10-18 19:36 . 2013-10-18 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-27 05:28 . 2011-10-30 06:55 528456 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-10-09 19:20 . 2012-03-30 05:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 19:20 . 2011-05-13 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-01 18:23 . 2013-10-01 18:23 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2010-12-08 04:12 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-20 21:54 . 2010-09-07 03:48 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-29 958392]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [bU]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 21432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-18 26112]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 3521464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Lydia\Start Menu\Programs\Startup\
g7t0jd9.lnk - c:\windows\system32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss,XL200 [2004-8-10 33280]
.
c:\documents and settings\Paul\Start Menu\Programs\Startup\
g7t0jd9.lnk - c:\windows\system32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss,XL200 [2004-8-10 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe -check [2005-10-18 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [01/10/2013 18:23 108816]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 193848]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 19:39 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [01/10/2013 18:23 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/10/2013 18:23 230448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/02/2011 20:56 10448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/10/2013 18:23 1444120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/06/2012 06:51 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/06/2012 06:51 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/06/2012 06:51 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [12/06/2012 06:51 100224]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [18/10/2005 08:12 57344]
S4 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [18/10/2013 19:39 64880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ    HPSLPSVC
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57]
.
.
------- Supplementary Scan -------
.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-11 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(880)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(5300)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\AOL 9.0\aoltray.exe
c:\program files\Dell Wireless\PRISMCFG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2013-11-11  22:01:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-11 22:01
ComboFix2.txt  2013-11-11 19:30
.
Pre-Run: 176,438,366,208 bytes free
Post-Run: 176,442,241,024 bytes free
.
- - End Of File - - 323D1B229CA369BB30DB1912ED66EADE
A03E065717CB65F3034AD33AD58B6BBA
 

ESET SCAN text file:

 

C:\Documents and Settings\Amanda\Local Settings\Temp\9dj0t7g.dss a variant of Win32/Kryptik.BOMS trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\9dj0t7g.dss.vir a variant of Win32/Kryptik.BOMS trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP868\A0180365.exe Win32/Graboid application
 

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles
  
  

  :FilesC:\Documents and Settings\Amanda\Local Settings\Temp\9dj0t7g.dssC:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP868\A0180365.exec:\documents and settings\Lydia\Start Menu\Programs\Startup\g7t0jd9.lnkc:\documents and settings\Paul\Start Menu\Programs\Startup\g7t0jd9.lnkc:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.


Let me see that log, also give an update on any remaining issues or concerns..

 

Kevin

[paul66h]

Hi Kevin,

Followed your instructions and the log file is below.  No issues during reboot.

 

Once again than you for your help and clear instructions in resolving my computer problems. 

 

Regards,

Paul

 

 

All processes killed
========== FILES ==========
C:\Documents and Settings\Amanda\Local Settings\Temp\9dj0t7g.dss moved successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP868\A0180365.exe moved successfully.
c:\documents and settings\Lydia\Start Menu\Programs\Startup\g7t0jd9.lnk moved successfully.
c:\documents and settings\Paul\Start Menu\Programs\Startup\g7t0jd9.lnk moved successfully.
File/Folder c:\docume~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Amanda
->Temp folder emptied: 431070609 bytes
->Temporary Internet Files folder emptied: 354260322 bytes
->Java cache emptied: 2078979 bytes
->Flash cache emptied: 47624 bytes
 
User: Default User
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes
 
User: Emily
->Temp folder emptied: 19559051 bytes
->Temporary Internet Files folder emptied: 251761253 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3438 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Lydia
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 296919 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 35234 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Owner
 
User: Paul
->Temp folder emptied: 358439 bytes
->Temporary Internet Files folder emptied: 26802461 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 2535424 bytes
->Flash cache emptied: 98758 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 531033 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,039.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 11122013_200939

Files moved on Reboot...
File C:\Documents and Settings\Paul\Local Settings\Temp\tmp19.tmp not found!
File C:\Documents and Settings\Paul\Local Settings\Temp\tmp2B.tmp not found!

Registry entries deleted on Reboot...

[kevinf80]

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Remove Combofix now that we're done with it

• 
  

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

 
Please follow the prompts to uninstall Combofix.
You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

• 
  

    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:_OtMoveIt folder, if present
    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.

 

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

 

Next,

 

• Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  
• Double click icon to start the program.
  If you are using Vista or Windows 7 accept UAC
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
  
• This will remove tools we have used and itself.
  

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Make sure the following versions are removed when the update completes;

 

Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java™ 6 Update 29 (Version: 6.0.290)

 

Let me know if those steps complete, also if any remaining issues or concerns.....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin

 

fixlist.txt

[paul66h]

Hi Kevin,

Before I carry out the instruction above I've just logged into the other users to check all is OK and on user Amanda I get the RUNDLL error message as I had on my log in:  "Error loading C:\DOCUME~1\ALLUSE~1\APPLIC~1\9dj0t7g.dss  The specified module could not be found".

 

Should I continue with the instruciton above or is there something else to do first?

 

Regards,

Paul

[kevinf80]

Run this first:

 

Download OTL from any of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTL.exe

http://itxassociates.com/OT-Tools/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.scr

 

 

•  

     

• Double click on the icon to run it, Vista  or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.

   

     

• When the window appears, underneath Output at the top, make sure Standard output is selected.

   

     

• Select Scan all users <<--Very important

   

     

• Under the Extra Registry section, check Use SafeList

   

     

• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".   

   

     

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.

   

     

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

   

     

• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

   

   

[paul66h]

Hi Kevin,

OK, I've run the OTL.exe and the log files are below:

 

Regards,

Paul

 

OTL logfile created on: 12/11/2013 23:13:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.03% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.76 Gb Total Space | 165.25 Gb Free Space | 71.92% Space Free | Partition Type: NTFS
 
Computer Name: HOMEDESKTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/12 23:08:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2013/10/07 18:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/10/01 18:23:26 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/10/01 18:23:24 | 002,480,408 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 22:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/03 21:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/09/02 10:19:00 | 000,669,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/08/20 22:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2012/05/29 17:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/29 17:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/11/09 20:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 23:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/01/18 16:52:04 | 019,446,296 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Free\MailWasher.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 07:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2005/10/18 08:15:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/10/04 13:50:20 | 000,917,611 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2004/10/04 13:10:16 | 000,327,769 | -H-- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2004/07/19 06:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2004/03/18 05:56:36 | 000,156,784 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aoltray.exe
PRC - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/12 20:41:50 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2013/10/18 19:39:10 | 001,127,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/06/12 07:06:04 | 000,758,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b095af4c06f82361e8be3ec0e6347cc3\System.Runtime.Remoting.ni.dll
MOD - [2012/06/12 06:54:08 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\848c4005079e434e04096d683fab1ded\System.Management.ni.dll
MOD - [2012/06/12 06:52:39 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll
MOD - [2012/06/12 06:44:58 | 017,632,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c5076f9a8ecf90a4c86ac5cfcb9e5528\PresentationFramework.ni.dll
MOD - [2012/06/12 06:44:27 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\576f6cca332b90183be8f1807312ae43\PresentationFramework.Luna.ni.dll
MOD - [2012/06/12 06:41:19 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a1eeb425f9318f432afead4b2da965a\PresentationCore.ni.dll
MOD - [2012/06/12 06:40:49 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\f1f3a74eb37b27b7d05b8ffa941f8473\WindowsBase.ni.dll
MOD - [2012/06/12 06:40:48 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll
MOD - [2012/06/12 06:40:34 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll
MOD - [2012/06/12 06:40:24 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll
MOD - [2012/06/12 06:40:07 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll
MOD - [2012/06/12 06:40:00 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll
MOD - [2012/06/12 06:39:45 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll
MOD - [2012/05/29 17:18:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/08/25 18:51:10 | 000,155,320 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\mailprefs.dll
MOD - [2009/06/25 16:40:38 | 000,771,256 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\ContactsLib.dll
MOD - [2009/06/25 16:40:04 | 000,977,080 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\MCore.dll
MOD - [2008/09/12 18:39:34 | 000,611,936 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Free\MailAnalysis.dll
MOD - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
MOD - [2005/01/27 00:02:00 | 000,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
MOD - [2004/06/10 15:51:00 | 000,060,928 | -H-- | M] () -- C:\WINDOWS\system32\P17.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wltrysvc.exe %C:\WINDOWS%\System32\bcmwltry.exe -- (wltrysvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/09 19:20:46 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/01 18:23:26 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/28 10:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2006/09/14 07:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2004/10/04 13:12:50 | 000,057,344 | -H-- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2004/02/25 09:55:34 | 001,123,440 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)
DRV - [2013/10/18 19:39:09 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2013/10/01 18:23:36 | 000,230,448 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/10/01 18:23:36 | 000,157,264 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/10/01 18:23:36 | 000,108,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/09/25 19:57:14 | 000,120,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/09/10 21:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 21:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 09:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 09:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 09:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 09:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/20 21:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/02/21 22:37:29 | 000,215,872 | -H-- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/12/21 05:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/12/21 05:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/12/21 05:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010/12/21 05:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010/08/24 17:31:02 | 000,037,328 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 17:30:52 | 000,038,864 | -H-- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 17:30:18 | 000,010,448 | -H-- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2005/10/18 08:15:43 | 000,008,552 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 03:10:18 | 001,273,344 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/09 16:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003/11/17 20:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/22 12:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 12:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 17:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)
DRV - [2003/01/10 15:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {351807CC-DECC-48AF-8F47-225A8B32A31C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{351807CC-DECC-48AF-8F47-225A8B32A31C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 File not found
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\SearchScopes,DefaultScope = {D20AAB8B-6887-40DB-B7B7-10600B97623C}
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\..\SearchScopes\{D20AAB8B-6887-40DB-B7B7-10600B97623C}: "URL" = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - SOFTWARE\Classes\CLSID\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}\InprocServer32 File not found
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes\{351807CC-DECC-48AF-8F47-225A8B32A31C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\..\SearchScopes\{AA4B514D-24CA-44F2-887C-393CDAEB2D84}: "URL" = http://search.avg.com/?d=4dc2e448&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 21:31:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/22 21:31:36 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013/11/11 21:55:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\***ERROR READING SUBKEYS*** present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu =  [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: Explorer = Reg Error: Value error. File not found
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HKEY_USERS = Reg Error: Value error. File not found
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297770215375 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDC95363-B025-4A10-9EE4-0612E996BF93}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1704726271-934105146-3214749785-1009 Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/12 23:08:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2013/11/12 20:30:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/12 20:09:39 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/11/12 20:06:20 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTM.exe
[2013/11/10 23:32:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/10 23:11:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/10 23:11:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/10 23:11:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/10 23:11:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/10 23:10:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/10 23:10:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/11/10 23:10:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Administrative Tools
[2013/11/10 23:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/10 22:59:25 | 005,145,576 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2013/11/10 21:35:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/10 21:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\New Folder
[2013/11/10 18:42:54 | 001,957,590 | ---- | C] (Farbar) -- C:\FRST64.exe
[2013/11/10 18:15:35 | 001,090,275 | ---- | C] (Farbar) -- C:\FRST.exe
[2013/11/10 08:21:57 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/11/10 06:11:46 | 000,000,000 | ---D | C] -- C:\found.000
[2013/11/09 06:53:54 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$
[2013/10/18 19:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Trusteer
[2013/10/18 19:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
[2013/10/18 19:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2013/10/18 19:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/12 23:08:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2013/11/12 22:39:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 20:39:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/12 20:39:44 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/12 20:06:21 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTM.exe
[2013/11/11 21:55:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/11 18:02:10 | 005,145,576 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2013/11/11 17:36:53 | 095,025,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx
[2013/11/11 17:34:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv
[2013/11/11 00:04:36 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg
[2013/11/10 23:33:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/10 18:42:57 | 001,957,590 | ---- | M] (Farbar) -- C:\FRST64.exe
[2013/11/10 18:15:36 | 001,090,275 | ---- | M] (Farbar) -- C:\FRST.exe
[2013/11/10 18:07:52 | 000,000,069 | ---- | M] () -- C:\.directory
[2013/11/10 05:56:32 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/14 22:22:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2013/11/10 23:33:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/10 23:33:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/10 23:11:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/10 23:11:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/10 23:11:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/10 23:11:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/10 23:11:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/10 18:07:52 | 000,000,069 | ---- | C] () -- C:\.directory
[2013/11/09 02:44:21 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/09 00:30:46 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg
[2013/11/09 00:30:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv
[2013/11/09 00:29:56 | 095,025,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx
[2012/11/29 20:42:08 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\dt.dat
[2012/09/25 20:26:27 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2012/09/25 20:26:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2012/09/25 20:26:26 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2012/07/22 21:52:34 | 000,175,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/12 07:16:19 | 000,353,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat
[2012/06/12 07:16:18 | 000,303,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/10/07 15:43:07 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 14:58:53 | 000,214,016 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\SharedSettings.ccs
 
========== ZeroAccess Check ==========
 
[2004/08/10 12:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/21 11:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/27 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/09/27 14:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2011/06/30 14:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software
[2011/02/21 21:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/28 21:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2013/11/12 17:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/06/20 10:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2005/10/18 08:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2012/06/12 06:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/09/14 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softland
[2013/10/18 19:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2005/10/18 08:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/08 05:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/09/27 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\AVG2014
[2011/02/22 20:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\ElevatedDiagnostics
[2011/02/22 21:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\MailWasherFree
[2012/09/14 17:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\Softland
[2011/02/21 22:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\TrueCrypt
[2013/01/10 16:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/11/12 22:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily\Application Data\AVG2014
[2013/09/29 11:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\AVG2014
[2013/06/20 09:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Babylon
[2013/03/02 09:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Amazon
[2013/09/27 14:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\AVG2014
[2011/06/30 15:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CoffeeCup Software
[2011/02/21 21:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ElevatedDiagnostics
[2011/03/12 21:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\iWin
[2011/07/20 18:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Leadertech
[2013/11/12 20:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\MailWasherFree
[2012/06/12 06:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Samsung
[2012/09/14 17:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Softland
[2011/02/21 22:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\TrueCrypt
[2012/12/14 12:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >

 

 

OTL Extras logfile created on: 12/11/2013 23:13:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.03% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.76 Gb Total Space | 165.25 Gb Free Space | 71.92% Space Free | Partition Type: NTFS
 
Computer Name: HOMEDESKTOP | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1704726271-934105146-3214749785-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}" = BT Voyager Wireless Utility
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}" = CoffeeCup Free FTP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7DA4FC0C-4FB3-45A2-8095-B2F7A9CF8135}" = AVG 2014
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6B5B017-7643-46A5-AC4D-E58A7B4798A0}" = iTunes
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EEAFDDCF-0B0E-44DB-995B-886FB139CF1F}" = AVG 2014
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"America Online uk" = AOL UK (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk)
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2014
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DellSupport" = Dell Support 5.0.0 (630)
"FBackup 4_is1" = FBackup 4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MailWasher Free_is1" = MailWasher Free 6.5.2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSet" = Intel® PRO Network Connections Drivers
"Rapport_msi" = Trusteer Endpoint Protection
"RealPlayer 6.0" = RealPlayer Basic
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.20
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TrueCrypt" = TrueCrypt
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27/10/2013 01:28:14 | Computer Name = HOMEDESKTOP | Source = LoadPerf | ID = 3013
Description = Unable to update the performance counter strings of the 009 language
 ID.  The Win32 status returned by the call is the first DWORD in Data section.
 
Error - 27/10/2013 01:28:14 | Computer Name = HOMEDESKTOP | Source = LoadPerf | ID = 3009
Error - 31/10/2013 02:59:58 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID
 = 131083
 
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error - 31/10/2013 02:59:58 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID
 = 131083
 
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error - 08/11/2013 19:47:45 | Computer Name = HOMEDESKTOP | Source = Application
 Hang | ID = 1002
 
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 08/11/2013 20:19:49 | Computer Name = HOMEDESKTOP | Source = Application
 Hang | ID = 1002
 
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/11/2013 01:57:17 | Computer Name = HOMEDESKTOP | Source = .NET Runtime
 Optimization Service | ID = 1111
 
Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80070570.

Error - 10/11/2013 19:42:35 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID
 = 131080
 
Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error - 11/11/2013 14:15:34 | Computer Name = HOMEDESKTOP | Source = Application
 Error | ID = 1000
 
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0.
Error - 11/11/2013 14:15:35 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID
 = 131080
 
Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error - 11/11/2013 17:19:38 | Computer Name = HOMEDESKTOP | Source = crypt32 | ID
 = 131080
 
Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

 
Error encountered while reading event logs.
 
< End of report >

[kevinf80]

Re-Run   by double left click, Vista and Widows 7 users accept UAC alert.

 

• Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL
   

  :OTL[2013/11/11 17:36:53 | 095,025,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx[2013/11/11 17:34:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv[2013/11/11 00:04:36 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg[2013/06/20 09:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lydia\Application Data\Babylon:Commands[emptytemp]

   
  
• Then click button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply.
  

 

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Next,

 

Run the clean up steps I posted earlier, let me know if they complete OK, Also if any remaining issues/concerns

[paul66h]

Hi Kevin,

I've run the fix in the OTL application - log file below.  I've also carried out all the other clean up steps in the earlier post which completed successfully.

 

We still have the RUNDLL error when logging into 'Amanda' account.  No issues other than this that I'm aware of. 

 

 

Regards,

Paul

 

 

 

 

All processes killed
========== OTL ==========
C:\Documents and Settings\All Users\Application Data\g7t0jd9.bxx moved successfully.
C:\Documents and Settings\All Users\Application Data\g7t0jd9.fvv moved successfully.
C:\Documents and Settings\All Users\Application Data\g7t0jd9.reg moved successfully.
C:\Documents and Settings\Lydia\Application Data\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Amanda
->Temp folder emptied: 270575 bytes
->Temporary Internet Files folder emptied: 11568646 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Emily
->Temp folder emptied: 327042 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Lydia
->Temp folder emptied: 136267 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Owner
 
User: Paul
->Temp folder emptied: 484273 bytes
->Temporary Internet Files folder emptied: 52609947 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25965 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 63.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11132013_065340

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\tmp19.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\tmp29.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[kevinf80]

Can you navigate here: c:\documents and settings\Amandal\Start Menu\Programs\Startup\g7t0jd9.lnk

 

Is the red shortcut file present in that startup folder, if so delete it.

 

Also run OTL one more time, 

 

Click on the button.

 

Click Yes to begin the cleanup process, re-boot if requested...

[paul66h]

Hi Kevin,

Done both of those and all seem to be OK.  Thank you very much for all you help in solving this problem.  I shall read the informaiton in the link you sent regarding computer security.

 

Regards,

Paul

[kevinf80]

Thanks for the update, good to hear all is now ok....

 

Take care,

 

Kevin

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!