Zip open package.openit .myspeeddialer

kevinf80 · February 19, 2014

ooops, is attached this time.. Apologies Gerry,,,

fixlist.txt

gerry7 · February 19, 2014

Regret another snag as per attached.

Gerry

error screen.doc

kevinf80 · February 19, 2014

What is the open file that shows in the background?

gerry7 · February 19, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01

Ran by Al (administrator) on YOUR-5511792FEB on 19-02-2014 22:23:07

Running from C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Kenonic Controls Ltd.) C:\WINDOWS\system32\crypserv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

(VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe

(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe

(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(SupportSoft, Inc.) C:\Program Files\TalkTalk\bin\sprtcmd.exe

(Musicmatch, Inc.) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

() C:\Program Files\Sony\SonicStage\SSAAD.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(-) C:\Program Files\Eraser\eraser.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

() C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

(OpenOffice.org) C:\Program Files\program\soffice.exe

(OpenOffice.org) C:\Program Files\program\soffice.bin

(Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\Paprport.exe

(Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\Pplinks.exe

(Scansoft Inc.) C:\Program Files\ScanSoft\PaperPort\PPSCANMG.EXE

(Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

() C:\Program Files\ScanSoft\PaperPort\PPPRINT.EXE

(Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TalkTalk] - C:\Program Files\TalkTalk\bin\sprtcmd.exe [192512 2005-08-15] (SupportSoft, Inc.)

HKLM\...\Run: [MMTray] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [135168 2006-01-17] (Musicmatch, Inc.)

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [273544 2011-03-17] (RealNetworks, Inc.)

HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u

HKLM\...\Run: [EaseUs Watch] - "K:\Todo Backup\bin\EuWatch.exe"

HKLM\...\Run: [EaseUs Tray] - "K:\Todo Backup\bin\TrayNotify.exe"

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM\...RunServicesOnce: [washindex] - C:\Program Files\Washer\washidx.exe "Al" No File

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoStartMenuMorePrograms] 0

HKU\.DEFAULT\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Power2GoExpress] - [X]

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [ssAAD.exe] - C:\Program Files\Sony\SonicStage\SSAAD.exe [476728 2007-02-05] ()

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Google Update] - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-03-10] (Google Inc.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-16] (SUPERAntiSpyware)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Eraser] - C:\Program Files\Eraser\eraser.exe [536576 2003-07-25] (-)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-16] (Google Inc.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preload

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [AVG-Secure-Search-Update_0214c] - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=e409b6cc904347d1b912d1191024e9fb-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=0214c

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: E - E:\buyer.exe

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: {d2f52bae-bfc6-11de-99ee-005056c00008} - K:\laucher.exe

Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Family and Friends Reminders.lnk

ShortcutTarget: Corel Family and Friends Reminders.lnk -> C:\Program Files\Corel\Print House Magic\cffrem.exe (Corel Corporation)

Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mama.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/

URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

URLSearchHook: HKCU - MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {334EDF47-31D2-4CEA-B295-318F33898875} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

Toolbar: HKCU - No Name - {7435856C-6CA1-45CF-A00D-82178387F223} - No File

Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File

Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File

Toolbar: HKCU - No Name - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-12] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\..\Interfaces\{C8084B80-B3C7-46A3-B95A-A018DA82D1B8}: [NameServer]4.2.2.2,4.2.2.3

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default

FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2007-11-29]

FF Extension: United States English Spellchecker - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\en-US@dictionaries.addons.mozilla.org [2011-07-12]

FF Extension: Diccionario de Español/España - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\es-es@dictionaries.addons.mozilla.org [2009-05-11]

FF Extension: Dictionnaire HunSpell en Français (réforme 1990) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\fr@dictionaries.addons.mozilla.org [2009-05-11]

FF Extension: Hebrew spell-checking dictionary (from HSpell) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\he@dictionaries.addons.mozilla.org [2011-07-12]

FF Extension: Romanian Dictionary - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\ro@dictionaries.addons.mozilla.org [2007-11-29]

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-12]

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-05-11]

FF Extension: DownloadHelper - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-05-27]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007-07-01]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007-05-19]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007-10-08]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007-10-11]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008-07-29]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-03-31]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-02-15]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-26]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-16]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-14]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-24]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-11]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-18]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-25]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-03]

FF Extension: Family Toolbar - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010-04-20]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-17]

FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

Chrome:

=======

CHR DefaultSearchKeyword: google.co.uk

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll No File

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File

CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\WINDOWS\system32\npdeployJava1.dll No File

CHR Extension: (YouTube) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]

CHR Extension: (Google Search) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-03-17]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]

CHR Extension: (Gmail) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-17]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [607576 2008-03-19] (Lavasoft)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-10-26] ()

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)

R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.)

S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()

S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX)

S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)

S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)

S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)

R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2008-03-03] (VMware, Inc.)

R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [121392 2008-03-03] (VMware, Inc.)

R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.)

R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [150064 2008-03-03] (VMware, Inc.)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]

S2 Avg7Alrt; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [X]

S2 Avg7UpdSvc; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [X]

S2 EaseUS Agent; K:\Todo Backup\bin\Agent.exe [X]

S2 Guard Agent; K:\Todo Backup\bin\GuardAgent.exe [X]

S2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [462940 2003-08-21] (Realtek Semiconductor Corp.)

S1 Avg7Core; C:\WINDOWS\System32\Drivers\avg7core.sys [820928 2007-08-11] (GRISOFT, s.r.o.)

S1 Avg7RsW; C:\WINDOWS\System32\Drivers\avg7rsw.sys [4224 2007-08-10] (GRISOFT, s.r.o.)

S1 Avg7RsXP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [27776 2007-08-10] (GRISOFT, s.r.o.)

R1 AvgClean; C:\WINDOWS\system32\drivers\avgclean.sys [3968 2007-08-10] (GRISOFT, s.r.o.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)

S2 AvgTdi; C:\WINDOWS\System32\Drivers\avgtdi.sys [4960 2007-08-10] (GRISOFT, s.r.o.)

R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13056 2003-07-16] (B.H.A Corporation)

S3 DCamUSBSQTECH; C:\WINDOWS\System32\Drivers\SQcaptur.sys [30921 2003-01-10] (Service & Quality Technology.)

R3 DtvAudio; C:\WINDOWS\System32\DRIVERS\DtvAudio.sys [10330 2004-02-26] (TwinHan Provide)

R3 DtvVideo; C:\WINDOWS\System32\DRIVERS\DtvVideo.sys [26730 2004-02-26] (TwinHan Provide)

R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [50248 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)

R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40648 2012-10-19] ()

R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14920 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)

R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185032 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)

R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )

S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )

R2 hcmon; C:\WINDOWS\system32\Drivers\hcmon.sys [34864 2008-03-03] (VMware, Inc.)

R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)

R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)

R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)

S3 NCHSSVAD; C:\WINDOWS\System32\drivers\nchssvad.sys [23616 2007-11-26] (NCH Swift Sound)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [24608 2000-02-03] ()

S3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)

R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [115000 2006-12-22] (Symantec Corporation)

S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [26667 2005-03-11] (Windows ® 2000 DDK provider)

S1 UimCrAes; C:\WINDOWS\System32\Drivers\UimCrAes.sys [35925 2005-03-11] ()

S1 UimCrStd; C:\WINDOWS\System32\Drivers\UimCrStd.sys [41829 2005-03-11] ()

S1 Uim_Ed; C:\WINDOWS\System32\Drivers\Uim_Ed.sys [32686 2005-03-11] ()

S2 UMAXPCLS; C:\WINDOWS\system32\Drivers\UMAXPCLS.sys [22912 2001-08-17] (Microsoft Corporation)

S3 UnlockerDriver4; D:\Program Files\Unlocker\UnlockerDriver4.sys [3584 2005-04-24] ()

R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)

R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [77312 2003-10-31] (VIA Technologies inc,.ltd)

S3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [20912 2008-03-03] (VMware, Inc.)

R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16816 2008-03-03] (VMware, Inc.)

R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [28592 2008-03-03] (VMware, Inc.)

R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [25136 2008-03-03] (VMware, Inc.)

R2 VMparport; C:\WINDOWS\system32\Drivers\VMparport.sys [15920 2008-03-03] (VMware, Inc.)

R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [925104 2008-03-03] (VMware, Inc.)

R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)

R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-03] (Conexant Systems, Inc.)

S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]

S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]

S3 catchme; \??\C:\DOCUME~1\AL914F~1.YOU\LOCALS~1\Temp\catchme.sys [X]

S0 fjodwnd; system32\drivers\joaso.sys [X]

S3 HwIOctl; \??\C:\Bios\HwIOctl.sys [X]

S4 IntelIde; No ImagePath

S3 Memctl; \??\C:\Bios\Memctl.sys [X]

S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 20:49 - 2014-02-19 22:23 - 00033136 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.txt

2014-02-19 20:35 - 2014-02-19 20:35 - 00000029 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\fixlist.txt

2014-02-19 11:16 - 2014-02-19 11:16 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

2014-02-19 11:16 - 2014-02-19 11:16 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

2014-02-19 10:45 - 2014-02-19 10:45 - 00000000 ____D () C:\_OTM

2014-02-19 10:16 - 2014-02-19 10:16 - 00001870 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Spybot - Search & Destroy.lnk

2014-02-18 14:14 - 2014-02-18 14:14 - 00399518 _____ () C:\Documents and Settings\Guest\Desktop\Brace yourself forMDIF.mdi

2014-02-17 17:08 - 2014-02-17 17:08 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\AVG2014

2014-02-17 17:07 - 2014-02-17 17:07 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Avg2014

2014-02-17 09:05 - 2014-02-17 09:05 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-02-17 08:56 - 2014-02-17 08:56 - 01037530 _____ (Thisisu) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\JRT.exe

2014-02-17 08:21 - 2014-02-17 08:44 - 00000000 ____D () C:\AdwCleaner

2014-02-16 19:10 - 2014-02-19 22:10 - 00000000 ____D () C:\FRST

2014-02-16 19:09 - 2014-02-16 19:09 - 01141248 _____ (Farbar) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.exe

2014-02-16 16:48 - 2014-02-16 16:57 - 00000000 ___SD () C:\ComboFix

2014-02-16 16:45 - 2014-02-16 16:46 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe

2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG2014

2014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software

2014-02-15 09:09 - 2014-02-15 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014

2014-02-15 09:03 - 2014-02-15 17:19 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg2014

2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData

2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons

2014-02-15 07:49 - 2009-04-30 10:27 - 00000211 _____ () C:\Boot.bak

2014-02-15 07:49 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr

2014-02-14 17:59 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe

2014-02-14 17:59 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe

2014-02-14 17:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe

2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$

2014-02-13 03:05 - 2014-02-13 03:06 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log

2014-02-13 03:04 - 2014-02-13 03:05 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log

2014-02-12 22:52 - 2014-02-13 03:19 - 00013693 _____ () C:\WINDOWS\KB2916036.log

2014-02-06 13:35 - 2014-02-14 11:28 - 00000000 ____D () C:\Qoobox

2014-02-01 18:42 - 2014-02-01 18:43 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone

2014-01-30 11:04 - 2014-01-30 13:38 - 00000000 ____D () C:\Program Files\MarkAny

2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump

2014-01-30 10:17 - 2014-02-06 12:57 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk

2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk

2014-01-30 10:14 - 2014-01-30 10:16 - 00000000 ____D () C:\Program Files\ERUNT

2014-01-30 10:14 - 2014-01-30 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-01-30 09:43 - 2014-01-30 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung

2014-01-30 09:41 - 2013-04-18 19:06 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\system32\dgderapi.dll

2014-01-30 09:41 - 2013-04-18 19:06 - 00319456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DIFxAPI.dll

2014-01-30 09:41 - 2013-04-18 19:06 - 00020032 _____ (Devguru Co., Ltd) C:\WINDOWS\system32\Drivers\dgderdrv.sys

2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-29 13:43 - 2014-01-29 13:49 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG

2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z

2014-01-29 13:40 - 2014-01-29 14:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites

2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log

2014-01-28 12:39 - 2014-01-30 11:45 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung

2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung

2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung

2014-01-28 11:01 - 2013-04-18 19:08 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\system32\Redemption.dll

2014-01-28 10:55 - 2014-01-30 11:45 - 00000000 ____D () C:\Program Files\Samsung

2014-01-28 10:55 - 2014-01-30 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung

2014-01-28 10:44 - 2014-01-30 11:25 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations

2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG

2014-01-27 12:54 - 2014-01-27 12:52 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-27 12:51 - 2014-01-27 12:52 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial

2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk

2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2014-01-20 12:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-20 12:33 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-20 12:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-20 12:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-20 12:31 - 2014-01-20 12:33 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-19 22:23 - 2014-02-19 20:49 - 00039523 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.txt

2014-02-19 22:10 - 2014-02-16 19:10 - 00000000 ____D () C:\FRST

2014-02-19 22:06 - 2012-03-29 08:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-02-19 21:54 - 2010-03-10 17:30 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006UA.job

2014-02-19 21:38 - 2010-05-04 09:17 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-19 20:35 - 2014-02-19 20:35 - 00000029 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\fixlist.txt

2014-02-19 20:28 - 2007-10-09 13:04 - 00002483 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Microsoft Word.lnk

2014-02-19 17:57 - 2011-06-24 09:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData

2014-02-19 15:15 - 2005-09-08 12:07 - 00000224 _____ () C:\WINDOWS\Twui120.ini

2014-02-19 15:14 - 2005-05-26 19:19 - 00013030 _____ () C:\PDOXUSRS.NET

2014-02-19 15:13 - 2013-06-03 14:30 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-02-19 15:13 - 2012-05-08 09:53 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-312397509-71834488-3752936468-1006.job

2014-02-19 15:13 - 2011-03-11 12:39 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-312397509-71834488-3752936468-1006.job

2014-02-19 15:13 - 2010-05-04 09:17 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-19 15:13 - 2005-04-04 23:10 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt

2014-02-19 15:13 - 2004-10-18 19:55 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl

2014-02-19 15:12 - 2005-04-04 23:07 - 01736070 _____ () C:\WINDOWS\WindowsUpdate.log

2014-02-19 15:11 - 2008-03-17 10:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\VMware

2014-02-19 15:11 - 2008-03-17 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VMware

2014-02-19 15:11 - 2005-04-04 23:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-02-19 15:11 - 2005-04-04 16:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-02-19 15:11 - 2005-04-04 16:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log

2014-02-19 15:09 - 2006-09-16 07:45 - 00000000 ____D () C:\Program Files\Eraser

2014-02-19 15:09 - 2005-05-01 02:26 - 00000278 ___SH () C:\Documents and Settings\Al.YOUR-5511792FEB\ntuser.ini

2014-02-19 11:17 - 2005-05-01 18:44 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Adobe

2014-02-19 11:16 - 2014-02-19 11:16 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

2014-02-19 11:16 - 2014-02-19 11:16 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

2014-02-19 11:15 - 2011-07-19 09:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-02-19 11:15 - 2008-09-28 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe

2014-02-19 11:15 - 2005-05-01 18:42 - 00000000 ____D () C:\Program Files\Adobe

2014-02-19 10:45 - 2014-02-19 10:45 - 00000000 ____D () C:\_OTM

2014-02-19 10:36 - 2005-05-21 23:55 - 00164528 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\GDIPFONTCACHEV1.DAT

2014-02-19 10:16 - 2014-02-19 10:16 - 00001870 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Spybot - Search & Destroy.lnk

2014-02-19 09:54 - 2010-03-10 17:30 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006Core.job

2014-02-18 22:06 - 2011-07-10 02:00 - 00297754 _____ () C:\WINDOWS\setupapi.log

2014-02-18 17:35 - 2008-09-09 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Family letters

2014-02-18 17:05 - 2009-04-29 12:36 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shared Documents.lnk

2014-02-18 17:03 - 2011-12-25 11:23 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shortcut to Shared Documents (2).lnk

2014-02-18 14:14 - 2014-02-18 14:14 - 00399518 _____ () C:\Documents and Settings\Guest\Desktop\Brace yourself forMDIF.mdi

2014-02-17 17:13 - 2005-04-04 16:01 - 00000000 ____D () C:\WINDOWS\pchealth

2014-02-17 17:09 - 2008-09-28 12:42 - 00000000 ____D () C:\Documents and Settings\Guest\My Documents\MyHeritage

2014-02-17 17:08 - 2014-02-17 17:08 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\AVG2014

2014-02-17 17:07 - 2014-02-17 17:07 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Avg2014

2014-02-17 09:05 - 2014-02-17 09:05 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-02-17 08:56 - 2014-02-17 08:56 - 01037530 _____ (Thisisu) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\JRT.exe

2014-02-17 08:44 - 2014-02-17 08:21 - 00000000 ____D () C:\AdwCleaner

2014-02-17 08:44 - 2007-03-20 14:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-02-17 08:12 - 2005-05-13 17:23 - 00000000 ____D () C:\Documents and Settings\Guest

2014-02-16 23:14 - 2007-08-13 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2014-02-16 19:09 - 2014-02-16 19:09 - 01141248 _____ (Farbar) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\FRST.exe

2014-02-16 16:57 - 2014-02-16 16:48 - 00000000 ___SD () C:\ComboFix

2014-02-16 16:46 - 2014-02-16 16:45 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe

2014-02-15 17:19 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg2014

2014-02-15 09:18 - 2011-06-24 09:07 - 00000000 ____D () C:\Program Files\AVG

2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG2014

2014-02-15 09:14 - 2014-02-15 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014

2014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software

2014-02-15 09:10 - 2011-06-24 10:11 - 00000000 ___HD () C:\$AVG

2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData

2014-02-15 08:51 - 2011-06-24 09:07 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG

2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons

2014-02-15 07:49 - 2004-10-18 19:55 - 00000327 __RSH () C:\boot.ini

2014-02-14 18:04 - 2005-05-10 23:03 - 00000000 __SHD () C:\Documents and Settings\Al.YOUR-5511792FEB\UserData

2014-02-14 18:04 - 2005-05-01 02:26 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB

2014-02-14 12:34 - 2010-12-19 18:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-02-14 11:28 - 2014-02-06 13:35 - 00000000 ____D () C:\Qoobox

2014-02-14 11:21 - 2008-09-09 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Computer

2014-02-13 03:33 - 2007-09-16 23:04 - 00000000 ____D () C:\WINDOWS\Microsoft.NET

2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$

2014-02-13 03:19 - 2014-02-12 22:52 - 00013693 _____ () C:\WINDOWS\KB2916036.log

2014-02-13 03:19 - 2007-08-16 02:00 - 02659618 _____ () C:\WINDOWS\FaxSetup.log

2014-02-13 03:19 - 2007-08-16 02:00 - 01272260 _____ () C:\WINDOWS\ocgen.log

2014-02-13 03:19 - 2007-08-16 02:00 - 01012587 _____ () C:\WINDOWS\tsoc.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00824309 _____ () C:\WINDOWS\comsetup.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00502110 _____ () C:\WINDOWS\ntdtcsetup.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00415268 _____ () C:\WINDOWS\updspapi.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00414863 _____ () C:\WINDOWS\iis6.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00139218 _____ () C:\WINDOWS\ocmsn.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00132359 _____ () C:\WINDOWS\msgsocm.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.log

2014-02-13 03:16 - 2005-04-04 16:05 - 00542514 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-02-13 03:13 - 2013-08-07 02:03 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-02-13 03:07 - 2005-05-11 20:39 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-02-13 03:06 - 2014-02-13 03:05 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log

2014-02-13 03:06 - 2009-04-27 09:52 - 00000000 ____D () C:\WINDOWS\ie8updates

2014-02-13 03:06 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK

2014-02-13 03:05 - 2014-02-13 03:04 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log

2014-02-11 02:46 - 2008-10-19 18:02 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla

2014-02-10 18:47 - 2008-09-22 08:20 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shortcut to Shared Documents.lnk

2014-02-10 15:05 - 2008-02-01 21:05 - 00000000 ____D () C:\WINDOWS\Minidump

2014-02-10 10:48 - 2013-08-26 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

2014-02-06 13:17 - 2008-08-21 12:50 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Computer

2014-02-06 12:57 - 2014-01-30 10:17 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-02-06 09:02 - 2009-01-01 09:56 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\calendars and

2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe

2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-02-05 23:26 - 2012-06-13 20:17 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll

2014-02-05 23:26 - 2010-06-11 01:25 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll

2014-02-05 23:26 - 2009-06-10 00:20 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll

2014-02-05 23:26 - 2009-06-10 00:20 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2014-02-05 23:26 - 2006-11-07 20:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-02-05 23:26 - 2006-11-07 20:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-02-05 23:26 - 2006-11-07 20:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll

2014-02-05 23:26 - 2006-10-17 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-02-05 23:26 - 2005-04-04 23:07 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl

2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll

2014-02-05 22:24 - 2004-10-18 19:55 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-02-05 10:20 - 2007-06-01 11:26 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Banking

2014-02-05 09:50 - 2006-10-11 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Complaints

2014-02-04 00:03 - 2010-03-09 11:58 - 00002291 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk

2014-02-03 22:58 - 2010-03-10 17:34 - 00002390 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Google Chrome.lnk

2014-02-01 19:33 - 2010-11-01 13:37 - 00000689 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2014-02-01 19:33 - 2007-06-07 15:47 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-01 19:23 - 2010-08-27 09:02 - 00000401 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Shortcut to Shared Documents.lnk

2014-02-01 18:43 - 2014-02-01 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone

2014-01-31 15:43 - 2008-09-17 08:27 - 00002483 _____ () C:\Documents and Settings\Guest\Desktop\Microsoft Word.lnk

2014-01-30 13:38 - 2014-01-30 11:04 - 00000000 ____D () C:\Program Files\MarkAny

2014-01-30 11:51 - 2014-01-30 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung

2014-01-30 11:45 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung

2014-01-30 11:45 - 2014-01-28 10:55 - 00000000 ____D () C:\Program Files\Samsung

2014-01-30 11:26 - 2005-04-04 09:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-01-30 11:25 - 2014-01-28 10:44 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations

2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump

2014-01-30 10:16 - 2014-01-30 10:14 - 00000000 ____D () C:\Program Files\ERUNT

2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk

2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk

2014-01-30 10:15 - 2014-01-30 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-01-30 09:38 - 2014-01-28 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung

2014-01-29 17:45 - 2008-03-24 16:21 - 00000000 ____D () C:\Program Files\SpywareBlaster

2014-01-29 14:45 - 2007-02-18 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926436$

2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2014-01-29 14:38 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites

2014-01-29 13:49 - 2014-01-29 13:43 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG

2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z

2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log

2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung

2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung

2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG

2014-01-27 12:52 - 2014-01-27 12:54 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-27 12:52 - 2014-01-27 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial

2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk

2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2014-01-21 10:52 - 2011-09-16 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Addresses

2014-01-20 18:17 - 2012-02-01 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3

2014-01-20 18:17 - 2007-05-20 17:24 - 00000000 ____D () C:\Program Files\Picasa2

2014-01-20 12:33 - 2014-01-20 12:31 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log

2014-01-20 12:33 - 2007-05-19 15:37 - 00000000 ____D () C:\Program Files\Java

2014-01-20 11:49 - 2008-09-09 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Holidays

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

kevinf80 · February 19, 2014

There was no need to post the log, I only ask what it was.... OK make sure you have no windows open, FRST.exe and the file I attached (fixlist.txt) should either be on your Desktop or the folder they were saved to, Run FRST.exe to open the GUI, select the "Fix" button on FRST.exe just once and wait. If the log has a successful entry continue with the rest of the instructions from reply #24

gerry7 · February 20, 2014

regrets: sorry to have to trouble you again; I have tried this half-a-dozen times without success. I have closed all windows, ensured that both items are on the desktop and not duplicated in downloads folder. Each time I get the same error message that I posted.

Gerry

kevinf80 · February 20, 2014

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files
```
:FilesC:\FRST:Commands[EmptyTemp]
```
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

See if OTM will remove the full folder for us...

If that works continue and delete FRST.exe from your desktop,

Next,

Use OTM to uninstall tools used and itself....

Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

Next,

Run Delfix as previously instructed..

Kevin

gerry7 · February 20, 2014

Thanks. I am not sure if this is a hit or miss or partial success.

This is the first part of the log which refers to Folder move failed. All the rest seems to refer to everything being empty.

All processes killed Folder move failed

========== FILES ==========

. C:\FRST\Quarantine scheduled to be moved on reboot.

C:\FRST\Logs folder moved successfully.

C:\FRST\Hives\Users\00000002 folder moved successfully.

C:\FRST\Hives\Users\00000001 folder moved successfully.

C:\FRST\Hives\Users folder moved successfully.

C:\FRST\Hives folder moved successfully.

C:\FRST folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

kevinf80 · February 20, 2014

Yes a reboot was required to complete the move, was a reboot completed?

gerry7 · February 21, 2014

All seemed fine until I opened the browser in guest user when myspeeddialler appeared in the address bar again. This does not happen in administrator mode.[ post 19]. Also the computer appears to be running more slowly than it did after using OTM.

kevinf80 · February 21, 2014

Can you follow the instructions from reply #18 and reset browser settings to default for the guest account.

gerry7 · February 24, 2014

Thanks,

I think that you have cured the original problem; over the last couple of days I have had no further problem with the invader. However, has mentioned in post 35, my computer is running very much more slowly for most functions. When using Google chrome the pages quickly become unresponsive. Do you think that is anything to do with the various processes please?

kevinf80 · February 24, 2014

Ok lets have another look...

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word “Zip”

Double click zip file and extract to your Desktop:

you will now have 3 versions of the tool on the Desktop:

%7Boption%7D http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Zoeke.jpg[/img]

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

Copy and paste the following script from the code box and paste into the field.

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;FFdefaults;CHRdefaults;

Select the "Run Script" tab. The following window will open:

Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do

Post the produced log in your next reply…..

Kevin..

gerry7 · February 25, 2014

Thanks for this, here is the log:

Zoek.exe v5.0.0.0 Updated 19-February-2014

Tool run by Al on 25/02/2014 at 12:11:01.47.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\zoek.exe [scan all users] [script inserted]

===== Runcheck 12:17:09.08 =====

--- Create Environment Variables 12:17:15.51

--- Create System Restore Point 12:17:33.66

--- Checking Input 12:17:51.65

--- AU AppData Check 12:18:03.58

--- Remove From Windows Installer 12:18:12.97

--- IE Startpage Check 12:26:00.99

--- Program Files DB Check 12:28:32.65

--- C:\Documents and Settings\Administrator\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\Al\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\Default User\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\Guest\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\LocalService\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\NetworkService\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\Ric\Application Data DB Check 12:29:46.35

--- C:\WINDOWS\system32\config\systemprofile\Application Data DB Check 12:29:46.35

--- C:\Documents and Settings\Al.YOUR-5511792FEB DB Check 12:33:53.07

--- C:\DOCUME~1\ALLUSE~1\APPLIC~1 DB Check 12:34:21.79

--- C:\Documents and Settings\Administrator\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\Al\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\Default User\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\Guest\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\LocalService\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\NetworkService\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\Ric\Local Settings\Application Data DB Check 12:34:24.32

--- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data DB Check 12:34:24.32

--- C:\Documents and Settings\All Users\Start Menu\Programs DB Check 12:37:07.44

--- C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs DB Check 12:37:21.21

--- Tasks DB Check 12:37:28.65

--- Tasks2 DB Check 12:37:33.55

--- Documents DB Check 12:38:04.27

--- Documents2 DB Check 12:38:12.11

--- C:\Documents and Settings\AL914F~1.YOU\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default DB Check 12:38:15.46

--- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\qhtum3h7.default DB Check 12:38:15.46

--- C:\Documents and Settings\All Users\Desktop DB Check 12:38:25.60

--- C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop DB Check 12:38:30.82

--- Services DB Check 12:38:48.52

--- FF prefs.js DB Check 12:40:33.07

--- Emptyclsid 12:43:00.30

--- Del by CLSID 12:43:26.33

--- Installed Programs 12:57:02.94

--- Processes 12:57:47.72

--- Delete Services 12:57:49.38

--- Firefox Fix 12:58:30.08

--- Delete files\folders 12:59:02.33

--- Create Backups 12:59:02.88

--- System Specs 13:01:49.65

--- Recently Created 13:02:11.19

--- StartUp Information 13:08:09.93

--- Firefox Extensions 13:10:12.47

Gerry

kevinf80 · February 25, 2014

That log is not complete, can you post again please...

Kevin

gerry7 · February 25, 2014

Sorry - don't know how that happened chrome keeps crashing and could not save this as notepad.