Zip open package.openit .myspeeddialer

gerry7 · January 30, 2014

I was trying to load a driver on my PC to back up my mobile phone and downloaded a program called something similar to Winzip. On checking with a website Forum is seemed to have a clean bill of health. I downloaded it and then discovered that it was try to do all sorts of tricks including something called my speed dialler and installing openit!.

In a a panic I ran Malwarebytes which discovered that number of PUP threats which I removed. I was then unable to uninstall the original program which appears as a "zip open package" in the uninstall pane in Control Panel. I also now have a desktop icon INTREGOPT. I have followed the instructions and run Rkill which I attach.

Rkill run1.txt

Help please.

kevinf80 · January 30, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

gringo_pr · February 6, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

AdvancedSetup · February 12, 2014

Topic reopened per user request

kevinf80 · February 12, 2014

Post CF log when ready...

gerry7 · February 13, 2014

Many thanks.

I have no time to do this today but hope to be able to post the log tomorrow.

Thank you for getting me on the right track.

kevinf80 · February 13, 2014

Ok thanks for update...

gerry7 · February 14, 2014

I have run into trouble -again. When trying to download the combofix program via the link, I do not get the option to save; the program just runs. It is currently in the downloads folder as a 4.9 megabyte application. Is there any way round this please? I am running windows X P

kevinf80 · February 14, 2014

Move it to the Desktop....

gerry7 · February 16, 2014

Combofix failure

Unfortunately I have been unable to get combofix to run properly. I moved the program to the desktop from the download folder as you suggested. Over the past three days I have made a least a dozen attempts. On the first occasion the licence acceptance screen appeared and eventually the recovery console was successfully installed. All subsequent efforts went straight to the program starting. When the screen "scanning... may take 10 minutes.." arrived, with its flashing cursor nothing more happened and the computer crashed. I have tried leaving that screen on for up to one and a-half hours.

I have tried to get the download on a different computer and putting it on a a flash drive; I have also tried e-mail and going direct to the bleeping computer website to get the download. I have deleted the previous downloads on each occasion.

Are you able to help please?

kevinf80 · February 16, 2014

Ok run the following...

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

gerry7 · February 16, 2014

Addition txt.txtThanks. Results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01

Ran by Al (administrator) on YOUR-5511792FEB on 16-02-2014 19:13:01

Running from C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Kenonic Controls Ltd.) C:\WINDOWS\system32\crypserv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

(VMware, Inc.) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

(VMware, Inc.) C:\WINDOWS\system32\vmnat.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe

(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe

(VMware, Inc.) C:\WINDOWS\system32\vmnetdhcp.exe

(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(SupportSoft, Inc.) C:\Program Files\TalkTalk\bin\sprtcmd.exe

(Musicmatch, Inc.) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe

() C:\Program Files\AVG Secure Search\vprot.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

() C:\Program Files\Sony\SonicStage\SSAAD.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

() C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe

(OpenOffice.org) C:\Program Files\program\soffice.exe

(OpenOffice.org) C:\Program Files\program\soffice.bin

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(Google Inc.) C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\freecell.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TalkTalk] - C:\Program Files\TalkTalk\bin\sprtcmd.exe [192512 2005-08-15] (SupportSoft, Inc.)

HKLM\...\Run: [MMTray] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [135168 2006-01-17] (Musicmatch, Inc.)

HKLM\...\Run: [WinGuard Pro] - [X]

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [273544 2011-03-17] (RealNetworks, Inc.)

HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2486296 2014-01-08] ()

HKLM\...\Run: [EaseUs Watch] - "K:\Todo Backup\bin\EuWatch.exe"

HKLM\...\Run: [EaseUs Tray] - "K:\Todo Backup\bin\TrayNotify.exe"

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)

HKLM\...RunServicesOnce: [washindex] - C:\Program Files\Washer\washidx.exe "Al" No File

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoStartMenuMorePrograms] 0

HKU\.DEFAULT\...\Run: [Picasa Media Detector] - C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2008-02-26] (Google Inc.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Power2GoExpress] - [X]

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [ssAAD.exe] - C:\Program Files\Sony\SonicStage\SSAAD.exe [476728 2007-02-05] ()

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Google Update] - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-03-10] (Google Inc.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-16] (SUPERAntiSpyware)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [Eraser] - C:\Program Files\Eraser\eraser.exe [536576 2003-07-25] (-)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-16] (Google Inc.)

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe /preload

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: E - E:\buyer.exe

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: {d2f52bae-bfc6-11de-99ee-005056c00008} - K:\laucher.exe

Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

Startup: C:\Documents and Settings\Al.YOUR-5511792FEB\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Family and Friends Reminders.lnk

ShortcutTarget: Corel Family and Friends Reminders.lnk -> C:\Program Files\Corel\Print House Magic\cffrem.exe (Corel Corporation)

Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()

Startup: C:\Documents and Settings\Guest\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mama.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/

URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

URLSearchHook: HKCU - MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

SearchScopes: HKCU - {334EDF47-31D2-4CEA-B295-318F33898875} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={258CBBB7-5A4F-4591-808B-1BEFBDEEE9B9}&mid=e409b6cc904347d1b912d1191024e9fb-b602d594afd2b0b327e07a06f36ca6a7e42546d0〈=us&ds=AVG&pr=fr&d=2011-12-13 20:53:53&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}

SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}

BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

BHO: No Name - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)

BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)

Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

Toolbar: HKCU - No Name - {7435856C-6CA1-45CF-A00D-82178387F223} - No File

Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File

Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.)

Toolbar: HKCU - No Name - {968631B6-4729-440D-9BF4-251F5593EC9A} - No File

Toolbar: HKCU - No Name - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()

Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-12] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\..\Interfaces\{C8084B80-B3C7-46A3-B95A-A018DA82D1B8}: [NameServer]4.2.2.2,4.2.2.3

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default

FF user.js: detected! => C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\user.js

FF DefaultSearchEngine: Mysearchdial

FF SelectedSearchEngine: Mysearchdial

FF Keyword.URL: user_pref("keyword.URL", "");

FF NetworkProxy: "backup.ftp", ""

FF NetworkProxy: "backup.ftp_port", 0

FF NetworkProxy: "backup.gopher", ""

FF NetworkProxy: "backup.gopher_port", 0

FF NetworkProxy: "backup.socks", "localhost"

FF NetworkProxy: "backup.socks_port", 9050

FF NetworkProxy: "backup.ssl", "localhost"

FF NetworkProxy: "backup.ssl_port", 8118

FF NetworkProxy: "ftp", "localhost"

FF NetworkProxy: "ftp_port", 8091

FF NetworkProxy: "gopher", "localhost"

FF NetworkProxy: "gopher_port", 8091

FF NetworkProxy: "http", "localhost"

FF NetworkProxy: "http_port", 8091

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "localhost"

FF NetworkProxy: "socks_port", 8091

FF NetworkProxy: "socks_remote_dns", true

FF NetworkProxy: "ssl", "localhost"

FF NetworkProxy: "ssl_port", 8091

FF NetworkProxy: "type", 4

FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=12.0.1.633 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)

FF SearchPlugin: C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\searchplugins\Mysearchdial.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml

FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2007-11-29]

FF Extension: United States English Spellchecker - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\en-US@dictionaries.addons.mozilla.org [2011-07-12]

FF Extension: Diccionario de Español/España - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\es-es@dictionaries.addons.mozilla.org [2009-05-11]

FF Extension: Dictionnaire HunSpell en Français (réforme 1990) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\fr@dictionaries.addons.mozilla.org [2009-05-11]

FF Extension: Hebrew spell-checking dictionary (from HSpell) - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\he@dictionaries.addons.mozilla.org [2011-07-12]

FF Extension: Romanian Dictionary - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\ro@dictionaries.addons.mozilla.org [2007-11-29]

FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-12]

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009-05-11]

FF Extension: MySearchDial NewTab - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-29]

FF Extension: DownloadHelper - C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Mozilla\Firefox\Profiles\ahl85p3s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-05-27]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2007-07-01]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007-05-19]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007-10-08]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2007-10-11]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [2008-07-29]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008-03-31]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008-09-28]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-02-15]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-26]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010-11-09]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-16]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-09-14]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-05-24]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-11]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-18]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-25]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-03]

FF Extension: Family Toolbar - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010-04-20]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-17]

FF HKLM\...\Firefox\Extensions: [avg@igeared] - C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49

FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-08]

Chrome:

=======

CHR DefaultSearchKeyword: google.co.uk

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.107\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll (AVG Technologies)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Java Platform SE 6 U39) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\WINDOWS\system32\npdeployJava1.dll No File

CHR Extension: (YouTube) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]

CHR Extension: (Google Search) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-03-17]

CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-11-14]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]

CHR Extension: (Gmail) - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-17]

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [607576 2008-03-19] (Lavasoft)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-10-26] ()

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)

R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [52224 2000-06-29] (Kenonic Controls Ltd.)

S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()

S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX)

S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)

S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)

S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)

R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [109104 2008-03-03] (VMware, Inc.)

R2 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [121392 2008-03-03] (VMware, Inc.)

R2 vmount2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [269104 2007-03-23] (VMware, Inc.)

R2 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [150064 2008-03-03] (VMware, Inc.)

R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]

S2 Avg7Alrt; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [X]

S2 Avg7UpdSvc; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [X]

S2 EaseUS Agent; K:\Todo Backup\bin\Agent.exe [X]

S2 Guard Agent; K:\Todo Backup\bin\GuardAgent.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [404736 2003-08-14] (Sensaura Ltd)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [462940 2003-08-21] (Realtek Semiconductor Corp.)

S1 Avg7Core; C:\WINDOWS\System32\Drivers\avg7core.sys [820928 2007-08-11] (GRISOFT, s.r.o.)

S1 Avg7RsW; C:\WINDOWS\System32\Drivers\avg7rsw.sys [4224 2007-08-10] (GRISOFT, s.r.o.)

S1 Avg7RsXP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [27776 2007-08-10] (GRISOFT, s.r.o.)

R1 AvgClean; C:\WINDOWS\system32\drivers\avgclean.sys [3968 2007-08-10] (GRISOFT, s.r.o.)

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)

S2 AvgTdi; C:\WINDOWS\System32\Drivers\avgtdi.sys [4960 2007-08-10] (GRISOFT, s.r.o.)

R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R1 cdrbsvsd; C:\WINDOWS\system32\Drivers\cdrbsvsd.sys [13056 2003-07-16] (B.H.A Corporation)

S3 DCamUSBSQTECH; C:\WINDOWS\System32\Drivers\SQcaptur.sys [30921 2003-01-10] (Service & Quality Technology.)

R3 DtvAudio; C:\WINDOWS\System32\DRIVERS\DtvAudio.sys [10330 2004-02-26] (TwinHan Provide)

R3 DtvVideo; C:\WINDOWS\System32\DRIVERS\DtvVideo.sys [26730 2004-02-26] (TwinHan Provide)

R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [50248 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)

R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40648 2012-10-19] ()

R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14920 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)

R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [185032 2012-10-19] (CHENGDU YIWO Tech Development Co., Ltd)

R3 FETND5BV; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )

S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )

R2 hcmon; C:\WINDOWS\system32\Drivers\hcmon.sys [34864 2008-03-03] (VMware, Inc.)

R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-03] (Conexant Systems, Inc.)

R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-03] (Conexant Systems, Inc.)

R2 MASPINT; C:\WINDOWS\system32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)

S3 NCHSSVAD; C:\WINDOWS\System32\drivers\nchssvad.sys [23616 2007-11-26] (NCH Swift Sound)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R1 NetworkX; C:\WINDOWS\system32\ckldrv.sys [24608 2000-02-03] ()

S3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)

R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2009-05-11] (Avira GmbH)

S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [115000 2006-12-22] (Symantec Corporation)

S1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [26667 2005-03-11] (Windows ® 2000 DDK provider)

S1 UimCrAes; C:\WINDOWS\System32\Drivers\UimCrAes.sys [35925 2005-03-11] ()

S1 UimCrStd; C:\WINDOWS\System32\Drivers\UimCrStd.sys [41829 2005-03-11] ()

S1 Uim_Ed; C:\WINDOWS\System32\Drivers\Uim_Ed.sys [32686 2005-03-11] ()

S2 UMAXPCLS; C:\WINDOWS\system32\Drivers\UMAXPCLS.sys [22912 2001-08-17] (Microsoft Corporation)

S3 UnlockerDriver4; D:\Program Files\Unlocker\UnlockerDriver4.sys [3584 2005-04-24] ()

R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)

R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [77312 2003-10-31] (VIA Technologies inc,.ltd)

S3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [20912 2008-03-03] (VMware, Inc.)

R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16816 2008-03-03] (VMware, Inc.)

R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [28592 2008-03-03] (VMware, Inc.)

R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [25136 2008-03-03] (VMware, Inc.)

R2 VMparport; C:\WINDOWS\system32\Drivers\VMparport.sys [15920 2008-03-03] (VMware, Inc.)

R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [925104 2008-03-03] (VMware, Inc.)

R2 vstor2; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [18480 2007-03-23] (VMware, Inc.)

R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-03] (Conexant Systems, Inc.)

S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]

S3 AFGSp50; System32\Drivers\AFGSp50.sys [X]

S3 catchme; \??\C:\DOCUME~1\AL914F~1.YOU\LOCALS~1\Temp\catchme.sys [X]

S0 fjodwnd; system32\drivers\joaso.sys [X]

S3 HwIOctl; \??\C:\Bios\HwIOctl.sys [X]

S4 IntelIde; No ImagePath

S3 Memctl; \??\C:\Bios\Memctl.sys [X]

S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-16 19:10 - 2014-02-16 19:13 - 00000000 ____D () C:\FRST

2014-02-16 16:48 - 2014-02-16 16:57 - 00000000 ___SD () C:\ComboFix

2014-02-16 16:45 - 2014-02-16 16:46 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe

2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG2014

2014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software

2014-02-15 09:09 - 2014-02-15 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014

2014-02-15 09:03 - 2014-02-15 17:19 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg2014

2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData

2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons

2014-02-15 07:49 - 2009-04-30 10:27 - 00000211 _____ () C:\Boot.bak

2014-02-15 07:49 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr

2014-02-14 17:59 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe

2014-02-14 17:59 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe

2014-02-14 17:59 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe

2014-02-14 17:59 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe

2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$

2014-02-13 03:05 - 2014-02-13 03:06 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log

2014-02-13 03:04 - 2014-02-13 03:05 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log

2014-02-12 22:52 - 2014-02-13 03:19 - 00013693 _____ () C:\WINDOWS\KB2916036.log

2014-02-06 13:35 - 2014-02-14 11:28 - 00000000 ____D () C:\Qoobox

2014-02-01 18:42 - 2014-02-01 18:43 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone

2014-01-30 11:04 - 2014-01-30 13:38 - 00000000 ____D () C:\Program Files\MarkAny

2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump

2014-01-30 10:29 - 2014-01-30 10:29 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill run1.txt

2014-01-30 10:17 - 2014-02-06 12:57 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk

2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk

2014-01-30 10:14 - 2014-01-30 10:16 - 00000000 ____D () C:\Program Files\ERUNT

2014-01-30 10:14 - 2014-01-30 10:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-01-30 10:09 - 2014-01-30 10:26 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill.txt

2014-01-30 09:43 - 2014-01-30 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung

2014-01-30 09:41 - 2013-04-18 19:06 - 00821824 _____ (Devguru Co., Ltd.) C:\WINDOWS\system32\dgderapi.dll

2014-01-30 09:41 - 2013-04-18 19:06 - 00319456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DIFxAPI.dll

2014-01-30 09:41 - 2013-04-18 19:06 - 00020032 _____ (Devguru Co., Ltd) C:\WINDOWS\system32\Drivers\dgderdrv.sys

2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-29 13:43 - 2014-01-29 13:49 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG

2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z

2014-01-29 13:40 - 2014-02-16 18:40 - 00000428 _____ () C:\WINDOWS\Tasks\At1.job

2014-01-29 13:40 - 2014-01-29 14:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites

2014-01-29 13:40 - 2014-01-29 13:40 - 00000770 _____ () C:\Documents and Settings\All Users\Desktop\Open It!.lnk

2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Program Files\OpenIt

2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Open It!

2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log

2014-01-28 12:39 - 2014-01-30 11:45 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung

2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung

2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung

2014-01-28 11:03 - 2014-01-29 09:26 - 00000000 ____D () C:\Program Files\MyFree Codec

2014-01-28 11:01 - 2013-04-18 19:08 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\system32\Redemption.dll

2014-01-28 10:55 - 2014-01-30 11:45 - 00000000 ____D () C:\Program Files\Samsung

2014-01-28 10:55 - 2014-01-30 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung

2014-01-28 10:44 - 2014-01-30 11:25 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations

2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG

2014-01-27 12:54 - 2014-01-27 12:52 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-27 12:51 - 2014-01-27 12:52 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial

2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk

2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2014-01-20 12:34 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-20 12:33 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-20 12:33 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-20 12:33 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-20 12:31 - 2014-01-20 12:33 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log

2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======

2014-02-16 19:13 - 2014-02-16 19:10 - 00000000 ____D () C:\FRST

2014-02-16 19:06 - 2012-03-29 08:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-02-16 18:54 - 2010-03-10 17:30 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006UA.job

2014-02-16 18:40 - 2014-01-29 13:40 - 00000428 _____ () C:\WINDOWS\Tasks\At1.job

2014-02-16 18:38 - 2010-05-04 09:17 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-16 18:07 - 2011-06-24 09:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData

2014-02-16 17:40 - 2006-09-16 07:45 - 00000000 ____D () C:\Program Files\Eraser

2014-02-16 17:40 - 2005-05-26 19:19 - 00013030 _____ () C:\PDOXUSRS.NET

2014-02-16 17:39 - 2013-06-03 14:30 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-02-16 17:39 - 2012-05-08 09:53 - 00000272 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-312397509-71834488-3752936468-1006.job

2014-02-16 17:39 - 2011-03-11 12:39 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-312397509-71834488-3752936468-1006.job

2014-02-16 17:39 - 2010-05-04 09:17 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-16 17:39 - 2004-10-18 19:55 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl

2014-02-16 17:23 - 2005-04-04 23:07 - 01680148 _____ () C:\WINDOWS\WindowsUpdate.log

2014-02-16 17:22 - 2008-03-17 10:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\VMware

2014-02-16 17:22 - 2008-03-17 10:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VMware

2014-02-16 17:22 - 2005-04-04 23:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-02-16 17:22 - 2005-04-04 16:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-02-16 17:22 - 2005-04-04 16:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log

2014-02-16 16:57 - 2014-02-16 16:48 - 00000000 ___SD () C:\ComboFix

2014-02-16 16:49 - 2005-04-04 23:10 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt

2014-02-16 16:46 - 2014-02-16 16:45 - 05183211 ____R (Swearware) C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ComboFix.exe

2014-02-16 16:31 - 2005-05-01 02:26 - 00000278 ___SH () C:\Documents and Settings\Al.YOUR-5511792FEB\ntuser.ini

2014-02-16 09:54 - 2010-03-10 17:30 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-312397509-71834488-3752936468-1006Core.job

2014-02-15 17:19 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Avg2014

2014-02-15 09:18 - 2011-06-24 09:07 - 00000000 ____D () C:\Program Files\AVG

2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\AVG2014

2014-02-15 09:14 - 2014-02-15 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014

2014-02-15 09:12 - 2014-02-15 09:12 - 00000709 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

2014-02-15 09:12 - 2014-02-15 09:12 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\TuneUp Software

2014-02-15 09:12 - 2011-07-10 02:00 - 00297263 _____ () C:\WINDOWS\setupapi.log

2014-02-15 09:10 - 2011-06-24 10:11 - 00000000 ___HD () C:\$AVG

2014-02-15 09:03 - 2014-02-15 09:03 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\MFAData

2014-02-15 08:51 - 2011-06-24 09:07 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG

2014-02-15 07:49 - 2014-02-15 07:49 - 00000000 _RSHD () C:\cmdcons

2014-02-15 07:49 - 2004-10-18 19:55 - 00000327 __RSH () C:\boot.ini

2014-02-14 18:04 - 2005-05-10 23:03 - 00000000 __SHD () C:\Documents and Settings\Al.YOUR-5511792FEB\UserData

2014-02-14 18:04 - 2005-05-01 02:26 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB

2014-02-14 12:34 - 2010-12-19 18:54 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-02-14 11:28 - 2014-02-06 13:35 - 00000000 ____D () C:\Qoobox

2014-02-14 11:21 - 2008-09-09 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Computer

2014-02-13 03:33 - 2007-09-16 23:04 - 00000000 ____D () C:\WINDOWS\Microsoft.NET

2014-02-13 03:19 - 2014-02-13 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$

2014-02-13 03:19 - 2014-02-12 22:52 - 00013693 _____ () C:\WINDOWS\KB2916036.log

2014-02-13 03:19 - 2007-08-16 02:00 - 02659618 _____ () C:\WINDOWS\FaxSetup.log

2014-02-13 03:19 - 2007-08-16 02:00 - 01272260 _____ () C:\WINDOWS\ocgen.log

2014-02-13 03:19 - 2007-08-16 02:00 - 01012587 _____ () C:\WINDOWS\tsoc.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00824309 _____ () C:\WINDOWS\comsetup.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00502110 _____ () C:\WINDOWS\ntdtcsetup.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00415268 _____ () C:\WINDOWS\updspapi.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00414863 _____ () C:\WINDOWS\iis6.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00139218 _____ () C:\WINDOWS\ocmsn.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00132359 _____ () C:\WINDOWS\msgsocm.log

2014-02-13 03:19 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.log

2014-02-13 03:16 - 2005-04-04 16:05 - 00542514 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-02-13 03:13 - 2013-08-07 02:03 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-02-13 03:07 - 2005-05-11 20:39 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-02-13 03:06 - 2014-02-13 03:05 - 00011305 _____ () C:\WINDOWS\KB2909921-IE8.log

2014-02-13 03:06 - 2009-04-27 09:52 - 00000000 ____D () C:\WINDOWS\ie8updates

2014-02-13 03:06 - 2007-08-16 02:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK

2014-02-13 03:05 - 2014-02-13 03:04 - 00004434 _____ () C:\WINDOWS\KB2909210-IE8.log

2014-02-11 09:41 - 2007-08-13 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2014-02-11 09:40 - 2005-05-13 17:23 - 00000000 ____D () C:\Documents and Settings\Guest

2014-02-11 02:46 - 2008-10-19 18:02 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Mozilla

2014-02-10 18:47 - 2008-09-22 08:20 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shortcut to Shared Documents.lnk

2014-02-10 15:05 - 2008-02-01 21:05 - 00000000 ____D () C:\WINDOWS\Minidump

2014-02-10 10:48 - 2013-08-26 09:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

2014-02-06 13:17 - 2008-08-21 12:50 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Computer

2014-02-06 12:57 - 2014-01-30 10:17 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-02-06 09:02 - 2009-01-01 09:56 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\calendars and

2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe

2014-02-06 03:54 - 2004-10-18 19:55 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-02-05 23:26 - 2012-06-13 20:17 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll

2014-02-05 23:26 - 2010-06-11 01:25 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll

2014-02-05 23:26 - 2009-06-10 00:20 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll

2014-02-05 23:26 - 2009-06-10 00:20 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll

2014-02-05 23:26 - 2007-06-27 14:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2014-02-05 23:26 - 2006-11-07 20:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-02-05 23:26 - 2006-11-07 20:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-02-05 23:26 - 2006-11-07 20:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll

2014-02-05 23:26 - 2006-10-17 10:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-02-05 23:26 - 2005-04-04 23:07 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl

2014-02-05 23:26 - 2004-10-18 19:55 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll

2014-02-05 23:26 - 2004-10-18 19:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll

2014-02-05 22:24 - 2004-10-18 19:55 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-02-05 10:20 - 2007-06-01 11:26 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Banking

2014-02-05 09:50 - 2006-10-11 12:35 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Complaints

2014-02-04 12:00 - 2007-10-09 13:04 - 00002483 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Microsoft Word.lnk

2014-02-04 00:03 - 2010-03-09 11:58 - 00002291 _____ () C:\Documents and Settings\Guest\Desktop\Google Chrome.lnk

2014-02-03 22:58 - 2010-03-10 17:34 - 00002390 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Google Chrome.lnk

2014-02-01 19:33 - 2010-11-01 13:37 - 00000689 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2014-02-01 19:33 - 2007-06-07 15:47 - 00000000 ____D () C:\Program Files\CCleaner

2014-02-01 19:23 - 2010-08-27 09:02 - 00000401 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Shortcut to Shared Documents.lnk

2014-02-01 18:43 - 2014-02-01 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Telephone

2014-02-01 09:45 - 2008-09-09 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Family letters

2014-01-31 15:43 - 2008-09-17 08:27 - 00002483 _____ () C:\Documents and Settings\Guest\Desktop\Microsoft Word.lnk

2014-01-30 13:47 - 2009-04-29 12:36 - 00000401 _____ () C:\Documents and Settings\Guest\Desktop\Shared Documents.lnk

2014-01-30 13:38 - 2014-01-30 11:04 - 00000000 ____D () C:\Program Files\MarkAny

2014-01-30 11:51 - 2014-01-30 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Samsung

2014-01-30 11:45 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\Samsung

2014-01-30 11:45 - 2014-01-28 10:55 - 00000000 ____D () C:\Program Files\Samsung

2014-01-30 11:26 - 2005-04-04 09:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-01-30 11:25 - 2014-01-28 10:44 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Downloaded Installations

2014-01-30 11:01 - 2014-01-30 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\CrashDump

2014-01-30 10:29 - 2014-01-30 10:29 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill run1.txt

2014-01-30 10:26 - 2014-01-30 10:09 - 00383162 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\Rkill.txt

2014-01-30 10:16 - 2014-01-30 10:14 - 00000000 ____D () C:\Program Files\ERUNT

2014-01-30 10:15 - 2014-01-30 10:15 - 00000618 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\NTREGOPT.lnk

2014-01-30 10:15 - 2014-01-30 10:15 - 00000599 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Desktop\ERUNT.lnk

2014-01-30 10:15 - 2014-01-30 10:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-01-30 09:38 - 2014-01-28 10:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung

2014-01-29 17:45 - 2008-03-24 16:21 - 00000000 ____D () C:\Program Files\SpywareBlaster

2014-01-29 14:45 - 2007-02-18 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB926436$

2014-01-29 14:44 - 2014-01-29 14:44 - 00281488 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2014-01-29 14:38 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\DigitalSites

2014-01-29 13:49 - 2014-01-29 13:43 - 00000155 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\WB.CFG

2014-01-29 13:48 - 2014-01-29 13:48 - 00366611 _____ () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-29 13:43 - 2014-01-29 13:43 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z

2014-01-29 13:40 - 2014-01-29 13:40 - 00000770 _____ () C:\Documents and Settings\All Users\Desktop\Open It!.lnk

2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Program Files\OpenIt

2014-01-29 13:40 - 2014-01-29 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Open It!

2014-01-29 09:26 - 2014-01-28 11:03 - 00000000 ____D () C:\Program Files\MyFree Codec

2014-01-28 12:40 - 2014-01-28 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\NativeFus_Log

2014-01-28 12:39 - 2014-01-28 12:39 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Application Data\Samsung

2014-01-28 12:38 - 2014-01-28 12:38 - 00000000 ____D () C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\samsung

2014-01-27 12:55 - 2014-01-27 12:55 - 00000062 _____ () C:\Documents and Settings\Guest\Application Data\WB.CFG

2014-01-27 12:52 - 2014-01-27 12:54 - 00366611 _____ () C:\Documents and Settings\Guest\Local Settings\Application Data\mysearchdial-speeddial.crx

2014-01-27 12:52 - 2014-01-27 12:51 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial

2014-01-27 12:50 - 2014-01-27 12:50 - 00001011 _____ () C:\Documents and Settings\Guest\Desktop\Continue Samsung Kies Installation.lnk

2014-01-22 20:37 - 2014-01-22 20:37 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2014-01-21 10:52 - 2011-09-16 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Addresses

2014-01-20 18:17 - 2012-02-01 13:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3

2014-01-20 18:17 - 2007-05-20 17:24 - 00000000 ____D () C:\Program Files\Picasa2

2014-01-20 12:33 - 2014-01-20 12:31 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log

2014-01-20 12:33 - 2007-05-19 15:37 - 00000000 ____D () C:\Program Files\Java

2014-01-20 11:49 - 2008-09-09 11:01 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Holidays

2014-01-19 21:46 - 2014-01-19 21:46 - 00022808 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys

2014-01-17 15:39 - 2008-08-21 13:17 - 00000000 ____D () C:\Documents and Settings\Guest\My Documents\My Albums

2014-01-17 13:35 - 2008-08-21 13:14 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\My Albums

2014-01-17 13:35 - 2007-09-16 23:08 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\My Deliveries

2014-01-17 10:32 - 2011-07-19 09:58 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

2014-01-17 10:29 - 2011-07-19 09:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe

Files to move or delete:

====================

C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\sversion.ini

C:\Documents and Settings\Guest\gotomypc_438.exe

C:\Windows\Tasks\At1.job

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

kevinf80 · February 16, 2014

Disable teatimer and leave off for now.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident

2. Run Spybot S&D

3. Go to the Mode menu, and make sure Advanced Mode is selected.

4. On the left hand side, choose Tools > Resident > uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Next,

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log.

Let me see those logs in your next reply, also tell me if any remaining issues or concerns..

fixlist.txt

gerry7 · February 17, 2014

Thanks for your patience.

Logs follow:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01

Ran by Al at 2014-02-17 08:12:46 Run:1

Running from C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

HKLM\...\Run: [WinGuard Pro] - [X]

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: E - E:\buyer.exe

HKU\S-1-5-21-312397509-71834488-3752936468-1006\...\MountPoints2: {d2f52bae-bfc6-11de-99ee-005056c00008} - K:\laucher.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\sversion.ini

C:\Documents and Settings\Guest\gotomypc_438.exe

Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\AL914F~1.YOU\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

C:\Windows\Tasks\At1.job

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZZZ.Z..ZZZZ:1

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

End

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinGuard Pro => Value deleted successfully.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-312397509-71834488-3752936468-1006 => Key not found.

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2f52bae-bfc6-11de-99ee-005056c00008} => Key not found.

HKCR\CLSID\{d2f52bae-bfc6-11de-99ee-005056c00008} => Key not found.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\sversion.ini => Moved successfully.

C:\Documents and Settings\Guest\gotomypc_438.exe => Moved successfully.

C:\WINDOWS\Tasks\At1.job => Moved successfully.

"C:\Windows\Tasks\At1.job" => File/Directory not found.

C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZZZ.Z..ZZZZ => ":1" ADS removed successfully.

C:\Documents and Settings\All Users\Application Data\TEMP => ":1CA73D29" ADS removed successfully.

C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

# AdwCleaner v3.018 - Report created 17/02/2014 at 08:43:14

# Updated 28/01/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Al - YOUR-5511792FEB

# Running from : C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Babylon

Folder Deleted : C:\Program Files\FreeRIP3

Folder Deleted : C:\Program Files\myfree codec

Folder Deleted : C:\Program Files\openit

Folder Deleted : C:\Program Files\Viewpoint

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk

File Deleted : C:\WINDOWS\pack.epk

File Deleted : C:\WINDOWS\Uninstall.exe

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****

[x] Not Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Sweet & Maxwell\Sentencing Service (2).lnk

[x] Not Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Sweet & Maxwell\Sentencing Service.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\InstallCore

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v3.0.9 (en-GB)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [12643 octets] - [17/02/2014 08:22:01]

AdwCleaner[s0].txt - [12246 octets] - [17/02/2014 08:43:14]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12307 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Microsoft Windows XP x86

Ran by Al on 17/02/2014 at 9:05:16.53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA0ED91C-6046-42BF-B0B4-E1739407F332}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

~~~ Files

~~~ Folders

~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"

Successfully deleted: [File] C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\user.js

Successfully deleted: [File] C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\searchplugins\mysearchdial.xml

Successfully deleted: [Folder] C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

Successfully deleted the following from C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\mozilla\firefox\profiles\ahl85p3s.default\prefs.js

user_pref("browser.search.defaultenginename", "Mysearchdial");

user_pref("browser.search.selectedEngine", "Mysearchdial");

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.17.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Al :: YOUR-5511792FEB [administrator]

17/02/2014 09:28:17

mbam-log-2014-02-17 (09-28-17).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled: P2P

Objects scanned: 576429

Time elapsed: 3 hour(s), 29 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

(end)

Thanks again

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/02/2014 at 9:21:19.09

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

gerry7 · February 17, 2014

SORRY. For some reason this one did not attach.

I have just opened when "myspeeddialer" reappeared in the address bar.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.02.17.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Al :: YOUR-5511792FEB [administrator]

17/02/2014 09:28:17

mbam-log-2014-02-17 (09-28-17).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled: P2P

Objects scanned: 576429

Time elapsed: 3 hour(s), 29 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\Documents and Settings\Guest\Local Settings\Application Data\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

(end)

kevinf80 · February 17, 2014

SORRY. For some reason this one did not attach.
I have just opened when "myspeeddialer" reappeared in the address bar.

In which browser does this occur

gerry7 · February 17, 2014

Google chrome

kevinf80 · February 18, 2014

Go here: https://support.google.com/chrome/answer/3296214?hl=en follow the instructions and reset Chrome Browser settings, does Chrome react ok now?

gerry7 · February 18, 2014

That seems to have done the trick. Thank you so much.

kevinf80 · February 18, 2014

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

copy and paste the report in next reply

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those logs, also give an update on any remaining issues or concerns...

Kevin..

gerry7 · February 19, 2014

Thanks.Here are the 2 logs:

C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (2).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup207.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup208.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe application

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.IX potentially unwanted application

C:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622679_stp\wajam_validate.exe Win32/Wajam.F potentially unwanted application

C:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622921_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application

C:\Documents and Settings\Guest\My Documents\Downloads\FaceMorpherLiteSetup.exe Win32/OpenCandy potentially unsafe application

C:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch potentially unwanted application

C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch potentially unwanted application

C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch potentially unwanted application

C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Results of screen317's Security Check version 0.99.79

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG 2014

`````````Anti-malware/Other Utilities Check:`````````

Out of date HijackThis installed!

CA Yahoo! Anti-Spy (remove only)

SpywareBlaster 5.0

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

HijackThis 2.0.2

CCleaner

Java 6 Update 16

Java 7 Update 51

Java 6 Update 7

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader 10.1.9 Adobe Reader out of Date!

Mozilla Firefox (3.0.9) Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Ad-Aware AAWService.exe

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 9%

````````````````````End of Log``````````````````````

Gerry

kevinf80 · February 19, 2014

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

:Filesipconfig /flushdns /cC:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z\ZipC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup328.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup400.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup401.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (2).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup409.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup410.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup207.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup208.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215 (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim (1).exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\tb_free.exeC:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ZipOpenerSetup.exeC:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622679_stp\wajam_validate.exeC:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622921_stp\uninstaller.exeC:\Documents and Settings\Guest\My Documents\Downloads\FaceMorpherLiteSetup.exeC:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim (1).exeC:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim.exeC:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dllC:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLLC:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLLC:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe:Commands[EmptyTemp]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Uninstall the following outdated versions of Java and Adobe Reader;

Java™ 6 Update 16
Java™ 6 Update 7
Adobe Reader 9 Adobe Reader
Adobe Reader 10.1.9 Adobe Reader

Next,

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Let me know if those steps complete ok, post OTM log, also let me know if any issues or concerns remain..

Kevin

gerry7 · February 19, 2014

Thanks. All OK except Adobe Reader 9 Adobe Reader does not appear in list of installed programs.

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\cmd.bat deleted successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\cmd.txt deleted successfully.

File/Folder C:\Documents and Settings\Al.YOUR-5511792FEB\Application Data\0D0S1L2Z1P1B0T1P1B2Z\Zip not found.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup325.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup326.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup327.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup328.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup400.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup401.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup402.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup403.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup404.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup405.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406 (2).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup406.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup407.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup408.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup409.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ccsetup410.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup207.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup208.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215 (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\dfsetup215.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim (1).exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\Shockwave_Installer_Slim.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\tb_free.exe moved successfully.

C:\Documents and Settings\Al.YOUR-5511792FEB\My Documents\Downloads\ZipOpenerSetup.exe moved successfully.

C:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622679_stp\wajam_validate.exe moved successfully.

C:\Documents and Settings\Guest\Local Settings\Temp\is702345605\51622921_stp\uninstaller.exe moved successfully.

C:\Documents and Settings\Guest\My Documents\Downloads\FaceMorpherLiteSetup.exe moved successfully.

C:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim (1).exe moved successfully.

C:\Documents and Settings\Guest\My Documents\Downloads\Shockwave_Installer_Slim.exe moved successfully.

DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll

C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll moved successfully.

DllUnregisterServer procedure not found in C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL

C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL moved successfully.

C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL moved successfully.

C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 481433 bytes

User: Al

->Temporary Internet Files folder emptied: 1246130 bytes

User: Al.YOUR-5511792FEB

->Temp folder emptied: 6819706 bytes

->Temporary Internet Files folder emptied: 8067284 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 83652266 bytes

->Google Chrome cache emptied: 29163622 bytes

->Flash cache emptied: 58000 bytes

User: All Users

User: Default User

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 57472 bytes

User: Guest

->Temp folder emptied: 23728364 bytes

->Temporary Internet Files folder emptied: 9432910 bytes

->Java cache emptied: 1388877 bytes

->FireFox cache emptied: 96010940 bytes

->Google Chrome cache emptied: 34368647 bytes

->Flash cache emptied: 58000 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33703147 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 606180 bytes

User: Ric

->Temp folder emptied: 479 bytes

->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 3768320 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 11915059 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 793658638 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 812979 bytes

Total Files Cleaned = 1,086.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 02192014_104601

All processes killed

OTM by OldTimer - Version 3.1.21.0 log created on 02192014_104503

Files moved on Reboot...

File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp1EE.tmp not found!

File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp216.tmp not found!

File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp66C5.tmp not found!

File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp673D.tmp not found!

File C:\Documents and Settings\Al.YOUR-5511792FEB\Local Settings\Temp\tmp6754.tmp not found!

C:\Documents and Settings\Guest\Local Settings\Temp\IMG165.tmp moved successfully.

File C:\Documents and Settings\Guest\Local Settings\Temp\Perflib_Perfdata_fa8.dat not found!

File C:\Documents and Settings\Guest\Local Settings\Temp\tmp21E.tmp not found!

File C:\Documents and Settings\Guest\Local Settings\Temp\tmp22E.tmp not found!

Registry entries deleted on Reboot...

kevinf80 · February 19, 2014

Ok if no remaining issues or concerns do the following:

We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

Next,

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

Next,

Download "Delfix by Xplode" and save it to your desktop.

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

Remove disinfection tools
Purge System Restore
Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Next,

Any tools or logs left on the Desktop or downloads folder can be deleted.....

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if any remaining issues or concerns...

Kevin...

gerry7 · February 19, 2014

Sorry - I cannot find " attached fixlist.txt file"

Gerry

Zip open package.openit .myspeeddialer

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information