Jump to content

Malicious website blocked..outbound 111.111.111.111


Recommended Posts

I downloaded Malwarebytes (trial) today as I realised I'd got a problem with a download of Mozilla Firefox I did yesterday. I kept on getting advertising pop-up despite the pop-up blocker being supposedly on. Malwarebytes  did succeed in getting rid of it but now keeps constantly coming up with its own pop-up saying "Malicious website blocked" . It goes on to say "outbound, 111.111.111.111. and port "0". The only way I get it to stop is to exit the programme. Help to solve the problem would be appreciated. I'm running XP. Just wish I hadn't decided to try Firefox.

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
icon_arrow.gif Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.
icon_arrow.gif Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
icon_arrow.gif If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
  • Save the file to your desktop and include its content in your next reply.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Hi and thank you for your offer of help.

I ran the Malwarebyte scan as outlined but there were no problems found. The only problem I had was that the log did not display properly so I can't export it to my desktop.....no matter what I try I can't see the export button!

I d'l Farbar in 32bit form and attach the log below:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by ken at 2014-08-03 19:06:16
Running from C:\Documents and Settings\ken\Local Settings\Temporary Internet Files\Content.IE5\ARSKKSV8
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}) (Version: 18.00.0000 - WLAN)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
BBC iPlayer Desktop (HKLM\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Downloads (HKLM\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Card Classics (HKLM\...\Card Classics) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cryptainer Drivers (HKLM\...\crydrs_is1) (Version: 7.0 - Cypherix)
Cryptainer LE 10 (HKLM\...\crle10_is1) (Version: 10 - Cypherix Software)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager (HKLM\...\{A7581D39-EA20-4883-A480-80C21047052B}) (Version: 4.0.2 - Samsung)
enformation 1.1 (HKLM\...\enformation 1.1) (Version: 1.34.7.29 - Marketing)
FilmOn HDi Player 3 (HKLM\...\FilmOn HDi Player) (Version: 3.1.3857 - FilmOn.TV Networks)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{D4C4A751-F7F3-4DCA-B825-9AC391BFFC3F}) (Version: 1.0.19.76 - Google)
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.2.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.69.2.3 - Marvell)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2000 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Works 2000 Setup Launcher (HKLM\...\Works2kSetup) (Version:  - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Norton Utilities 16 (HKLM\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
Omar Sharif Bridge (HKLM\...\{E98E1E6D-85E6-44F8-9106-4A2091A2F801}) (Version:  - )
OverDrive Media Console (HKLM\...\{7A9AB748-A66C-46C2-84CA-D3185727C9B0}) (Version: 3.3.1 - OverDrive, Inc.)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics)
Play Camera (Version: 2.0.0.13 - Samsung Electronics) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5693 - Realtek Semiconductor Corp.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.6 - Reimage)
Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Samsung Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 1.00 - )
Samsung EDS (HKLM\...\{ABB14904-A11B-4F42-996C-80FD608A0F17}) (Version: 1.00.0000 - Samsung Electronics)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 4.00 - )
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Samsung Wallpaper (HKLM\...\{5CBB720F-08E6-4043-B83F-76C277AF6DE7}) (Version: 2.0.0.0 - Samsung Electronics)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sky Go Desktop (HKCU\...\2991465419.go.sky.com) (Version:  - go.sky.com)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.2 - Synaptics)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.126 - PandoraTV)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB972636) (HKLM\...\KB972636-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.6100 -  )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1359691392-2838567340-533315437-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

==================== Restore Points  =========================

21-05-2014 07:11:09 Restore Operation
03-06-2014 16:08:57 System Checkpoint
13-06-2014 13:44:08 Software Distribution Service 3.0
24-06-2014 07:29:09 System Checkpoint
01-07-2014 20:34:43 System Checkpoint
10-07-2014 15:26:55 Software Distribution Service 3.0
13-07-2014 15:08:52 System Checkpoint
15-07-2014 08:31:06 System Checkpoint
24-07-2014 16:29:04 Software Distribution Service 3.0
25-07-2014 12:01:30 Installed OverDrive Media Console
27-07-2014 20:16:00 Restore Operation
27-07-2014 20:54:58 Restore Operation
30-07-2014 17:02:42 System Checkpoint
01-08-2014 15:03:33 Installed AVG 2014
01-08-2014 15:07:26 Removed AVG 2014

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-02-12 19:05 - 2008-04-14 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005Core1cc0f3c666ff26e.job => C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005UA.job => C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\NUAutoUpdate.job => C:\Program Files\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\WINDOWS\Tasks\NUSchedule.job => C:\Program Files\Symantec\Norton Utilities 16\nu.exe
Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-09-17 14:20 - 2008-09-17 14:20 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2012-09-21 20:07 - 2012-07-09 17:59 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2012-09-21 20:07 - 2012-07-09 17:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2012-09-21 20:07 - 2011-12-06 16:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2012-09-21 20:07 - 2012-03-23 10:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll
2009-02-12 20:36 - 2008-10-20 19:32 - 02768896 _____ () C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk => C:\WINDOWS\pss\Bluetooth.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^ken^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\WINDOWS\pss\BBC iPlayer Desktop.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeUpdater => "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DMHotKey => C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
MSCONFIG\startupreg: EDS => C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MagicKeyboard => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
MSCONFIG\startupreg: MobileBroadband =>
MSCONFIG\startupreg: MobileConnect =>
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPBackGround => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MSCONFIG\startupreg: swg =>

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 02:55:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

Error: (08/01/2014 10:00:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Reimage.exe, version 1.6.6.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/01/2014 09:59:00 PM) (Source: MsiInstaller) (EventID: 11309) (User: YOUR-021601C97C)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (08/01/2014 05:42:21 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

Error: (08/01/2014 05:42:21 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

Error: (08/01/2014 05:42:21 PM) (Source: VSS) (EventID: 8201) (User: )
Description: Volume Shadow Copy Service error: An unexpected error was encountered examining the XML document.  The document is missing the bootableSystemStateBackup attribute.

System errors:
=============
Error: (08/03/2014 06:02:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (08/03/2014 06:01:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (08/03/2014 02:57:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/03/2014 02:32:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (08/03/2014 02:31:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (08/03/2014 02:31:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PandoraService service hung on starting.

Error: (08/03/2014 02:30:17 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (08/03/2014 00:49:14 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (08/03/2014 00:49:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PandoraService service hung on starting.

Error: (08/03/2014 11:07:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Microsoft Office Sessions:
=========================
Error: (08/03/2014 02:55:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532hungapp0.0.0.000000000

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

Error: (08/02/2014 04:09:31 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

Error: (08/01/2014 10:00:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Reimage.exe1.6.6.6hungapp0.0.0.000000000

Error: (08/01/2014 09:59:00 PM) (Source: MsiInstaller) (EventID: 11309) (User: YOUR-021601C97C)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)

Error: (08/01/2014 05:42:21 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

Error: (08/01/2014 05:42:21 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

Error: (08/01/2014 05:42:21 PM) (Source: VSS) (EventID: 8201) (User: )
Description: bootableSystemStateBackup

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1014.36 MB
Available physical RAM: 521.12 MB
Total Pagefile: 2444.74 MB
Available Pagefile: 1958.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:71.04 GB) (Free:24.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:72 GB) (Free:71.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: BF8B2B4B)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72 GB) - (Type=07 NTFS)

==================== End Of Log ============================

I see that there is a reference to "enformation" which was the pop-up that started this saga off.....

Hopefully the above is enough for you to solve my problem.

Thanks for your interest.

Link to post
Share on other sites

I'm sorry, I misread the instructions. 

Below is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by ken (administrator) on YOUR-021601C97C on 03-08-2014 19:04:07
Running from C:\Documents and Settings\ken\Local Settings\Temporary Internet Files\Content.IE5\ARSKKSV8
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\crytsrv10.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(PC Tools) C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Farbar) C:\Documents and Settings\ken\Local Settings\Temporary Internet Files\Content.IE5\ARSKKSV8\FRST[1].exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\Run: [Google Update] => C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2010-12-29] (Google Inc.)
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {14b72af9-6626-11e2-b40c-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {20ed6810-ff7d-11e1-b3b1-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {20ed6811-ff7d-11e1-b3b1-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {20ed6813-ff7d-11e1-b3b1-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {2a713864-034a-11e2-b3bc-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {4ade9d30-ff08-11e1-b3ae-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {4ade9d31-ff08-11e1-b3ae-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {6489fd08-00fa-11e2-b3b8-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {6b80755b-4ac9-11de-b049-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {a19a21e8-6624-11e2-b40b-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {bd57103a-44e0-11de-b043-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {efd25ece-ff1e-11e1-b3af-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {efd25ecf-ff1e-11e1-b3af-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {fd093d19-4b4c-11e2-b402-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co.uk/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co.uk/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\ken\Application Data\Mozilla\Firefox\Profiles\pedloxie.default
FF Homepage: hxxp://www.bbc.co.uk/news/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]

Chrome:
=======
CHR HomePage: hxxp://www.bbc.co.uk/
CHR StartupUrls: "hxxp://www.bbc.co.uk/"
CHR DefaultSearchKeyword: google.co.uk
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Entanglement Web App) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-04-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (HTTPS Everywhere) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-08-01]
CHR Extension: (Poppit!) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-04-18]
CHR Extension: (Google Wallet) - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\ken\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 cryptainer10service; C:\WINDOWS\system32\crytsrv10.exe [1072480 2012-01-06] (Cypherix Software (India) Pvt. Ltd.)
S3 DiskDoctorService; C:\Program Files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2014-01-17] (Symantec Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 NU16StartManagerSvc; C:\Program Files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2014-01-17] (PC Tools)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5857128 2014-07-28] (Reimage®)
R3 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S3 SpeedDiskService; C:\Program Files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2014-01-17] (Symantec Corporation)
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 yksvc; C:\WINDOWS\System32\yk51x86.dll [282624 2009-04-21] (Marvell) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606368 2010-06-04] (Atheros Communications, Inc.) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539640 2008-07-27] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2008-07-27] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879832 2008-07-29] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2008-07-29] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37280 2008-07-27] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2008-07-27] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 crytdv10; C:\WINDOWS\system32\Drivers\crytdv10.sys [98560 2012-01-06] (Cypherix Software (India) Pvt. Ltd.)
R3 DNSeFilter; C:\WINDOWS\System32\drivers\SamsungEDS.sys [30208 2008-01-15] (Samsung Electronics,.LTD) [File not signed]
R2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2005-10-27] () [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-03] (Malwarebytes Corporation)
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
S3 SUEPD; C:\WINDOWS\System32\DRIVERS\SUE_PD.sys [19840 2006-08-02] (Samsung) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R3 VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [238464 2008-09-23] (Vimicro Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [297344 2009-04-21] (Marvell) [File not signed]
S4 IntelIde; No ImagePath
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) [File not signed]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 19:02 - 2014-08-03 19:04 - 00000000 ____D () C:\FRST
2014-08-03 15:49 - 2014-08-03 15:49 - 00001487 _____ () C:\Documents and Settings\ken\Desktop\Windows Explorer.lnk
2014-08-03 13:17 - 2014-08-03 18:45 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 13:16 - 2014-08-03 13:16 - 00000793 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 13:16 - 2014-08-03 13:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-03 13:16 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-03 13:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-02 16:25 - 2014-08-02 16:25 - 00299008 _____ () C:\WINDOWS\system32\config\default.rrr
2014-08-01 22:02 - 2014-08-03 13:13 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\enformation 1.1
2014-08-01 22:02 - 2014-08-01 22:02 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Adobe
2014-08-01 21:59 - 2014-08-03 18:59 - 00000328 _____ () C:\WINDOWS\Tasks\ReimageUpdater.job
2014-08-01 21:58 - 2014-08-03 14:27 - 00000000 ____D () C:\Program Files\globalUpdate
2014-08-01 21:58 - 2014-08-03 14:27 - 00000000 ____D () C:\Program Files\enformation 1.1
2014-08-01 21:58 - 2014-08-01 21:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector
2014-08-01 21:58 - 2014-08-01 21:58 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\globalUpdate
2014-08-01 21:58 - 2014-08-01 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
2014-08-01 21:57 - 2014-08-01 21:58 - 00000000 ____D () C:\rei
2014-08-01 21:57 - 2014-08-01 21:58 - 00000000 ____D () C:\Program Files\Reimage
2014-08-01 21:56 - 2014-08-01 21:59 - 00000111 _____ () C:\WINDOWS\Reimage.ini
2014-08-01 20:27 - 2014-08-01 20:28 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Mozilla
2014-08-01 20:27 - 2014-08-01 20:27 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-08-01 20:27 - 2014-08-01 20:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-01 20:27 - 2014-08-01 20:27 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Mozilla
2014-08-01 20:27 - 2014-08-01 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-08-01 20:26 - 2014-08-01 20:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-01 19:00 - 2014-08-03 19:03 - 00000394 _____ () C:\WINDOWS\system32\AppLog.log
2014-08-01 17:39 - 2014-08-01 17:39 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-01 17:28 - 2014-08-01 17:28 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rrr.LOG
2014-08-01 17:28 - 2014-08-01 17:28 - 00000000 ____H () C:\WINDOWS\system32\config\DEFAULT.rrr.LOG
2014-08-01 17:28 - 2014-08-01 17:28 - 00000000 ____H () C:\Documents and Settings\ken\S-1-5-21-1359691392-2838567340-533315437-1005.rrr.LOG
2014-08-01 17:27 - 2014-08-02 16:25 - 00249856 _____ () C:\Documents and Settings\NetworkService\s-1-5-20.rrr
2014-08-01 17:27 - 2014-08-02 16:25 - 00249856 _____ () C:\Documents and Settings\LocalService\s-1-5-19.rrr
2014-08-01 16:55 - 2014-08-01 17:28 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Norton Utilities 16
2014-08-01 16:41 - 2014-08-03 19:03 - 00000264 _____ () C:\WINDOWS\Tasks\NUSchedule.job
2014-08-01 16:41 - 2014-08-03 18:02 - 00000272 _____ () C:\WINDOWS\Tasks\NUAutoUpdate.job
2014-08-01 16:41 - 2014-08-01 16:41 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\Norton Utilities 16
2014-08-01 16:37 - 2014-08-01 16:37 - 00000872 _____ () C:\Documents and Settings\All Users\Desktop\Norton Utilities 16.lnk
2014-08-01 16:37 - 2014-08-01 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Utilities 16
2014-08-01 16:37 - 2014-01-17 05:13 - 00039552 _____ () C:\WINDOWS\system32\CleanMFT32.exe
2014-08-01 16:37 - 2014-01-17 04:35 - 01101824 _____ (Woodbury Associates Limited) C:\WINDOWS\system32\UniBox210.ocx
2014-08-01 16:37 - 2014-01-17 04:35 - 00880640 _____ (Woodbury Associates Limited) C:\WINDOWS\system32\UniBox10.ocx
2014-08-01 16:37 - 2014-01-17 04:35 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCT2.OCX
2014-08-01 16:37 - 2014-01-17 04:35 - 00212992 _____ (Woodbury Associates Limited) C:\WINDOWS\system32\UniBoxVB12.ocx
2014-08-01 16:37 - 2014-01-17 04:35 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml4a.dll
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Program Files\Symantec
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Product_NU16
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-07-28 13:17 - 2014-07-28 13:17 - 00090456 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-07-28 13:10 - 2014-07-28 13:10 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Adobe_Systems_Incorporate
2014-07-28 13:09 - 2014-07-28 13:11 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\My Digital Editions
2014-07-28 13:09 - 2014-07-28 13:09 - 00001817 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions 3.0.lnk
2014-07-25 13:41 - 2014-07-25 13:41 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\My Media
2014-07-25 13:40 - 2014-07-25 13:40 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\OverDrive
2014-07-25 13:01 - 2014-07-30 20:14 - 00002317 _____ () C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
2014-07-25 13:01 - 2014-07-25 13:01 - 00000000 ____D () C:\Program Files\OverDrive Media Console
2014-07-25 13:01 - 2014-07-25 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console
2014-07-16 17:12 - 2014-07-16 17:12 - 00106496 _____ () C:\WINDOWS\Minidump\Mini071614-01.dmp
2014-07-15 08:23 - 2014-07-15 08:23 - 00106496 _____ () C:\WINDOWS\Minidump\Mini071514-01.dmp
2014-07-14 20:17 - 2014-08-01 19:43 - 00000000 ____D () C:\Program Files\Cryptainer LE 10
2014-07-14 20:17 - 2014-07-14 20:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Cryptainer 10
2014-07-14 20:17 - 2012-01-06 10:00 - 01072480 _____ (Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\crytsrv10.exe
2014-07-14 20:17 - 2012-01-06 10:00 - 00098560 _____ (Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\Drivers\crytdv10.sys
2014-07-13 21:18 - 2014-07-17 12:33 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\My Kindle Content
2014-07-13 21:18 - 2014-07-13 21:18 - 00001635 _____ () C:\Documents and Settings\ken\Desktop\Kindle.lnk
2014-07-13 21:18 - 2014-07-13 21:18 - 00000000 ____D () C:\Documents and Settings\ken\Start Menu\Programs\Amazon
2014-07-13 21:18 - 2014-07-13 21:18 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Amazon
2014-07-13 21:17 - 2014-07-13 21:17 - 00000000 ____D () C:\Program Files\Amazon
2014-07-12 13:47 - 2014-07-12 13:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini071214-01.dmp
2014-07-05 16:57 - 2014-07-05 16:57 - 00001635 _____ () C:\Documents and Settings\ken\Desktop\FilmOn HDi Player.lnk
2014-07-05 16:57 - 2014-07-05 16:57 - 00000000 ____D () C:\Program Files\FilmOn HDi Player
2014-07-05 16:57 - 2014-07-05 16:57 - 00000000 ____D () C:\Documents and Settings\ken\Start Menu\Programs\FilmOn.com
2014-07-05 16:14 - 2014-07-05 16:14 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\FilmOn.com
2014-07-05 16:14 - 2014-07-05 16:14 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\FilmOn.com
2014-07-05 16:14 - 2014-07-05 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FilmOn.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 19:05 - 2009-05-03 10:17 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Temp
2014-08-03 19:04 - 2014-08-03 19:02 - 00000000 ____D () C:\FRST
2014-08-03 19:03 - 2014-08-01 19:00 - 00000394 _____ () C:\WINDOWS\system32\AppLog.log
2014-08-03 19:03 - 2014-08-01 16:41 - 00000264 _____ () C:\WINDOWS\Tasks\NUSchedule.job
2014-08-03 19:03 - 2009-05-03 03:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-03 18:59 - 2014-08-01 21:59 - 00000328 _____ () C:\WINDOWS\Tasks\ReimageUpdater.job
2014-08-03 18:45 - 2014-08-03 13:17 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 18:33 - 2012-10-16 19:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-03 18:20 - 2011-04-18 20:59 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005UA.job
2014-08-03 18:02 - 2014-08-01 16:41 - 00000272 _____ () C:\WINDOWS\Tasks\NUAutoUpdate.job
2014-08-03 18:01 - 2009-02-12 20:24 - 01184387 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-03 18:01 - 2009-02-12 12:21 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-03 17:59 - 2014-05-06 16:19 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-03 17:59 - 2009-02-12 20:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-03 17:59 - 2009-02-12 12:21 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-08-03 17:58 - 2009-05-03 10:17 - 00000178 ___SH () C:\Documents and Settings\ken\ntuser.ini
2014-08-03 17:58 - 2009-02-12 20:28 - 00032484 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-03 17:06 - 2012-09-21 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-03 15:50 - 2009-05-03 10:17 - 00000000 ___RD () C:\Documents and Settings\ken\Start Menu\Programs\Accessories
2014-08-03 15:49 - 2014-08-03 15:49 - 00001487 _____ () C:\Documents and Settings\ken\Desktop\Windows Explorer.lnk
2014-08-03 15:18 - 2010-01-13 14:38 - 00000000 ____D () C:\Documents and Settings\ken\Desktop\Programmes
2014-08-03 14:29 - 2009-02-12 12:12 - 00000000 ____D () C:\WINDOWS\msagent
2014-08-03 14:27 - 2014-08-01 21:58 - 00000000 ____D () C:\Program Files\globalUpdate
2014-08-03 14:27 - 2014-08-01 21:58 - 00000000 ____D () C:\Program Files\enformation 1.1
2014-08-03 13:16 - 2014-08-03 13:16 - 00000793 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 13:16 - 2014-08-03 13:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-03 13:13 - 2014-08-01 22:02 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\enformation 1.1
2014-08-03 12:44 - 2011-07-29 08:38 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-08-03 08:20 - 2011-05-10 19:02 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005Core1cc0f3c666ff26e.job
2014-08-02 19:05 - 2009-02-12 20:23 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-02 16:26 - 2009-02-12 12:17 - 29622272 _____ () C:\WINDOWS\system32\config\software.rmbak
2014-08-02 16:25 - 2014-08-02 16:25 - 00299008 _____ () C:\WINDOWS\system32\config\default.rrr
2014-08-02 16:25 - 2014-08-01 17:27 - 00249856 _____ () C:\Documents and Settings\NetworkService\s-1-5-20.rrr
2014-08-02 16:25 - 2014-08-01 17:27 - 00249856 _____ () C:\Documents and Settings\LocalService\s-1-5-19.rrr
2014-08-02 16:25 - 2009-02-12 20:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-02 16:25 - 2009-02-12 20:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-02 16:12 - 2011-12-22 18:05 - 00000000 ____D () C:\FTW
2014-08-02 16:12 - 2009-02-12 20:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-01 22:18 - 2011-07-03 08:56 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Skype
2014-08-01 22:02 - 2014-08-01 22:02 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Adobe
2014-08-01 22:00 - 2011-06-04 17:06 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-08-01 21:59 - 2014-08-01 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector
2014-08-01 21:59 - 2014-08-01 21:56 - 00000111 _____ () C:\WINDOWS\Reimage.ini
2014-08-01 21:58 - 2014-08-01 21:58 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\globalUpdate
2014-08-01 21:58 - 2014-08-01 21:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
2014-08-01 21:58 - 2014-08-01 21:57 - 00000000 ____D () C:\rei
2014-08-01 21:58 - 2014-08-01 21:57 - 00000000 ____D () C:\Program Files\Reimage
2014-08-01 21:10 - 2012-05-14 08:18 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-01 21:10 - 2011-05-19 08:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-01 20:28 - 2014-08-01 20:27 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Mozilla
2014-08-01 20:27 - 2014-08-01 20:27 - 00000730 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-08-01 20:27 - 2014-08-01 20:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-01 20:27 - 2014-08-01 20:27 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Mozilla
2014-08-01 20:27 - 2014-08-01 20:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2014-08-01 20:27 - 2014-08-01 20:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-01 19:43 - 2014-07-14 20:17 - 00000000 ____D () C:\Program Files\Cryptainer LE 10
2014-08-01 19:23 - 2009-05-04 02:41 - 00000000 ____D () C:\WINDOWS\system32\ZoneLabs
2014-08-01 19:23 - 2009-02-12 19:02 - 00000000 ____D () C:\WINDOWS\I386
2014-08-01 19:19 - 2009-08-27 19:57 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-08-01 19:19 - 2009-02-12 12:12 - 00000000 ____D () C:\WINDOWS\system
2014-08-01 17:39 - 2014-08-01 17:39 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-01 17:39 - 2014-03-27 10:18 - 00052460 _____ () C:\WINDOWS\setupapi.log
2014-08-01 17:39 - 2009-02-12 12:12 - 00000000 ____D () C:\WINDOWS\repair
2014-08-01 17:30 - 2011-01-13 12:59 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2014-08-01 17:28 - 2014-08-01 17:28 - 00000000 ____H () C:\WINDOWS\system32\config\SOFTWARE.rrr.LOG
2014-08-01 17:28 - 2014-08-01 17:28 - 00000000 ____H () C:\WINDOWS\system32\config\DEFAULT.rrr.LOG
2014-08-01 17:28 - 2014-08-01 17:28 - 00000000 ____H () C:\Documents and Settings\ken\S-1-5-21-1359691392-2838567340-533315437-1005.rrr.LOG
2014-08-01 17:28 - 2014-08-01 16:55 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Norton Utilities 16
2014-08-01 16:41 - 2014-08-01 16:41 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\Norton Utilities 16
2014-08-01 16:41 - 2010-03-05 13:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2014-08-01 16:37 - 2014-08-01 16:37 - 00000872 _____ () C:\Documents and Settings\All Users\Desktop\Norton Utilities 16.lnk
2014-08-01 16:37 - 2014-08-01 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Utilities 16
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Program Files\Symantec
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\Product_NU16
2014-08-01 16:36 - 2014-08-01 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-08-01 16:09 - 2009-09-28 10:03 - 20971520 _____ () C:\WINDOWS\system32\cxl1705
2014-08-01 16:06 - 2014-05-06 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-01 15:40 - 2009-02-12 19:05 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-30 20:14 - 2014-07-25 13:01 - 00002317 _____ () C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
2014-07-28 13:17 - 2014-07-28 13:17 - 00090456 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-07-28 13:11 - 2014-07-28 13:09 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\My Digital Editions
2014-07-28 13:10 - 2014-07-28 13:10 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Adobe_Systems_Incorporate
2014-07-28 13:09 - 2014-07-28 13:09 - 00001817 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions 3.0.lnk
2014-07-28 13:09 - 2011-02-13 09:36 - 00000000 ____D () C:\Program Files\Adobe
2014-07-25 13:41 - 2014-07-25 13:41 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\My Media
2014-07-25 13:40 - 2014-07-25 13:40 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\OverDrive
2014-07-25 13:01 - 2014-07-25 13:01 - 00000000 ____D () C:\Program Files\OverDrive Media Console
2014-07-25 13:01 - 2014-07-25 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OverDrive Media Console
2014-07-25 12:53 - 2011-07-14 14:55 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 17:31 - 2011-07-28 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-23 08:31 - 2011-04-18 21:00 - 00002268 _____ () C:\Documents and Settings\ken\Desktop\Google Chrome.lnk
2014-07-17 12:33 - 2014-07-13 21:18 - 00000000 ____D () C:\Documents and Settings\ken\My Documents\My Kindle Content
2014-07-17 12:14 - 2012-06-28 20:12 - 00002473 _____ () C:\Documents and Settings\ken\Desktop\Microsoft Word.lnk
2014-07-16 17:12 - 2014-07-16 17:12 - 00106496 _____ () C:\WINDOWS\Minidump\Mini071614-01.dmp
2014-07-16 17:12 - 2011-06-03 17:52 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-15 08:23 - 2014-07-15 08:23 - 00106496 _____ () C:\WINDOWS\Minidump\Mini071514-01.dmp
2014-07-14 20:17 - 2014-07-14 20:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Cryptainer 10
2014-07-13 21:18 - 2014-07-13 21:18 - 00001635 _____ () C:\Documents and Settings\ken\Desktop\Kindle.lnk
2014-07-13 21:18 - 2014-07-13 21:18 - 00000000 ____D () C:\Documents and Settings\ken\Start Menu\Programs\Amazon
2014-07-13 21:18 - 2014-07-13 21:18 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\Amazon
2014-07-13 21:17 - 2014-07-13 21:17 - 00000000 ____D () C:\Program Files\Amazon
2014-07-13 08:54 - 2011-07-28 14:36 - 00000298 _____ () C:\Documents and Settings\ken\Desktop\Watch TV Online  Sky Go.url
2014-07-12 13:47 - 2014-07-12 13:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini071214-01.dmp
2014-07-10 16:34 - 2013-08-15 08:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 16:27 - 2009-05-04 04:12 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 16:03 - 2014-06-03 09:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-07-05 16:57 - 2014-07-05 16:57 - 00001635 _____ () C:\Documents and Settings\ken\Desktop\FilmOn HDi Player.lnk
2014-07-05 16:57 - 2014-07-05 16:57 - 00000000 ____D () C:\Program Files\FilmOn HDi Player
2014-07-05 16:57 - 2014-07-05 16:57 - 00000000 ____D () C:\Documents and Settings\ken\Start Menu\Programs\FilmOn.com
2014-07-05 16:14 - 2014-07-05 16:14 - 00000000 ____D () C:\Documents and Settings\ken\Local Settings\Application Data\FilmOn.com
2014-07-05 16:14 - 2014-07-05 16:14 - 00000000 ____D () C:\Documents and Settings\ken\Application Data\FilmOn.com
2014-07-05 16:14 - 2014-07-05 16:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\FilmOn.com
2014-07-05 07:05 - 2012-01-22 18:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

A question please.....I also d/l Firefox to my pc at the same time as I did it for my laptop. Whereas the laptop showed the problem immediately, the pc seems fine. Is it likely that the same problem is there also and just waiting to rear its head?

 

Thanks again for your help.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Something weird is going on....just tried again to open the the tool by rightclicking and it jumped open without by having to click run! Below is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014
Ran by ken at 2014-08-05 08:51:55 Run:1
Running from C:\Documents and Settings\ken\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:792D4CF1
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {14b72af9-6626-11e2-b40c-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {20ed6810-ff7d-11e1-b3b1-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {20ed6811-ff7d-11e1-b3b1-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {20ed6813-ff7d-11e1-b3b1-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {2a713864-034a-11e2-b3bc-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {4ade9d30-ff08-11e1-b3ae-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {4ade9d31-ff08-11e1-b3ae-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {6489fd08-00fa-11e2-b3b8-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {6b80755b-4ac9-11de-b049-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {a19a21e8-6624-11e2-b40b-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {bd57103a-44e0-11de-b043-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {efd25ece-ff1e-11e1-b3af-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {efd25ecf-ff1e-11e1-b3af-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\...\MountPoints2: {fd093d19-4b4c-11e2-b402-001377b79794} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7SMSN
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...&rlz=1I7GGLL_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...&rlz=1I7GGLL_en
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
CHR Plugin: (Default Plug-in) - default_plugin No File
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5857128 2014-07-28] (Reimage®)
C:\Program Files\Reimage
S4 IntelIde; No ImagePath
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
U1 WS2IFSL;
2014-08-01 21:57 - 2014-08-01 21:58 - 00000000 ____D () C:\rei
2014-08-01 21:57 - 2014-08-01 21:58 - 00000000 ____D () C:\Program Files\Reimage
2014-08-01 21:56 - 2014-08-01 21:59 - 00000111 _____ () C:\WINDOWS\Reimage.ini
cmd: ipconfig /flushdns
*****************

C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":792D4CF1" ADS removed successfully.
HKU\S-1-5-21-1359691392-2838567340-533315437-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value deleted successfully.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b72af9-6626-11e2-b40c-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{14b72af9-6626-11e2-b40c-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20ed6810-ff7d-11e1-b3b1-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{20ed6810-ff7d-11e1-b3b1-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20ed6811-ff7d-11e1-b3b1-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{20ed6811-ff7d-11e1-b3b1-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20ed6813-ff7d-11e1-b3b1-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{20ed6813-ff7d-11e1-b3b1-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a713864-034a-11e2-b3bc-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{2a713864-034a-11e2-b3bc-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ade9d30-ff08-11e1-b3ae-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{4ade9d30-ff08-11e1-b3ae-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ade9d31-ff08-11e1-b3ae-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{4ade9d31-ff08-11e1-b3ae-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6489fd08-00fa-11e2-b3b8-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{6489fd08-00fa-11e2-b3b8-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b80755b-4ac9-11de-b049-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{6b80755b-4ac9-11de-b049-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a19a21e8-6624-11e2-b40b-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{a19a21e8-6624-11e2-b40b-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd57103a-44e0-11de-b043-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{bd57103a-44e0-11de-b043-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd25ece-ff1e-11e1-b3af-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{efd25ece-ff1e-11e1-b3af-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{efd25ecf-ff1e-11e1-b3af-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{efd25ecf-ff1e-11e1-b3af-001377b79794}" => Key not found.
"HKU\S-1-5-21-1359691392-2838567340-533315437-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd093d19-4b4c-11e2-b402-001377b79794}" => Key deleted successfully.
"HKCR\CLSID\{fd093d19-4b4c-11e2-b402-001377b79794}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
"HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
"HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
ReimageRealTimeProtector => Service stopped successfully.
ReimageRealTimeProtector => Service deleted successfully.
C:\Program Files\Reimage => Moved successfully.
IntelIde => Service deleted successfully.
PCASp50 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\rei => Moved successfully.
"C:\Program Files\Reimage" => File/Directory not found.
C:\WINDOWS\Reimage.ini => Moved successfully.

=========  ipconfig /flushdns =========

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

==== End of Fixlog ====

Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

Just tried to uninstall Combofix but got "no file found". Did a search.....nothing found.

Ridht clicked the icon and "properties" and shows the details, 5.3MB etc.

Should I delete from desktop and then try d/l again using Chrome instead of IE in case IE is at fault?

Link to post
Share on other sites

ComboFix 14-08-05.01 - ken 05/08/2014  10:55:51.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.450 [GMT 1:00]
Running from: c:\documents and settings\ken\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\ken\WINDOWS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GLOBALUPDATE
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-05 to 2014-08-05  )))))))))))))))))))))))))))))))
.
.
2014-08-04 20:20 . 2014-08-05 07:20 -------- d-----w- c:\documents and settings\ken\Application Data\Lavasoft
2014-08-04 19:12 . 2014-08-04 19:12 -------- d-----w- c:\program files\CCleaner
2014-08-03 18:02 . 2014-08-05 07:53 -------- d-----w- C:\FRST
2014-08-03 12:17 . 2014-08-05 08:42 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-03 12:16 . 2014-08-03 12:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-03 12:16 . 2014-05-12 06:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-03 12:16 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-01 21:02 . 2014-08-03 12:13 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\enformation 1.1
2014-08-01 21:02 . 2014-08-01 21:02 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\Adobe
2014-08-01 20:58 . 2014-08-03 13:27 -------- d-----w- c:\program files\globalUpdate
2014-08-01 20:58 . 2014-08-01 20:58 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\globalUpdate
2014-08-01 20:58 . 2014-08-05 09:53 -------- d-----w- c:\program files\enformation 1.1
2014-08-01 20:58 . 2014-08-01 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Reimage Protector
2014-08-01 19:27 . 2014-08-01 19:27 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\Mozilla
2014-08-01 19:27 . 2014-08-01 19:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-08-01 16:39 . 2014-08-01 16:39 -------- d-----w- c:\windows\system32\NtmsData
2014-08-01 15:55 . 2014-08-01 16:28 -------- d-----w- c:\documents and settings\ken\Application Data\Norton Utilities 16
2014-08-01 15:37 . 2014-01-17 03:35 44544 ----a-w- c:\windows\system32\msxml4a.dll
2014-08-01 15:37 . 2014-01-17 04:13 39552 ----a-w- c:\windows\system32\CleanMFT32.exe
2014-08-01 15:37 . 2014-01-17 03:35 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2014-08-01 15:37 . 2014-01-17 03:35 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2014-08-01 15:37 . 2014-01-17 03:35 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2014-08-01 15:37 . 2014-01-17 03:35 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2014-08-01 15:36 . 2014-08-01 15:36 -------- d-----w- c:\program files\Symantec
2014-08-01 15:36 . 2014-08-01 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2014-08-01 15:36 . 2014-08-01 15:36 -------- d-----w- c:\documents and settings\ken\Application Data\Product_NU16
2014-07-25 12:40 . 2014-07-25 12:40 -------- d-----w- c:\documents and settings\ken\Application Data\OverDrive
2014-07-25 12:01 . 2014-07-25 12:01 -------- d-----w- c:\program files\OverDrive Media Console
2014-07-14 19:17 . 2012-01-06 09:00 98560 ----a-w- c:\windows\system32\drivers\crytdv10.sys
2014-07-14 19:17 . 2012-01-06 09:00 1072480 ----a-w- c:\windows\system32\crytsrv10.exe
2014-07-14 19:17 . 2014-08-01 18:43 -------- d-----w- c:\program files\Cryptainer LE 10
2014-07-13 20:18 . 2014-07-13 20:18 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\Amazon
2014-07-13 20:17 . 2014-07-13 20:17 -------- d-----w- c:\program files\Amazon
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-01 20:10 . 2012-05-14 07:18 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-01 20:10 . 2011-05-19 07:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-30 11:43 . 2014-03-27 21:14 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 15:22 . 2014-03-27 21:15 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 15:21 . 2014-03-31 15:11 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 15:18 . 2012-08-09 12:56 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 15:17 . 2014-03-27 21:04 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 15:17 . 2014-06-17 15:17 190232 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2014-06-17 15:06 . 2014-03-31 15:11 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 15:06 . 2014-03-27 21:03 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 15:06 . 2014-03-27 21:03 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[7] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[7] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\I386\NTDLL.DLL
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\I386\SYSTEM32\NTDLL.DLL
.
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
[7] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[7] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-11-14 508144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
path=
backup=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ken^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\ken\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2014-05-08 11:21 40312 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMHotKey]
2006-12-27 23:45 466944 ----a-w- c:\program files\Samsung\Easy Display Manager\DMLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EDS]
2007-12-21 04:40 659456 ----a-w- c:\program files\Samsung\Samsung EDS\EDSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-29 15:49 136176 ----atw- c:\documents and settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 00:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
2006-05-15 03:00 151552 ----a-w- c:\program files\Samsung\MagicKBD\PreMKbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-26 20:51 16851456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 16:46 20922016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPBackGround]
2010-04-20 13:26 300912 ----a-w- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\ken\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [27/03/2014 22:04 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 13:56 241944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [27/03/2014 22:03 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [27/03/2014 22:14 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [17/06/2014 16:17 190232]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [27/03/2014 22:03 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [27/03/2014 22:15 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [31/03/2014 16:11 197400]
R1 crytdv10;crytdv10;c:\windows\system32\drivers\crytdv10.sys [14/07/2014 20:17 98560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/07/2014 15:34 3244048]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [10/07/2014 15:23 289328]
R2 cryptainer10service;Cryptainer 10 service;c:\windows\system32\crytsrv10.exe [14/07/2014 20:17 1072480]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/02/2009 20:29 4300]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [03/08/2014 13:16 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [03/08/2014 13:16 860472]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [01/08/2014 16:37 795776]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [21/09/2012 20:07 625816]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [12/02/2009 19:05 14336]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [15/09/2012 08:33 73344]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/08/2012 20:52 209016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/08/2014 13:16 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [03/08/2014 13:17 110296]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/02/2009 20:33 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 08:15 172192]
S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [01/08/2014 16:37 1150592]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 23:09 267568]
S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [01/08/2014 16:37 1163904]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [02/08/2006 00:57 19840]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ    yksvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 20:10]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 11:58]
.
2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 11:58]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005Core1cc0f3c666ff26e.job
- c:\documents and settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-18 15:49]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005UA.job
- c:\documents and settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-18 15:49]
.
2014-08-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2014-06-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2014-08-05 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2014-08-01 04:13]
.
2014-08-03 c:\windows\Tasks\NUSchedule.job
- c:\program files\Symantec\Norton Utilities 16\nu.exe [2014-08-01 04:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\ken\Application Data\Mozilla\Firefox\Profiles\pedloxie.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
AddRemove-Reimage Repair - c:\program files\Reimage\Reimage Repair\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-05 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1164)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2014-08-05  11:17:08 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-05 10:17
.
Pre-Run: 25,716,166,656 bytes free
Post-Run: 26,017,984,512 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F74C12F00810F6E7430CEF3A8898F1D4
A0A345F7AB6F3BAC008FB0DE602E66CD
Sorry,  I hadn't seen your instruction to delete the first and I d/l again via Chrome and it opened immediately without my even saving it to desktop.

It  said I had Mcafee real time scanner running and that it would stop it. Then it said it couldn't stop and that it would continue to scan at my risk. As far as I recall McAfee has never been put on this machine.It did the scan after which it said it was deleting the following:

 

c\Docs and settings\all users\App data\Temp

c\Docs and settings\ken\WINDOWS

 

Then said it was rebooting...nothing about  log.

After reboot it prepared log and AVG RESTARTED ON ITS OWN ACCORD. Was all this OK?

Here is the log:

 

The pop-up remains.

Link to post
Share on other sites

About McAfee, you can run this uninstall tool:

 

http://mcafee-removal-tool.com/

 

 

 

 

51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix
 
Let's prepare a Script for ComboFix to mark some things for being deleted.
 
  • Press the WindowsKey.png + R on your keyboard at the same time.
A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
In the shown window paste in the following script:
Folder::c:\program files\globalUpdatec:\documents and settings\ken\Local Settings\Application Data\globalUpdatec:\documents and settings\ken\Local Settings\Application Data\enformation 1.1c:\program files\enformation 1.1c:\documents and settings\All Users\Application Data\Reimage Protector ClearJavaCache::
Go to File menu and select Save as.
Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.
 
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon.
This will start ComboFix. Let it run uninterrupted!
A reboot may be needed during this run. Allow it.
When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.
 
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Do not forget to turn on your previously switched-off protection software!
Link to post
Share on other sites

ComboFix 14-08-05.01 - ken 05/08/2014  13:13:54.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.456 [GMT 1:00]

Running from: c:\documents and settings\ken\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\ken\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 * Created a new restore point

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Reimage Protector

c:\documents and settings\All Users\Application Data\Reimage Protector\cfl.rei

c:\documents and settings\All Users\Application Data\Reimage Protector\Results\ProtectorPackage.log

c:\documents and settings\All Users\Application Data\Reimage Protector\Results\ProtectorUpdater.log

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\ken\Local Settings\Application Data\enformation 1.1

c:\documents and settings\ken\Local Settings\Application Data\enformation 1.1\DTFProxyToServerSect_bCrossriderApp0062170_p1900.dat

c:\documents and settings\ken\Local Settings\Application Data\globalUpdate

c:\program files\enformation 1.1

c:\program files\enformation 1.1\1293297481.mxaddon

c:\program files\enformation 1.1\9a13e8b6-60fb-4cff-843a-c0e0c9ab7648.crx

c:\program files\enformation 1.1\background.html

c:\program files\enformation 1.1\bgNova.html

c:\program files\enformation 1.1\c80ccd1a-1ba7-4a8a-8942-0fd69dc7dca5.dll

c:\program files\enformation 1.1\e5e81a3a-99a8-4df2-8d2a-0fd89817fdd0-11.exe

c:\program files\enformation 1.1\e5e81a3a-99a8-4df2-8d2a-0fd89817fdd0.crx

c:\program files\enformation 1.1\e5e81a3a-99a8-4df2-8d2a-0fd89817fdd0.xpi

c:\program files\enformation 1.1\enformation 1.1-buttonutil.dll

c:\program files\enformation 1.1\enformation 1.1.ico

c:\program files\enformation 1.1\Uninstall.exe

c:\program files\enformation 1.1\utils.exe

c:\program files\globalUpdate

.

.

(((((((((((((((((((((((((   Files Created from 2014-07-05 to 2014-08-05  )))))))))))))))))))))))))))))))

.

.

2014-08-04 20:20 . 2014-08-05 07:20 -------- d-----w- c:\documents and settings\ken\Application Data\Lavasoft

2014-08-04 19:12 . 2014-08-04 19:12 -------- d-----w- c:\program files\CCleaner

2014-08-03 18:02 . 2014-08-05 07:53 -------- d-----w- C:\FRST

2014-08-03 12:17 . 2014-08-05 12:03 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-08-03 12:16 . 2014-08-03 12:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-08-03 12:16 . 2014-05-12 06:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-08-03 12:16 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-08-01 21:02 . 2014-08-01 21:02 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\Adobe

2014-08-01 19:27 . 2014-08-01 19:27 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\Mozilla

2014-08-01 19:27 . 2014-08-01 19:27 -------- d-----w- c:\program files\Mozilla Maintenance Service

2014-08-01 16:39 . 2014-08-01 16:39 -------- d-----w- c:\windows\system32\NtmsData

2014-08-01 15:55 . 2014-08-01 16:28 -------- d-----w- c:\documents and settings\ken\Application Data\Norton Utilities 16

2014-08-01 15:37 . 2014-01-17 03:35 44544 ----a-w- c:\windows\system32\msxml4a.dll

2014-08-01 15:37 . 2014-01-17 04:13 39552 ----a-w- c:\windows\system32\CleanMFT32.exe

2014-08-01 15:37 . 2014-01-17 03:35 880640 ----a-w- c:\windows\system32\UniBox10.ocx

2014-08-01 15:37 . 2014-01-17 03:35 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx

2014-08-01 15:37 . 2014-01-17 03:35 1101824 ----a-w- c:\windows\system32\UniBox210.ocx

2014-08-01 15:37 . 2014-01-17 03:35 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX

2014-08-01 15:36 . 2014-08-01 15:36 -------- d-----w- c:\program files\Symantec

2014-08-01 15:36 . 2014-08-01 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2014-08-01 15:36 . 2014-08-01 15:36 -------- d-----w- c:\documents and settings\ken\Application Data\Product_NU16

2014-07-25 12:40 . 2014-07-25 12:40 -------- d-----w- c:\documents and settings\ken\Application Data\OverDrive

2014-07-25 12:01 . 2014-07-25 12:01 -------- d-----w- c:\program files\OverDrive Media Console

2014-07-14 19:17 . 2012-01-06 09:00 98560 ----a-w- c:\windows\system32\drivers\crytdv10.sys

2014-07-14 19:17 . 2012-01-06 09:00 1072480 ----a-w- c:\windows\system32\crytsrv10.exe

2014-07-14 19:17 . 2014-08-01 18:43 -------- d-----w- c:\program files\Cryptainer LE 10

2014-07-13 20:18 . 2014-07-13 20:18 -------- d-----w- c:\documents and settings\ken\Local Settings\Application Data\Amazon

2014-07-13 20:17 . 2014-07-13 20:17 -------- d-----w- c:\program files\Amazon

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-08-01 20:10 . 2012-05-14 07:18 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-08-01 20:10 . 2011-05-19 07:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-06-30 11:43 . 2014-03-27 21:14 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2014-06-17 15:22 . 2014-03-27 21:15 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2014-06-17 15:21 . 2014-03-31 15:11 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2014-06-17 15:18 . 2012-08-09 12:56 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys

2014-06-17 15:17 . 2014-03-27 21:04 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2014-06-17 15:17 . 2014-06-17 15:17 190232 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys

2014-06-17 15:06 . 2014-03-31 15:11 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2014-06-17 15:06 . 2014-03-27 21:03 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2014-06-17 15:06 . 2014-03-27 21:03 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll

[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL

[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[7] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

.

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

.

[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll

[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll

[7] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll

[7] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll

[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\I386\NTDLL.DLL

[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\I386\SYSTEM32\NTDLL.DLL

.

[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime

[-] 2009-02-27 . 3F790874A85819E94574F3E7AF9C5806 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime

[-] 2009-02-27 . 30B7D847BA9075AA8E1122FB6AF3D1B5 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime

[7] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll

[7] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

.

[7] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-06-27 13:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]

"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]

"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-07-10 5187088]

"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-11-14 508144]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

path=

backup=

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^ken^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]

path=c:\documents and settings\ken\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2014-05-08 11:21 40312 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 23:20 57344 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMHotKey]

2006-12-27 23:45 466944 ----a-w- c:\program files\Samsung\Easy Display Manager\DMLoader.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EDS]

2007-12-21 04:40 659456 ----a-w- c:\program files\Samsung\Samsung EDS\EDSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-12-29 15:49 136176 ----atw- c:\documents and settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-11-02 00:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]

2006-05-15 03:00 151552 ----a-w- c:\program files\Samsung\MagicKBD\PreMKbd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-08-26 20:51 16851456 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2014-02-10 16:46 20922016 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPBackGround]

2010-04-20 13:26 300912 ----a-w- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\ken\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [27/03/2014 22:04 147736]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 13:56 241944]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [27/03/2014 22:03 27416]

R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [27/03/2014 22:14 121624]

R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [17/06/2014 16:17 190232]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [27/03/2014 22:03 21272]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [27/03/2014 22:15 188696]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [31/03/2014 16:11 197400]

R1 crytdv10;crytdv10;c:\windows\system32\drivers\crytdv10.sys [14/07/2014 20:17 98560]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [10/07/2014 15:23 289328]

R2 cryptainer10service;Cryptainer 10 service;c:\windows\system32\crytsrv10.exe [14/07/2014 20:17 1072480]

R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [12/02/2009 20:29 4300]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [03/08/2014 13:16 1809720]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [03/08/2014 13:16 860472]

R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [01/08/2014 16:37 795776]

R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [21/09/2012 20:07 625816]

R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [12/02/2009 19:05 14336]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [15/01/2008 04:01 30208]

R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [15/09/2012 08:33 73344]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [12/08/2012 20:52 209016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/08/2014 13:16 23256]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [03/08/2014 13:17 110296]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [12/02/2009 20:33 238464]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/07/2014 15:34 3244048]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 08:15 172192]

S3 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [01/08/2014 16:37 1150592]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 23:09 267568]

S3 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [01/08/2014 16:37 1163904]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [02/08/2006 00:57 19840]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

yksvcs REG_MULTI_SZ   yksvc

.

Contents of the 'Scheduled Tasks' folder

.

2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 20:10]

.

2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 11:58]

.

2014-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 11:58]

.

2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005Core1cc0f3c666ff26e.job

- c:\documents and settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-18 15:49]

.

2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359691392-2838567340-533315437-1005UA.job

- c:\documents and settings\ken\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-18 15:49]

.

2014-08-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]

.

2014-06-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]

.

2014-08-05 c:\windows\Tasks\NUAutoUpdate.job

- c:\program files\Symantec\Norton Utilities 16\SULauncher.exe [2014-08-01 04:13]

.

2014-08-03 c:\windows\Tasks\NUSchedule.job

- c:\program files\Symantec\Norton Utilities 16\nu.exe [2014-08-01 04:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bbc.co.uk/news/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\ken\Application Data\Mozilla\Firefox\Profiles\pedloxie.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-enformation 1.1 - c:\program files\enformation 1.1\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-08-05 13:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2014-08-05  13:30:01

ComboFix-quarantined-files.txt  2014-08-05 12:29

ComboFix2.txt  2014-08-05 10:17

.

Pre-Run: 25,970,622,464 bytes free

Post-Run: 25,965,731,840 bytes free

.

- - End Of File - - BD7290070AACC818DDC7028614AE119B

A0A345F7AB6F3BAC008FB0DE602E66CD
Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

 

Let's prepare a Script for ComboFix to mark some things for being deleted.

 

  • Press the WindowsKey.png + R on your keyboard at the same time.

A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.

In the shown window paste in the following script:

Driver::
SUEPD
 
File::
c:\windows\system32\drivers\SUE_PD.sys

Go to File menu and select Save as.

Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.

Name the file CFScript and select Save.


Your CFScript.txt file should appear on your desktop.

 

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon.

This will start ComboFix. Let it run uninterrupted!

A reboot may be needed during this run. Allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt and display it.


Please include that log in your next reply.

 

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Do not forget to turn on your previously switched-off protection software!

 

 

 

 

Tell me how is your PC after this?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.