Jump to content

Think I got a virus. Browser and downloading very slow


bigmoe66

Recommended Posts

Hi there! I was wondering if any of you guys could help. Over the past week I think that a virus may be on my computer. I have done the usual MAB, Kaspersky in safe mode but its not picking up anything. I will post my Hijack this file. If anyone could help woild be very grateful.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:57, on 29/09/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Genie.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: *.incrediblecharts.com
O15 - ESC Trusted Zone: *.incrediblecharts.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342529826875
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Saitek DirectOutput (SaiDOutput) - Saitek - C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe

--
End of file - 9159 bytes
 

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hi Jurgen

Here are my scan results

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-09-2014

Ran by Daniel at 2014-09-30 07:22:32

Running from C:\Documents and Settings\Daniel\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACG's IWM Duxford AI Pack FSX (HKLM\...\ ACG's IWM Duxford AI Pack FSX) (Version: - )

ACG's IWM Duxford FSX (HKLM\...\ ACG's IWM Duxford FSX) (Version: - )

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden

737 Captain (737-200) 1.0 (HKLM\...\p732) (Version: 1.0.00 - © 1999-2012 Captain Sim)

Addit! Pro For Flight Simulator X (HKLM\...\{8DDD9A95-43C2-420F-B188-A1A62B202201}) (Version: 7.3.0005 - Joseph Stearns)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

aerosoft's - Approaching Innsbruck X (HKLM\...\{70864384-DD19-44CB-A999-A917F32F623D}) (Version: 1.10 - aerosoft)

Aerosoft's - F-16 Fighting Falcon (HKLM\...\{A663BED9-978C-4A04-82A3-3029245055BE}) (Version: 1.21 - Aerosoft)

AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden

Airwolf Project X Addons For Microsoft Flight Simulator X (HKLM\...\Airwolf Project X Addons For Microsoft Flight Simulator X1.0) (Version: 1.0 - Airwolf Project X)

AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)

Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Ark Royal IV for FSX (HKCU\...\Ark Royal IV for FSX) (Version: - )

ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden

AutoCAD 2007 - English (HKLM\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)

Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)

BAe Hawk T1 (HKCU\...\BAe Hawk T1) (Version: - )

Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.11 - TOSHIBA CORPORATION)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Brain Workshop 4.8.4 (HKLM\...\Brain Workshop_is1) (Version: 4.8.4 - Paul Hoskinson & Jonathan Toomim)

Browser Configuration Utility (HKLM\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.) <==== ATTENTION

BulkSMS Desktop Messenger (HKLM\...\{0A9D5986-527F-4DEB-B8D0-1AD740072687}) (Version: 5.5.1.8 - Celerity Systems (Pty) Ltd)

Carenado C 152 II (HKLM\...\Carenado C 152 II) (Version: 1.00.00.00 - Carenado)

Carenado C172N FSX (HKLM\...\Carenado C172N FSX) (Version: 1.00.00.00 - Carenado)

CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)

CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )

DJ_AIO_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden

Enable S3 for USB Device (HKLM\...\Enable S3 for USB Device) (Version: - )

EndItAll 2.0 (HKLM\...\EndItAll_is1) (Version: 2.0 - Ziff Davis Media, Inc.)

Etendard IVM/P for FSX Version 1.0 (HKCU\...\Etendard IVM/P for FSX Version 1.0) (Version: - )

ExtractNow (HKLM\...\ExtractNow) (Version: - Nathan Moinvaziri)

FinlandX (HKCU\...\FinlandX) (Version: - )

Flight Simulator X (HKLM\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )

Flight Simulator X Service Pack 1 (HKLM\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )

FSGenesis Madeira Airport Terrain Adjustment Pack - FSX (HKLM\...\Madeira Airport Terrain Adjustment Pack - FSX1.0) (Version: 1.0 - FSGenesis)

Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

GRAN SASSO ID (HKLM\...\GRAN SASSO ID1.0) (Version: 1.0 - Real Earth X)

High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)

HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

HP Deskjet 3520 series Basic Device Software (HKLM\...\{5C2ECF15-B7FF-4E0E-9D00-2000354BD9C2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)

HP Deskjet All-In-One Software 9.0 (HKLM\...\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}) (Version: 9.0 - HP)

ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

IncredibleCharts Pro (HKLM\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version: - Vizhon Corporation)

iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden

Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Liguria 110 (HKLM\...\Liguria 110) (Version: - )

Lock On: Modern Air Combat (HKLM\...\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}) (Version: 1.00.000 - )

Lotus Simulations L-39 Albatros (HKCU\...\Lotus Simulations L-39 Albatros) (Version: - )

Malta XGen v1.2 for Microsoft Flight Simulator X (HKCU\...\Malta XGen v1.2 for Microsoft Flight Simulator X) (Version: - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Media Player Classic - Home Cinema 1.6.1.4235 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.1.4235 - MPC-HC Team)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Flight Simulator X (Version: 10.0.60905 - Microsoft Game Studios) Hidden

Microsoft Flight Simulator X: Acceleration (HKLM\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)

Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0 - Microsoft Game Studios) Hidden

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden

Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2003 (HKLM\...\{90AF0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version: - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)

Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)

Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)

MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)

NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)

NVIDIA Control Panel 267.85 (Version: 267.85 - NVIDIA Corporation) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)

NVIDIA Graphics Driver 267.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.85 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)

ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)

PA34 200T SENECA II FSX (HKLM\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)

Paro Bhutan VQPR (HKLM\...\Paro Bhutan VQPR) (Version: - )

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PMDG 737 8900 NGX (HKLM\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3118 - PMDG Simulations, LLC.)

PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Rapport (Version: 3.5.1403.78 - Trusteer) Hidden

RAZBAM AV-8B Harrier II Plus Vol. 1 ver. 2.0 (HKLM\...\{6DC9674B-26E6-4AA5-9E57-6365C144874D}_is1) (Version: 2.0 - RAZBAM SIMS)

RCS B-25J RAF MkII for FSX (HKLM\...\RCS B-25J RAF MkII for FSX) (Version: - )

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6101 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)

Saitek DirectOutput 6.2.2.4 (HKLM\...\{4F5C19F6-27CF-43EC-9BDC-31DB63F1E2DD}) (Version: 6.2.2.4 - Saitek)

Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden

Smart Technology Programming Software 7.0.2.7 (HKLM\...\{0D62121B-0361-47CD-8712-5B2F5D8D1C9C}) (Version: 7.0.2.7 - Mad Catz)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)

Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden

TrackIR5 (HKLM\...\{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}) (Version: - )

Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1403.78 - Trusteer)

TuneUp Utilities 2014 (en-GB) (Version: 14.0.1000.90 - TuneUp Software) Hidden

UK2000 East Midlands Xtreme FSX DEMO VERSION (HKLM\...\UK2000 East Midlands Xtreme FSX) (Version: 1.00 - UK2000 Scenery)

UK2000 Leeds Xtreme FSX DEMO VERSION (HKLM\...\UK2000 Leeds Xtreme FSX) (Version: 1.00 - UK2000 Scenery)

UK2000 Luton Xtreme FSX DEMO VERSION (HKLM\...\UK2000 Luton Xtreme FSX) (Version: 1.00 - UK2000 Scenery)

UK2000 Manchester FREE FSX Uninstall (HKLM\...\UK2000 Manchester FREE FSX) (Version: - )

UK2000 VFR Scenery Volume1 files (HKLM\...\UK2000 VFR Scenery Volume1) (Version: - )

Ultimate Terrain X - Europe (HKCU\...\Ultimate Terrain X - Europe) (Version: - )

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Wise Registry Cleaner 7.69 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.69 - WiseCleaner.com, Inc.)

YoutubeMovieMaker (HKLM\...\{E084C471-FA8F-4468-93F1-25B3A13ED942}) (Version: 9.06 - Youtube Movie Maker)

YTD Video Downloader 4.8.1 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2007\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2007\acad.exe (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2007\acadficn.dll (Autodesk, Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1229272821-57989841-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)

==================== Restore Points =========================

02-07-2014 06:03:31 System Checkpoint

03-07-2014 07:45:33 System Checkpoint

04-07-2014 08:02:24 System Checkpoint

06-07-2014 07:55:35 System Checkpoint

07-07-2014 10:55:35 System Checkpoint

08-07-2014 12:21:44 System Checkpoint

09-07-2014 08:11:11 Revo Uninstaller's restore point - Picasa 3

10-07-2014 16:06:57 System Checkpoint

11-07-2014 16:28:03 System Checkpoint

12-07-2014 17:28:03 System Checkpoint

13-07-2014 17:42:02 System Checkpoint

15-07-2014 07:22:24 System Checkpoint

16-07-2014 08:03:08 System Checkpoint

17-07-2014 08:28:26 System Checkpoint

18-07-2014 09:38:36 System Checkpoint

19-07-2014 11:12:41 System Checkpoint

21-07-2014 08:20:55 System Checkpoint

22-07-2014 07:42:44 Installed Rapport

23-07-2014 09:08:08 System Checkpoint

24-07-2014 10:19:40 System Checkpoint

25-07-2014 11:39:28 System Checkpoint

26-07-2014 11:55:43 System Checkpoint

28-07-2014 09:50:46 System Checkpoint

29-07-2014 18:31:01 System Checkpoint

30-07-2014 19:18:54 System Checkpoint

01-08-2014 07:52:07 System Checkpoint

02-08-2014 08:19:38 System Checkpoint

03-08-2014 12:10:15 System Checkpoint

04-08-2014 12:22:41 System Checkpoint

05-08-2014 12:30:19 System Checkpoint

06-08-2014 13:55:15 System Checkpoint

07-08-2014 14:33:36 System Checkpoint

08-08-2014 15:32:35 System Checkpoint

09-08-2014 15:41:22 System Checkpoint

10-08-2014 17:37:52 System Checkpoint

11-08-2014 19:04:42 System Checkpoint

13-08-2014 12:08:57 System Checkpoint

14-08-2014 12:51:26 System Checkpoint

15-08-2014 14:18:28 System Checkpoint

16-08-2014 14:49:04 System Checkpoint

17-08-2014 14:51:02 System Checkpoint

18-08-2014 18:23:27 System Checkpoint

19-08-2014 18:36:03 System Checkpoint

20-08-2014 19:32:55 System Checkpoint

22-08-2014 08:28:55 System Checkpoint

23-08-2014 09:56:09 System Checkpoint

25-08-2014 11:31:11 System Checkpoint

27-08-2014 13:20:23 System Checkpoint

28-08-2014 13:38:00 System Checkpoint

29-08-2014 16:51:46 System Checkpoint

31-08-2014 08:56:52 System Checkpoint

01-09-2014 06:33:43 Installed Rapport

02-09-2014 06:40:41 System Checkpoint

03-09-2014 08:10:37 System Checkpoint

04-09-2014 12:00:00 System Checkpoint

05-09-2014 06:41:35 Unsigned driver install

06-09-2014 14:33:44 System Checkpoint

08-09-2014 14:09:51 System Checkpoint

09-09-2014 16:37:05 System Checkpoint

11-09-2014 07:33:41 System Checkpoint

12-09-2014 08:42:43 System Checkpoint

13-09-2014 10:49:45 System Checkpoint

13-09-2014 13:33:26 Installed DirectX

13-09-2014 13:34:52 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

14-09-2014 07:27:55 Revo Uninstaller's restore point - DCS World

15-09-2014 07:43:50 System Checkpoint

16-09-2014 07:46:01 System Checkpoint

17-09-2014 16:50:40 System Checkpoint

19-09-2014 16:29:45 System Checkpoint

21-09-2014 07:39:29 System Checkpoint

22-09-2014 07:43:01 System Checkpoint

23-09-2014 07:46:03 System Checkpoint

24-09-2014 10:51:32 System Checkpoint

25-09-2014 19:03:24 System Checkpoint

27-09-2014 09:59:30 System Checkpoint

28-09-2014 11:15:24 Restore Operation

28-09-2014 11:33:28 Restore Operation

28-09-2014 16:11:47 Restore Operation

28-09-2014 18:38:15 Restore Operation

29-09-2014 11:15:55 Restore Operation

29-09-2014 12:09:51 Restore Operation

29-09-2014 15:28:01 Installed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-07-27 13:00 - 2014-09-28 13:07 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003Core.job => C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003UA.job => C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\windows\system32\xp_eos.exe

Task: C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\windows\system32\xp_eos.exe

Task: C:\windows\Tasks\MyDefrag v4.3.1 Daily.job => ?

Task: C:\windows\Tasks\MyDefrag v4.3.1 Monthly.job => ?

==================== Loaded Modules (whitelisted) =============

2013-08-06 12:49 - 2011-02-28 23:37 - 00180624 _____ () C:\windows\system32\Primomonnt.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-01-14 14:41 - 2013-01-14 14:41 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll

2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

2014-02-03 20:12 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

2014-02-03 20:12 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll

2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll

2014-09-25 09:04 - 2014-09-25 09:04 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2014-09-10 16:29 - 2014-09-10 16:29 - 16825520 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk => C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe

MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

MSCONFIG\startupreg: ProfilerU => C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE

MSCONFIG\startupreg: SaiMfd => C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1229272821-57989841-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

Daniel (S-1-5-21-1229272821-57989841-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Daniel

Guest (S-1-5-21-1229272821-57989841-839522115-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-1229272821-57989841-839522115-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-1229272821-57989841-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (09/25/2014 08:44:26 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (09/11/2014 06:32:22 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (09/03/2014 08:35:22 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (08/27/2014 08:21:54 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (08/20/2014 08:14:02 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (08/13/2014 08:07:19 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (08/05/2014 10:02:03 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/29/2014 08:54:33 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/22/2014 08:41:50 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (07/15/2014 07:25:17 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

System errors:

=============

Error: (09/29/2014 01:05:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/29/2014 01:05:16 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/29/2014 01:05:10 PM) (Source: DCOM) (EventID: 10005) (User: DANIEL-79459C45)

Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""

in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/29/2014 01:05:06 PM) (Source: DCOM) (EventID: 10005) (User: DANIEL-79459C45)

Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""

in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/29/2014 00:11:41 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/29/2014 00:11:03 PM) (Source: DCOM) (EventID: 10005) (User: DANIEL-79459C45)

Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""

in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/29/2014 00:09:12 PM) (Source: DCOM) (EventID: 10005) (User: DANIEL-79459C45)

Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""

in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/29/2014 10:33:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

AFD

AmdPPM

Fips

IPSec

KLIF

kltdi

kneps

MRxSmb

NetBIOS

NetBT

RapportKELL

RasAcd

Rdbss

SASDIFSV

SASKUTIL

Tcpip

Tosrfcom

WS2IFSL

Error: (09/29/2014 10:33:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:

%%31

Error: (09/29/2014 10:33:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:

%%31

Microsoft Office Sessions:

=========================

Error: (09/25/2014 08:44:26 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (09/11/2014 06:32:22 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (09/03/2014 08:35:22 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (08/27/2014 08:21:54 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (08/20/2014 08:14:02 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (08/13/2014 08:07:19 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (08/05/2014 10:02:03 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (07/29/2014 08:54:33 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (07/22/2014 08:41:50 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (07/15/2014 07:25:17 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

==================== Memory info ===========================

Processor: AMD Phenom II X4 850 Processor

Percentage of memory in use: 36%

Total physical RAM: 3070.39 MB

Available physical RAM: 1950.98 MB

Total Pagefile: 4950.92 MB

Available Pagefile: 3950.18 MB

Total Virtual: 2047.88 MB

Available Virtual: 1936.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:323.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: FEB9FEB9)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Many thanks

Link to post
Share on other sites

Hi Jugen

I have re- scanned and these are the results

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-09-2014

Ran by Daniel (administrator) on DANIEL-79459C45 on 30-09-2014 10:30:17

Running from C:\Documents and Settings\Daniel\Desktop

Loaded Profile: Daniel (Available profiles: Daniel & Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Saitek) C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe

(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

HKU\S-1-5-21-1229272821-57989841-839522115-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-17] (Google Inc.)

HKU\S-1-5-21-1229272821-57989841-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x504218E7A01ACF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {0B4CB0E8-2C99-455c-B298-5FF3238DD293} URL = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH

SearchScopes: HKCU - {B83AFFC1-660F-4d52-82D7-0CA54AAA52AE} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346

SearchScopes: HKCU - {CC753B79-FF33-4401-BE4D-5491073505D4} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\windows\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\windows\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4x8eqyg5.default-1395688218937

FF Keyword.URL: https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4x8eqyg5.default-1395688218937\searchplugins\yahoo_ff.xml

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-17]

FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-07-22]

FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-07-22]

FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-07-22]

FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com [2013-07-22]

FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com [2013-07-22]

FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:

=======

CHR CustomProfile: C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-08-03]

CHR Extension: (Safe Money) - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-25]

CHR Extension: (Content Blocker) - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-08-03]

CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-08-03]

CHR Extension: (Anti-Banner) - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-25]

CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-01-14]

CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]

CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]

CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2013-01-14]

CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-01-14]

CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\ab.crx [2013-01-14]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-26] (SUPERAntiSpyware.com)

S4 Alerter; C:\windows\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]

R3 ALG; C:\windows\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]

S3 AppMgmt; C:\windows\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]

R2 AudioSrv; C:\windows\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)

S3 BITS; C:\windows\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]

S2 Browser; C:\windows\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]

R2 BthServ; C:\windows\System32\bthserv.dll [30208 2008-04-14] (Microsoft Corporation) [File not signed]

S3 CiSvc; C:\windows\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]

S3 ClipSrv; C:\windows\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]

S3 COMSysApp; C:\windows\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]

R2 CryptSvc; C:\windows\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]

R2 DcomLaunch; C:\windows\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]

R2 Dhcp; C:\windows\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]

S3 dmadmin; C:\windows\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]

R2 dmserver; C:\windows\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]

R2 Dnscache; C:\windows\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]

S3 Dot3svc; C:\windows\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]

S3 EapHost; C:\windows\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]

R2 ERSvc; C:\windows\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]

R2 Eventlog; C:\windows\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]

R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]

R3 FastUserSwitchingCompatibility; C:\windows\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-03-30] (Flexera Software, Inc.)

R2 helpsvc; C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]

R2 HidServ; C:\windows\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]

S3 hkmsvc; C:\windows\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]

S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-12] (Hewlett-Packard Co.) [File not signed]

S3 HTTPFilter; C:\windows\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S3 ImapiService; C:\windows\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)

R2 lanmanserver; C:\windows\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]

R2 lanmanworkstation; C:\windows\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]

R2 LmHosts; C:\windows\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

S4 Messenger; C:\windows\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]

S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]

S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]

S3 MSIServer; C:\windows\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]

S3 napagent; C:\windows\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]

R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]

S4 NetDDE; C:\windows\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]

S4 NetDDEdsdm; C:\windows\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]

S3 Netlogon; C:\windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]

R3 Netman; C:\windows\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]

R3 Nla; C:\windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]

S3 NtLmSsp; C:\windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]

S3 NtmsSvc; C:\windows\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]

R2 PlugPlay; C:\windows\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]

R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]

R2 PolicyAgent; C:\windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]

R2 ProtectedStorage; C:\windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]

R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)

S3 RasAuto; C:\windows\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]

R3 RasMan; C:\windows\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]

S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]

S4 RemoteAccess; C:\windows\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]

R2 RemoteRegistry; C:\windows\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]

S3 RpcLocator; C:\windows\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]

R2 RpcSs; C:\windows\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]

S3 RSVP; C:\windows\system32\rsvp.exe [132608 2007-07-27] (Microsoft Corporation) [File not signed]

R2 SaiDOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [147456 2008-04-04] (Saitek) [File not signed]

R2 SamSs; C:\windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]

S3 SCardSvr; C:\windows\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]

R2 Schedule; C:\windows\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]

R2 seclogon; C:\windows\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]

R2 SENS; C:\windows\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]

R2 SharedAccess; C:\windows\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]

R2 ShellHWDetection; C:\windows\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]

R2 Spooler; C:\windows\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]

R2 srservice; C:\windows\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]

R3 SSDPSRV; C:\windows\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]

R2 stisvc; C:\windows\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]

S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]

S3 SysmonLog; C:\windows\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]

R3 TapiSrv; C:\windows\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]

R3 TermService; C:\windows\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]

R2 Themes; C:\windows\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]

S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]

R2 TrkWks; C:\windows\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]

S3 upnphost; C:\windows\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]

S3 UPS; C:\windows\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]

S3 VSS; C:\windows\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]

R2 W32Time; C:\windows\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]

R2 WebClient; C:\windows\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]

R2 winmgmt; C:\windows\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]

S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation) [File not signed]

S3 Wmi; C:\windows\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]

S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]

R2 wscsvc; C:\windows\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]

S2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

R2 wuauserv; C:\windows\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]

R2 WudfSvc; C:\windows\System32\WUDFSvc.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]

R2 WZCSVC; C:\windows\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]

S3 xmlprov; C:\windows\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\windows\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]

S4 ACPIEC; C:\windows\system32\Drivers\ACPIEC.sys [11648 2007-07-27] (Microsoft Corporation) [File not signed]

S3 aec; C:\windows\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]

R1 AFD; C:\windows\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]

S3 Ambfilt; C:\windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

R1 AmdPPM; C:\windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) [File not signed]

S3 AsyncMac; C:\windows\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]

R0 atapi; C:\windows\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]

S3 Atmarpc; C:\windows\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]

R3 audstub; C:\windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]

R3 BCMH43XX; C:\windows\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-03-28] (Broadcom Corporation) [File not signed]

R1 Beep; C:\windows\system32\Drivers\Beep.sys [4224 2007-07-27] (Microsoft Corporation) [File not signed]

S3 BthEnum; C:\windows\System32\DRIVERS\BthEnum.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]

S3 BthPan; C:\windows\System32\DRIVERS\bthpan.sys [101120 2008-04-13] (Microsoft Corporation) [File not signed]

S3 BTHPORT; C:\windows\System32\Drivers\BTHport.sys [272128 2008-06-13] (Microsoft Corporation) [File not signed]

S3 BTHUSB; C:\windows\System32\Drivers\BTHUSB.sys [18944 2008-04-13] (Microsoft Corporation) [File not signed]

S4 cbidf2k; C:\windows\system32\Drivers\cbidf2k.sys [13952 2007-07-27] (Microsoft Corporation) [File not signed]

S1 Cdaudio; C:\windows\system32\Drivers\Cdaudio.sys [18688 2007-07-27] (Microsoft Corporation) [File not signed]

R4 Cdfs; C:\windows\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Cdrom; C:\windows\System32\DRIVERS\cdrom.sys [62976 2008-05-02] (Microsoft Corporation) [File not signed]

R0 Disk; C:\windows\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]

S4 dmboot; C:\windows\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]

R0 dmio; C:\windows\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]

R0 dmload; C:\windows\System32\drivers\dmload.sys [5888 2007-07-27] (Microsoft Corp., Veritas Software.) [File not signed]

S3 DMusic; C:\windows\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]

S3 drmkaud; C:\windows\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]

S4 Fastfat; C:\windows\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]

S1 Fdc; C:\windows\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Fips; C:\windows\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]

S1 Flpydisk; C:\windows\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]

R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]

U1 Fs_Rec; C:\windows\system32\Drivers\Fs_Rec.sys [7936 2007-07-27] (Microsoft Corporation) [File not signed]

R0 Ftdisk; C:\windows\System32\DRIVERS\ftdisk.sys [125056 2007-07-27] (Microsoft Corporation) [File not signed]

R3 Gpc; C:\windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]

R3 HDAudBus; C:\windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) [File not signed]

R3 hidusb; C:\windows\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]

R3 HPZid412; C:\windows\System32\DRIVERS\HPZid412.sys [49920 2005-10-22] (HP) [File not signed]

R3 HPZipr12; C:\windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP) [File not signed]

R3 HPZius12; C:\windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-22] (HP) [File not signed]

R3 HTTP; C:\windows\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]

R1 i8042prt; C:\windows\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Imapi; C:\windows\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]

S3 Ip6Fw; C:\windows\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]

S3 IpFilterDriver; C:\windows\System32\DRIVERS\ipfltdrv.sys [32896 2007-07-27] (Microsoft Corporation) [File not signed]

S3 IpInIp; C:\windows\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]

R3 IpNat; C:\windows\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]

R1 IPSec; C:\windows\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]

S3 IRENUM; C:\windows\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]

R0 isapnp; C:\windows\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Kbdclass; C:\windows\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]

R1 kbdhid; C:\windows\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]

R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)

R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [595040 2014-05-19] (Kaspersky Lab ZAO)

R3 klim5; C:\windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [24160 2013-10-09] (Kaspersky Lab ZAO)

R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [24672 2013-10-09] (Kaspersky Lab ZAO)

R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [44000 2013-07-22] (Kaspersky Lab ZAO)

S3 kmixer; C:\windows\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]

R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [145040 2013-07-22] (Kaspersky Lab ZAO)

R0 KSecDD; C:\windows\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]

R1 mnmdd; C:\windows\system32\Drivers\mnmdd.sys [4224 2007-07-27] (Microsoft Corporation) [File not signed]

S3 Modem; C:\windows\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]

S3 Monfilt; C:\windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

R1 Mouclass; C:\windows\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]

R3 mouhid; C:\windows\System32\DRIVERS\mouhid.sys [12160 2007-07-27] (Microsoft Corporation) [File not signed]

R0 MountMgr; C:\windows\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]

R3 MRxDAV; C:\windows\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]

R1 MRxSmb; C:\windows\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]

R1 Msfs; C:\windows\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]

S3 MSKSSRV; C:\windows\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]

S3 MSPCLOCK; C:\windows\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]

S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]

R3 mssmbios; C:\windows\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]

R0 Mup; C:\windows\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]

R0 NDIS; C:\windows\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]

R3 NdisTapi; C:\windows\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]

R3 Ndisuio; C:\windows\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]

R3 NdisWan; C:\windows\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]

R3 NDProxy; C:\windows\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]

R1 NetBIOS; C:\windows\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]

R1 NetBT; C:\windows\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Npfs; C:\windows\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]

S3 npusbio; C:\windows\System32\Drivers\npusbio.sys [37408 2009-12-17] ()

R4 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Null; C:\windows\system32\Drivers\Null.sys [2944 2007-07-27] (Microsoft Corporation) [File not signed]

R3 nv; C:\windows\System32\DRIVERS\nv4_mini.sys [9933952 2011-03-28] (NVIDIA Corporation) [File not signed]

R3 NVENETFD; C:\windows\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation) [File not signed]

R0 nvgts; C:\windows\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)

R3 NVHDA; C:\windows\System32\drivers\nvhda32.sys [119272 2011-03-03] (NVIDIA Corporation)

R3 nvnetbus; C:\windows\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation) [File not signed]

S3 NwlnkFlt; C:\windows\System32\DRIVERS\nwlnkflt.sys [12416 2007-07-27] (Microsoft Corporation) [File not signed]

S3 NwlnkFwd; C:\windows\System32\DRIVERS\nwlnkfwd.sys [32512 2007-07-27] (Microsoft Corporation) [File not signed]

R3 Parport; C:\windows\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]

R0 PartMgr; C:\windows\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]

R2 ParVdm; C:\windows\system32\Drivers\ParVdm.sys [6784 2007-07-27] (Microsoft Corporation) [File not signed]

R0 PCI; C:\windows\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]

R0 PCIIde; C:\windows\System32\DRIVERS\pciide.sys [3328 2007-07-27] (Microsoft Corporation) [File not signed]

S4 Pcmcia; C:\windows\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]

R3 PptpMiniport; C:\windows\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]

S1 Processor; C:\windows\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation) [File not signed]

R3 PSched; C:\windows\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]

R3 Ptilink; C:\windows\System32\DRIVERS\ptilink.sys [17792 2007-07-27] (Parallel Technologies, Inc.) [File not signed]

R1 RapportCerberus_80049; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [433240 2014-09-01] ()

R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251928 2014-08-21] (IBM Corp.)

R0 RapportKELL; C:\windows\System32\Drivers\RapportKELL.sys [206520 2014-08-21] (IBM Corp.)

R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332792 2014-08-21] (IBM Corp.)

R1 RasAcd; C:\windows\System32\DRIVERS\rasacd.sys [8832 2007-07-27] (Microsoft Corporation) [File not signed]

R3 Rasl2tp; C:\windows\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]

R3 RasPppoe; C:\windows\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]

R3 Raspti; C:\windows\System32\DRIVERS\raspti.sys [16512 2007-07-27] (Microsoft Corporation) [File not signed]

R1 Rdbss; C:\windows\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]

R1 RDPCDD; C:\windows\System32\DRIVERS\RDPCDD.sys [4224 2007-07-27] (Microsoft Corporation) [File not signed]

R3 rdpdr; C:\windows\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]

S3 RDPWD; C:\windows\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]

R1 redbook; C:\windows\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]

S3 RFCOMM; C:\windows\System32\DRIVERS\rfcomm.sys [59136 2008-04-13] (Microsoft Corporation) [File not signed]

S3 SaiH0762; C:\windows\System32\DRIVERS\SaiH0762.sys [136832 2008-04-04] (Saitek)

R3 SaiMini; C:\windows\System32\DRIVERS\SaiMini.sys [20744 2010-08-10] (Saitek)

R3 SaiNtBus; C:\windows\System32\drivers\SaiBus.sys [43656 2010-08-10] (Saitek)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 Secdrv; C:\windows\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]

R3 serenum; C:\windows\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Serial; C:\windows\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]

S1 Sfloppy; C:\windows\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]

S3 splitter; C:\windows\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]

R0 sr; C:\windows\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]

R3 Srv; C:\windows\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]

R3 swenum; C:\windows\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]

S3 swmidi; C:\windows\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]

R3 sysaudio; C:\windows\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]

R1 Tcpip; C:\windows\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]

S3 TDPIPE; C:\windows\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]

S3 TDTCP; C:\windows\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]

R1 TermDD; C:\windows\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]

S3 tosrfbnp; C:\windows\System32\Drivers\tosrfbnp.sys [36992 2009-06-11] (TOSHIBA Corporation) [File not signed]

S3 Tosrfhid; C:\windows\System32\DRIVERS\Tosrfhid.sys [74368 2009-05-20] (TOSHIBA Corporation.) [File not signed]

S4 Udfs; C:\windows\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]

R3 Update; C:\windows\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]

S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]

R3 usbccgp; C:\windows\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]

R3 usbehci; C:\windows\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]

R3 usbhub; C:\windows\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]

R3 usbohci; C:\windows\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation) [File not signed]

R3 usbprint; C:\windows\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]

R3 usbscan; C:\windows\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]

S3 USBSTOR; C:\windows\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]

R1 VgaSave; C:\windows\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]

R0 VolSnap; C:\windows\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]

R3 Wanarp; C:\windows\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]

R3 wdmaud; C:\windows\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]

R1 WS2IFSL; C:\windows\System32\drivers\ws2ifsl.sys [12032 2007-07-27] (Microsoft Corporation) [File not signed]

R3 WudfPf; C:\windows\System32\DRIVERS\WudfPf.sys [91904 2009-07-13] (Microsoft Corporation) [File not signed]

S3 WudfRd; C:\windows\System32\DRIVERS\wudfrd.sys [132224 2009-07-13] (Microsoft Corporation) [File not signed]

S3 catchme; \??\C:\DOCUME~1\Daniel\LOCALS~1\Temp\catchme.sys [X]

S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]

S4 IntelIde; No ImagePath

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-05-19] (Kaspersky Lab ZAO)

S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]

U5 ScsiPort; C:\windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 07:22 - 2014-09-30 07:22 - 00037620 _____ () C:\Documents and Settings\Daniel\Desktop\Addition.txt

2014-09-30 07:21 - 2014-09-30 10:30 - 00043641 _____ () C:\Documents and Settings\Daniel\Desktop\FRST.txt

2014-09-30 07:21 - 2014-09-30 10:30 - 00000000 ____D () C:\FRST

2014-09-30 07:21 - 2014-09-30 07:20 - 01100288 _____ (Farbar) C:\Documents and Settings\Daniel\Desktop\FRST.exe

2014-09-29 19:21 - 2014-09-29 19:21 - 00009160 _____ () C:\Documents and Settings\Daniel\Desktop\hijackthis.log

2014-09-29 16:28 - 2014-09-29 19:20 - 00002449 _____ () C:\Documents and Settings\Daniel\Desktop\HiJackThis.lnk

2014-09-29 16:28 - 2014-09-29 16:28 - 00000000 ____D () C:\Program Files\Trend Micro

2014-09-29 16:28 - 2014-09-29 16:28 - 00000000 ____D () C:\Documents and Settings\Daniel\Start Menu\Programs\HiJackThis

2014-09-29 13:08 - 2014-09-29 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2014-09-29 09:27 - 2014-09-29 09:27 - 00000079 _____ () C:\windows\wininit.ini

2014-09-28 19:06 - 2014-09-29 13:07 - 00000000 ____D () C:\Documents and Settings\Daniel\Desktop\mbar

2014-09-28 13:08 - 2014-09-28 13:43 - 00001932 _____ () C:\windows\system32\tmp.reg

2014-09-28 13:08 - 2014-09-28 13:43 - 00000000 _____ () C:\windows\system32\tmp.txt

2014-09-28 13:08 - 2014-09-28 13:09 - 00000120 _____ () C:\windows\setupact.log

2014-09-28 13:08 - 2014-09-28 13:08 - 00000000 _____ () C:\windows\setuperr.log

2014-09-28 13:07 - 2014-09-28 13:44 - 00004190 _____ () C:\rapport.txt

2014-09-28 13:06 - 2009-06-02 11:17 - 00075776 _____ () C:\windows\system32\WS2Fix.exe

2014-09-28 13:06 - 2008-12-12 01:57 - 00078336 _____ (S!Ri.URZ) C:\windows\system32\Agent.OMZ.Fix.exe

2014-09-28 13:06 - 2008-11-29 18:58 - 00082944 _____ (S!Ri.URZ) C:\windows\system32\IEDFix.C.exe

2014-09-28 13:06 - 2008-10-01 15:51 - 00087552 _____ (S!Ri.URZ) C:\windows\system32\VACFix.exe

2014-09-28 13:06 - 2008-09-20 12:45 - 00080384 _____ (S!Ri.URZ) C:\windows\system32\o4Patch.exe

2014-09-28 13:06 - 2008-08-18 12:19 - 00082432 _____ (S!Ri.URZ) C:\windows\system32\404Fix.exe

2014-09-28 13:06 - 2008-05-18 21:40 - 00082944 _____ (S!Ri.URZ) C:\windows\system32\IEDFix.exe

2014-09-28 13:06 - 2007-09-06 00:22 - 00289144 _____ (S!Ri) C:\windows\system32\VCCLSID.exe

2014-09-28 13:06 - 2006-12-01 06:20 - 00079360 _____ (SteelWerX) C:\windows\system32\swxcacls.exe

2014-09-28 13:06 - 2006-08-29 19:43 - 00135168 _____ (SteelWerX) C:\windows\system32\swreg.exe

2014-09-28 13:06 - 2006-04-27 17:49 - 00288417 _____ (S!Ri) C:\windows\system32\SrchSTS.exe

2014-09-28 13:06 - 2006-01-09 10:36 - 00040960 _____ () C:\windows\system32\swsc.exe

2014-09-28 13:06 - 2004-07-31 18:50 - 00051200 _____ () C:\windows\system32\dumphive.exe

2014-09-28 13:06 - 2003-06-05 21:13 - 00053248 _____ (http://www.beyondlogic.org) C:\windows\system32\Process.exe

2014-09-27 16:39 - 2014-09-30 07:07 - 00079165 _____ () C:\windows\setupapi.log

2014-09-27 16:39 - 2014-09-30 07:03 - 00000159 _____ () C:\windows\wiadebug.log

2014-09-27 16:39 - 2014-09-30 07:03 - 00000049 _____ () C:\windows\wiaservc.log

2014-09-27 16:39 - 2014-09-29 20:14 - 00032512 _____ () C:\windows\SchedLgU.Txt

2014-09-27 16:39 - 2014-09-27 16:39 - 00000000 _____ () C:\windows\Sti_Trace.log

2014-09-27 16:38 - 2014-09-30 07:04 - 00065562 _____ () C:\windows\WindowsUpdate.log

2014-09-27 16:31 - 2014-09-27 16:31 - 00004032 _____ () C:\Documents and Settings\Daniel\My Documents\cc_20140927_163148.reg

2014-09-27 14:28 - 2014-09-30 10:30 - 00000000 ____D () C:\Documents and Settings\Daniel\Local Settings\temp

2014-09-27 14:28 - 2014-09-27 14:28 - 00018527 _____ () C:\ComboFix.txt

2014-09-27 14:28 - 2014-09-27 14:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp

2014-09-27 14:28 - 2014-09-27 14:28 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp

2014-09-27 14:28 - 2014-09-27 14:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp

2014-09-27 14:12 - 2014-09-27 14:12 - 00000582 _____ () C:\Documents and Settings\Daniel\Desktop\JRT.txt

2014-09-25 09:04 - 2014-09-25 09:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-09-24 12:39 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe

2014-09-24 12:39 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe

2014-09-24 12:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2014-09-24 12:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2014-09-24 12:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2014-09-24 12:39 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe

2014-09-24 12:39 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe

2014-09-24 12:39 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe

2014-09-24 12:39 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe

2014-09-15 17:28 - 2014-09-15 17:28 - 00006548 _____ () C:\Documents and Settings\Daniel\My Documents\cc_20140915_172857.reg

2014-09-15 17:28 - 2014-09-15 17:28 - 00000082 _____ () C:\Documents and Settings\Daniel\My Documents\cc_20140915_172835.reg

2014-09-13 14:40 - 2014-09-13 14:40 - 00000000 ____D () C:\Documents and Settings\Daniel\My Documents\My Games

2014-09-13 14:40 - 2014-09-13 14:40 - 00000000 ____D () C:\Documents and Settings\Daniel\Local Settings\Application Data\DCS

2014-09-13 14:34 - 2014-09-13 14:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

2014-09-11 09:58 - 2014-09-11 18:43 - 00002033 _____ () C:\Documents and Settings\Daniel\Desktop\EDCG Control Panel (FSX).lnk

2014-09-11 09:27 - 2014-09-11 09:28 - 00000000 ____D () C:\Documents and Settings\Daniel\Desktop\ORBX

2014-09-10 12:25 - 2014-09-10 12:25 - 00000000 ____D () C:\Documents and Settings\Daniel\Desktop\New Folder

2014-09-08 10:58 - 2014-09-08 11:00 - 00581559 _____ () C:\Documents and Settings\Daniel\Desktop\Copy (2) of dan_bryant_1409906627293.csv

2014-09-08 10:10 - 2014-09-08 11:45 - 00011414 _____ () C:\Documents and Settings\Daniel\Desktop\Buyers emails.csv

2014-09-05 14:21 - 2014-09-08 08:36 - 00009368 _____ () C:\Documents and Settings\Daniel\Desktop\Copy of dan_bryant_1409906627293.csv

2014-09-05 11:50 - 2014-09-05 14:48 - 00000084 _____ () C:\Documents and Settings\Daniel\Desktop\Dan.csv

2014-09-05 11:44 - 2014-09-05 11:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ErrorEND

2014-09-05 11:28 - 2014-09-05 11:28 - 00013824 _____ () C:\Documents and Settings\Daniel\My Documents\dan.xls

2014-09-05 10:16 - 2014-09-05 10:16 - 00039424 _____ () C:\Documents and Settings\Daniel\Desktop\GW emasil.xls

2014-09-05 09:48 - 2014-09-05 13:43 - 00591046 _____ () C:\Documents and Settings\Daniel\Desktop\dan_bryant_1409906627293.csv

2014-08-31 19:01 - 2014-08-31 19:02 - 694242632 _____ () C:\Documents and Settings\Daniel\My Documents\Best UFO Sightings Of April 2014 Full Length Documentary Watch For Free!.mp4

2014-08-31 18:54 - 2014-08-31 18:54 - 05925710 _____ () C:\Documents and Settings\Daniel\My Documents\Paul Barrett Search for the Truth.mp4

2014-08-31 16:53 - 2014-08-31 16:53 - 09283029 _____ () C:\Documents and Settings\Daniel\My Documents\Rambo First Blood Part 2, Track 4_ The Jump.mp4

2014-08-31 16:45 - 2014-08-31 16:45 - 02231497 _____ () C:\Documents and Settings\Daniel\My Documents\Rambo First Blood Part 2, Track 1_ Main Title.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 10:29 - 2013-06-01 11:53 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-09-30 09:50 - 2012-02-17 15:44 - 00000982 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003UA.job

2014-09-30 09:42 - 2012-02-17 18:31 - 00000886 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-30 09:00 - 2013-07-22 15:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2014-09-30 07:42 - 2012-02-17 18:31 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-30 07:07 - 2012-02-18 13:46 - 00515860 _____ () C:\windows\system32\PerfStringBackup.INI

2014-09-30 07:03 - 2014-04-04 15:38 - 00000224 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2014-09-30 07:03 - 2012-02-17 14:04 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-09-30 07:03 - 2007-07-27 13:00 - 00013646 _____ () C:\windows\system32\wpa.dbl

2014-09-29 20:14 - 2012-02-17 14:04 - 00000278 ___SH () C:\Documents and Settings\Daniel\ntuser.ini

2014-09-29 20:14 - 2012-02-17 14:04 - 00000000 ____D () C:\Documents and Settings\Daniel

2014-09-29 13:50 - 2012-02-17 15:44 - 00000930 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003Core.job

2014-09-29 13:08 - 2012-02-17 14:59 - 00000000 __SHD () C:\Documents and Settings\Daniel\UserData

2014-09-29 13:07 - 2014-03-24 19:57 - 00000000 ____D () C:\Program Files\Youtube Movie Maker

2014-09-29 13:07 - 2014-03-24 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Youtube Movie Maker

2014-09-29 13:06 - 2014-01-31 17:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-09-29 11:11 - 2014-04-08 19:35 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-29 10:20 - 2014-01-30 14:41 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2014-09-29 09:23 - 2014-01-22 09:23 - 00524288 _____ () C:\windows\system32\config\SpybotSD.evt

2014-09-28 19:06 - 2014-04-08 19:35 - 00054232 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-09-28 12:25 - 2014-02-01 12:10 - 00282780 _____ () C:\Documents and Settings\Daniel\Desktop\Rkill.txt

2014-09-27 17:14 - 2014-03-24 19:57 - 00002669 _____ () C:\Documents and Settings\All Users\Desktop\Youtube Movie Maker.lnk

2014-09-27 16:41 - 2012-02-17 14:03 - 00000000 __SHD () C:\Documents and Settings\NetworkService

2014-09-27 16:39 - 2012-02-17 14:04 - 00000000 __SHD () C:\Documents and Settings\LocalService

2014-09-27 16:38 - 2012-02-17 15:23 - 00000000 __HDC () C:\windows\$NtUninstallKB961501_0$

2014-09-27 14:28 - 2014-02-01 09:54 - 00000000 ____D () C:\Qoobox

2014-09-27 14:27 - 2007-07-27 13:00 - 00000227 _____ () C:\windows\system.ini

2014-09-27 13:52 - 2014-02-01 12:29 - 00000000 ____D () C:\AdwCleaner

2014-09-27 13:52 - 2014-01-30 19:28 - 00065536 _____ () C:\windows\system32\config\Doctor Web.evt

2014-09-27 13:17 - 2013-01-27 17:18 - 00000000 ____D () C:\Program Files\stinger

2014-09-25 12:38 - 2013-07-05 10:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-09-25 02:53 - 2012-02-17 15:46 - 00002293 _____ () C:\Documents and Settings\Daniel\Desktop\Google Chrome.lnk

2014-09-24 21:29 - 2012-03-31 16:42 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2014-09-24 21:29 - 2012-02-17 15:54 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

2014-09-19 13:45 - 2013-08-06 12:53 - 00000000 ____D () C:\Documents and Settings\Daniel\Application Data\PrimoPDF

2014-09-17 06:57 - 2014-05-10 15:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp

2014-09-13 14:33 - 2012-02-17 14:01 - 00000000 ____D () C:\windows\system32\DirectX

2014-09-11 12:27 - 2013-06-25 12:46 - 00000000 ____D () C:\Documents and Settings\Daniel\Desktop\aSelect

2014-09-09 09:07 - 2014-08-18 17:18 - 00000000 ____D () C:\Documents and Settings\Daniel\Desktop\Fiat

2014-09-08 15:00 - 2014-04-04 15:38 - 00000218 _____ () C:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

2014-09-06 15:45 - 2014-06-06 18:14 - 00000000 ____D () C:\Documents and Settings\Daniel\Desktop\dating

2014-09-01 07:34 - 2013-08-21 06:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => MD5 is legit

C:\windows\system32\winlogon.exe => MD5 is legit

C:\windows\system32\svchost.exe => MD5 is legit

C:\windows\system32\services.exe => MD5 is legit

C:\windows\system32\User32.dll => MD5 is legit

C:\windows\system32\userinit.exe => MD5 is legit

C:\windows\system32\rpcss.dll => MD5 is legit

C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.

Any patches, updates or security releases are ceased for this System.

This is just an information for you if not aware.

My recommendation would be to start thinking about replacing it with some newer edition, like Windows Vista, Windows 7 or Windows 8.

 

Step 1

  • Please start revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:

    Browser Configuration UtilityMcAfee Security Scan PlusSUPERAntiSpyware
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete

    note: you may have to expand some folders by clicking the "+" mark

  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Scan with mbam.pngMalwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 3

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    process;services-list;systemspecs;startupall;filesrcm;installedprogs;emptyclsid;autoclean;type C:\ComboFix.txt >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

Hi

MAB Results

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 30/09/2014

Scan Time: 19:24:02

Logfile: mab.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.09.30.07

Rootkit Database: v2014.09.19.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Daniel

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 342411

Time Elapsed: 12 min, 53 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

ZOEK Results

Zoek.exe v5.0.0.0 Updated 20-September-2014

Tool run by Daniel on 30/09/2014 at 19:48:18.39.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode No Internet Access Detected

Launched: C:\Documents and Settings\Daniel\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

30/09/2014 19:50:02 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully

HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully

HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully

==== Installed Programs ======================

ACG's IWM Duxford AI Pack FSX

ACG's IWM Duxford FSX

32 Bit HP CIO Components Installer

737 Captain (737-200) 1.0

Addit Pro For Flight Simulator X

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Adobe Reader X (10.1.11)

aerosoft's - Approaching Innsbruck X

Aerosoft's - F-16 Fighting Falcon

AIO_Scan

Airwolf Project X Addons For Microsoft Flight Simulator X

AMD Processor Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ark Royal IV for FSX

ASUS nVidia Driver

AutoCAD 2007 - English

Autodesk DWF Viewer

BAe Hawk T1

Bluetooth Stack for Windows by Toshiba

Bonjour

Brain Workshop 4.8.4

BulkSMS Desktop Messenger

Carenado C 152 II

Carenado C172N FSX

CCleaner

Compatibility Pack for the 2007 Office system

CPUID CPU-Z 1.68

DJ_AIO_Software_min

Enable S3 for USB Device

EndItAll 2.0

Etendard IVM/P for FSX Version 1.0

ExtractNow

FinlandX

Flight Simulator X Service Pack 1

FSGenesis Madeira Airport Terrain Adjustment Pack - FSX

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GRAN SASSO ID

High Definition Audio Driver Package - KB888111

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB981793)

HP Deskjet 3520 series Basic Device Software

HP Deskjet 3520 series Setup Guide

HP Deskjet All-In-One Software 9.0

ImgBurn

IncredibleCharts Pro

iTunes

Java 7 Update 51

Java Auto Updater

JavaFX 2.1.1

Kaspersky Anti-Virus 2013

Kaspersky Internet Security 2013

Liguria 110

Lock On: Modern Air Combat

Lotus Simulations L-39 Albatros

Malta XGen v1.2 for Microsoft Flight Simulator X

Malwarebytes Anti-Malware version 2.0.2.1012

Media Player Classic - Home Cinema 1.6.1.4235

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Flight Simulator X: Acceleration

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office Basic Edition 2003

Microsoft Office PowerPoint Viewer 2003

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030

Microsoft WinUsb 1.0

Mozilla Firefox 32.0.3 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 24.6.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

MyDefrag v4.3.1

NETGEAR WNDA3100v2 wireless USB 2.0 adapter

NVIDIA Control Panel 267.85

NVIDIA Drivers

NVIDIA Graphics Driver 267.85

NVIDIA HD Audio Driver 1.2.22.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

ON_OFF Charge B10.0427.1

PA34 200T SENECA II FSX

Paro Bhutan VQPR

Picasa 3

PMDG 737 8900 NGX

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

Rapport

RAZBAM AV-8B Harrier II Plus Vol. 1 ver. 2.0

RCS B-25J RAF MkII for FSX

Realtek High Definition Audio Driver

Revo Uninstaller 1.93

Saitek DirectOutput 6.2.2.4

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Internet Explorer 8 (KB2909210)

Security Update for Windows Internet Explorer 8 (KB2925418)

Security Update for Windows Internet Explorer 8 (KB2936068)

Security Update for Windows Internet Explorer 8 (KB2964358)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2803821-v2)

Security Update for Windows Media Player (KB2803821)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868038)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB2914368)

Security Update for Windows XP (KB2916036)

Security Update for Windows XP (KB2922229)

Security Update for Windows XP (KB2929961)

Security Update for Windows XP (KB2930275)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Smart Technology Programming Software 7.0.2.7

Toolbox

TrackIR5

Trusteer Endpoint Protection

TuneUp Utilities 2014 (en-GB)

UK2000 East Midlands Xtreme FSX DEMO VERSION

UK2000 Leeds Xtreme FSX DEMO VERSION

UK2000 Luton Xtreme FSX DEMO VERSION

UK2000 Manchester FREE FSX Uninstall

UK2000 VFR Scenery Volume1 files

Ultimate Terrain X - Europe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2904266)

Update for Windows XP (KB2934207)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows XP Service Pack 3

WinRAR 4.20 (32-bit)

Wise Registry Cleaner 7.69

YoutubeMovieMaker

YTD Video Downloader 4.8.1

==== Running Processes ======================

C:\windows\System32\smss.exe

C:\windows\system32\csrss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\windows\system32\spoolsv.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\windows\system32\wscntfy.exe

C:\windows\System32\alg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Daniel\Desktop\zoek.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k rpcss

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k WudfServiceGroup

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k netsvcs

==== Services ======================

You do not have Microsoft .NET Framework 4.0(or higher) installed.

Download it here v4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17851

Download it here v4.5: http://www.microsoft.com/en-in/download/details.aspx?id=30653

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4x8eqyg5.default-1395688218937

user.js not found

---- Lines spigot removed from prefs.js ----

user_pref("startpage.ntsearch_url", "https://uk.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");

---- Lines {e4f94d1e-2f53-401e-8885-681602c0ddd8} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\

---- FireFox user.js and prefs.js backups ----

prefs_092014_2005_.backup

ProfilePath: C:\Documents and Settings\Daniel\Application Data\Thunderbird\Profiles\tu99gdji.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_092014_2005_.backup

==== Batch Command(s) Run By Tool======================

ComboFix 14-09-22.01 - Daniel 27/09/2014 14:21:29.8.4 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2754 [GMT 1:00]

Running from: e:\virus\ComboFix.exe

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\14_43260.dll

c:\windows\system32\28_83260.dll

.

.

((((((((((((((((((((((((( Files Created from 2014-08-27 to 2014-09-27 )))))))))))))))))))))))))))))))

.

.

2014-09-13 13:40 . 2014-09-13 13:40 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\DCS

2014-09-13 13:34 . 2014-09-13 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache

2014-09-05 10:44 . 2014-09-05 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ErrorEND

2014-09-05 10:44 . 2014-09-05 10:44 -------- d-----w- c:\program files\ErrorEND

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-24 20:29 . 2012-03-31 15:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-09-24 20:29 . 2012-02-17 14:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-08-26 17:41 . 2014-04-08 18:35 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-08-21 15:03 . 2014-08-21 15:03 206520 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\system32\GPhotos.scr

2014-07-18 07:33 . 2014-07-18 07:33 110296 ----a-w- c:\windows\system32\drivers\7BA41414.sys

2014-07-14 12:07 . 2014-07-14 12:07 110296 ----a-w- c:\windows\system32\drivers\71622BA5.sys

2014-07-13 14:02 . 2014-07-13 14:02 110296 ----a-w- c:\windows\system32\drivers\58740979.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows\system32\mshtml.dll

[-] 2014-04-30 . 3DB2624CCB1663BF6D62311B2B9E7B55 . 6022144 . . [8.00.6001.23588] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2014-03-06 . 0964EFC80BD54FDF37397A09FDAE8395 . 6021632 . . [8.00.6001.23580] . . c:\windows\erdnt\cache\mshtml.dll

[-] 2014-03-06 . 0964EFC80BD54FDF37397A09FDAE8395 . 6021632 . . [8.00.6001.23580] . . c:\windows\ie8updates\KB2964358-IE8\mshtml.dll

[-] 2014-02-24 . 427C63C2075ABF62FAA897BBD3DE44F4 . 6022144 . . [8.00.6001.23569] . . c:\windows\ie8updates\KB2936068-IE8\mshtml.dll

[-] 2013-10-29 . 680BD97BA5C817BCE79162496D51528D . 6020608 . . [8.00.6001.23543] . . c:\windows\ie8updates\KB2925418-IE8\mshtml.dll

[-] 2013-06-07 . 76A0CF7F71B56CF9CCF46536AFFE3E26 . 6017536 . . [8.00.6001.23507] . . c:\windows\ie8updates\KB2898785-IE8\mshtml.dll

[-] 2013-03-02 . 85FE43A44239E406D7BB9513569D4D00 . 6012416 . . [8.00.6001.19412] . . c:\windows\ie8updates\KB2846071-IE8\mshtml.dll

[-] 2013-03-02 . 990F4518E1607F445969C12F014E4E29 . 6013440 . . [8.00.6001.23480] . . c:\windows\$hf_mig$\KB2817183-IE8\SP3QFE\mshtml.dll

[-] 2013-01-09 . 99E9E2606FB13ADB711935FE8E8E29C1 . 6011904 . . [8.00.6001.23468] . . c:\windows\$hf_mig$\KB2792100-IE8\SP3QFE\mshtml.dll

[-] 2013-01-08 . 727C9E97CB26879C17A30484C2C76E98 . 6010368 . . [8.00.6001.19400] . . c:\windows\ie8updates\KB2817183-IE8\mshtml.dll

[-] 2012-11-13 . 02D8509E2362D777DEBFFC05C022CBF2 . 6010880 . . [8.00.6001.23461] . . c:\windows\$hf_mig$\KB2761465-IE8\SP3QFE\mshtml.dll

[-] 2012-11-12 . 9C46E5C82F94D9AEDD2CE798F0DF1158 . 6008832 . . [8.00.6001.19393] . . c:\windows\ie8updates\KB2792100-IE8\mshtml.dll

[-] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\ie8updates\KB2761465-IE8\mshtml.dll

[-] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll

[-] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll

[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\$hf_mig$\KB2675157-IE8\SP3QFE\mshtml.dll

[-] 2011-12-17 . A9259CD226283CD4F798C00909754A94 . 5979136 . . [8.00.6001.19190] . . c:\windows\ie8updates\KB2675157-IE8\mshtml.dll

[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\$hf_mig$\KB2647516-IE8\SP3QFE\mshtml.dll

[-] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2647516-IE8\mshtml.dll

[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[-] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll

[-] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll

[-] 2010-04-16 . 44A6BB3DE8FF814209A1CDFEC4BB51BD . 3065344 . . [6.00.2900.3698] . . c:\windows\ie8\mshtml.dll

[-] 2010-04-16 . 149F37C9702F24A50741E56FBC7AE56B . 3073024 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll

[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2007-07-27 . FD99AD515CBCA109A3D0832F3482DDA1 . 3049472 . . [6.00.2900.2853] . . c:\windows\$NtUninstallKB982381$\mshtml.dll

[-] 2006-02-21 . C6E663C066E3BEA5B0BB70D87D0701E9 . 3052032 . . [6.00.2900.2853] . . c:\windows\$hf_mig$\KB911164\SP2QFE\mshtml.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-17 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-23 13881448]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]

NETGEAR WNDA3100v2 Genie.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2014-2-3 8453376]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk

backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-02-17 14:44 136176 ----atw- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]

2009-07-22 12:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-11-02 00:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-03-23 23:42 13881448 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-03-23 23:42 111208 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]

2010-07-29 10:53 227840 ----a-w- c:\program files\Saitek\SD6\Software\ProfilerU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-04-30 09:22 19523616 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]

2010-07-29 10:54 123392 ----a-w- c:\program files\Saitek\SD6\Software\SaiMfd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2012-02-17 17:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IncredibleCharts\\IncredibleCharts.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=

"c:\\Documents and Settings\\Daniel\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

.

R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2014-08-21 206520]

R1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-07-22 44000]

R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-07-22 145040]

R1 RapportCerberus_80049;RapportCerberus_80049;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [2014-09-01 433240]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2014-08-21 251928]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2014-08-21 332792]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2014-08-21 1919256]

R2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 147456]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]

R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-12-14 303360]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys [2011-03-28 1034240]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2012-06-27 35672]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-10-09 24160]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-10-09 24672]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]

R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio.sys [2009-12-17 37408]

R3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]

R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 136832]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-26 142648]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2014-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:29]

.

2014-09-25 c:\windows\Tasks\ErrorEND.job

- c:\program files\ErrorEND\ERROREND.exe [2014-06-18 18:31]

.

2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 17:31]

.

2014-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-17 17:31]

.

2014-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003Core.job

- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-17 14:44]

.

2014-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003UA.job

- c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-17 14:44]

.

2014-09-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]

.

2014-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- c:\windows\system32\xp_eos.exe [2014-04-04 01:59]

.

2014-08-09 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job

- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2012-02-17 12:03]

.

2012-02-17 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job

- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2012-02-17 12:03]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4x8eqyg5.default-1395688218937\

FF - prefs.js: keyword.URL - hxxps://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-09-27 14:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2014-09-27 14:28:39

ComboFix-quarantined-files.txt 2014-09-27 13:28

ComboFix2.txt 2014-09-25 12:54

ComboFix3.txt 2014-09-24 11:52

ComboFix4.txt 2014-05-10 14:19

ComboFix5.txt 2014-09-27 13:20

.

Pre-Run: 347,952,930,816 bytes free

Post-Run: 347,927,306,240 bytes free

.

- - End Of File - - 04919D26D6B2B359D1189E2B9654612F

8F558EB6672622401DA993E1E865C861

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes' Anti-Malware (portable) deleted

C:\Program Files\ComPlus Applications deleted

C:\Program Files\Wise\Wise Registry Cleaner deleted

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Package Cache deleted

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\windows\wininit.ini deleted

C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk deleted

==== System Specs ======================

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Manufacturer: Gigabyte Technology Co., Ltd. - Model: M68MT-S2

Install Date: 17/02/2012 13:03:22

Last Boot: 30/09/2014 19:05:52

Processor: AMD Phenom II X4 850 Processor

Number of Processors: 4

Work Station

Bootmode: Normal boot

Total RAM: 3070 MB (free 2463 MB - 80)

Computername: DANIEL-79459C45

Domain: WORKGROUP

User: Daniel (Administrator account)

Local Disk: C:\ - NTFS - 465 GB (free 323 GB)

CD \ DVD Drive: D:\

Bootdevice: \Device\HarddiskVolume1

Windows update:

Country: United Kingdom

Language: ENG

==== System Specs (Software) ======================

Default Browser: Firefox 32.0.3

Internet Explorer version: 8.0.6001.18702

Mozilla Firefox version: 32.0.3 (x86 en-US)

Google Chrome version: 37.0.2062.124

Adobe Reader version: 10.1.11.8

Sun Java version: 1.7.0_51 (32-bit)

Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\windows ====

2014-09-27 15:39:18 FCF614397D8FE50DB0FFB9BAB48FCD84 32618 ----a-w- C:\windows\SchedLgU.Txt

2014-09-24 11:39:38 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\windows\PEV.exe

2014-09-24 11:39:38 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\windows\grep.exe

2014-09-24 11:39:38 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\windows\zip.exe

2014-09-24 11:39:38 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\windows\SWSC.exe

2014-09-24 11:39:38 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\windows\MBR.exe

====== C:\DOCUME~1\Daniel\LOCALS~1\Temp ====

2014-09-30 18:16:44 D7AD0AD3162BCD50E1D2E462E8C748EA 264488 ----a-w- C:\Documents and Settings\Daniel\Local Settings\temp\MSS\3.8.150.1\McInstallerRes.dll

2014-09-30 18:16:44 9BD51360CB8F1A2206642599D40FD258 419048 ----a-w- C:\Documents and Settings\Daniel\Local Settings\temp\MSS\3.8.150.1\mcbrwsr2.dll

2014-09-30 18:16:44 7A5A07D9A323DFD9097C9CF39E6802E6 153760 ----a-w- C:\Documents and Settings\Daniel\Local Settings\temp\MSS\3.8.150.1\McInstallerRes_LD.dll

2014-09-30 18:16:44 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Documents and Settings\Daniel\Local Settings\temp\MSS\3.8.150.1\McUICnt.exe

2014-09-30 18:16:44 26FD227409FB73C4D958602B8A3EFFA0 577632 ----a-w- C:\Documents and Settings\Daniel\Local Settings\temp\MSS\3.8.150.1\McInstallerStartup.dll

====== Java Cache =====

====== C:\windows\system32 =====

2014-09-28 12:08:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\windows\System32\tmp.txt

2014-09-28 12:08:01 D23F4523637FDCBE48434FAA02BC20B0 1932 ----a-w- C:\windows\System32\tmp.reg

2014-09-28 12:06:13 CEBEF7E3612A75D15C73E8CA71D012AE 80384 ----a-w- C:\windows\System32\o4Patch.exe

2014-09-28 12:06:13 C02562A732F0223082D4CCFC7D4F23DF 78336 ----a-w- C:\windows\System32\Agent.OMZ.Fix.exe

2014-09-28 12:06:13 9769AB38CB77C9914C25B8141A2A3FBE 82944 ----a-w- C:\windows\System32\IEDFix.C.exe

2014-09-28 12:06:13 81BC780E5FD520838C6A417840127635 87552 ----a-w- C:\windows\System32\VACFix.exe

2014-09-28 12:06:13 799A9EA3FFB220780AE3D3C11B08D067 82944 ----a-w- C:\windows\System32\IEDFix.exe

2014-09-28 12:06:13 61FD593673225697D091DE2DDD2E9E47 82432 ----a-w- C:\windows\System32\404Fix.exe

2014-09-28 12:06:12 FC041F7D1341EEE456F1FA1A256CD24F 288417 ----a-w- C:\windows\System32\SrchSTS.exe

2014-09-28 12:06:12 D726E152E257A1AB819F88312EC69620 289144 ----a-w- C:\windows\System32\VCCLSID.exe

2014-09-28 12:06:12 C16B1595E3C2FFC875EF28BF66EC557F 40960 ----a-w- C:\windows\System32\swsc.exe

2014-09-28 12:06:12 811F5C625680CF858891407DB7A8FC67 75776 ----a-w- C:\windows\System32\WS2Fix.exe

2014-09-28 12:06:12 7397F6EE4A9601A123B645C0CD428017 53248 ----a-w- C:\windows\System32\Process.exe

2014-09-28 12:06:12 21868B2D22C726D94D98F15825D4134B 51200 ----a-w- C:\windows\System32\dumphive.exe

====== C:\windows\system32\drivers =====

====== C:\windows\Tasks ======

====== C:\windows\Temp ======

======= C:\Program Files =====

2014-09-29 15:28:02 -------- d-----w- C:\Program Files\Trend Micro

======= C: =====

2014-09-28 12:07:29 6B31DB4CED4791A86346D8EA81CE3323 4190 ----a-w- C:\rapport.txt

====== C:\Documents and Settings\Daniel\Application Data ======

2014-09-13 13:40:22 -------- d-----w- C:\Documents and Settings\Daniel\Local Settings\Application Data\DCS

====== C:\Documents and Settings\Daniel ======

2014-09-30 06:21:09 8AB4392E077DCC236403B8B20D4C44DD 1100288 ----a-w- C:\Documents and Settings\Daniel\Desktop\FRST.exe

2014-09-27 15:41:08 -------- d-sh--w- C:\Documents and Settings\NetworkService\Cookies

2014-09-27 15:39:25 -------- d-sh--w- C:\windows\system32\config\systemprofile\Cookies

2014-09-27 15:39:18 -------- d-sh--w- C:\Documents and Settings\LocalService\Cookies

2014-09-27 15:31:17 -------- d--h--r- C:\Documents and Settings\Daniel\Recent

====== C: exe-files ==

2014-09-30 18:16:44 74557BFD04530E512DBB9C151C4DA110 499384 ----a-w- C:\Documents and Settings\Daniel\Local Settings\temp\MSS\3.8.150.1\McUICnt.exe

2014-09-30 06:21:09 8AB4392E077DCC236403B8B20D4C44DD 1100288 ----a-w- C:\Documents and Settings\Daniel\Desktop\FRST.exe

2014-09-30 06:18:46 8AB4392E077DCC236403B8B20D4C44DD 1100288 ----a-w- C:\Documents and Settings\Daniel\My Documents\Downloads\FRST.exe

2014-09-28 18:06:48 9689A7E5F79A661E8BAA83819482A33E 54072 ----a-w- C:\Documents and Settings\Daniel\Desktop\mbar\mbamdor.exe

2014-09-28 18:06:48 830259CA42B59F809F1E01BAF29FA4A2 1184056 ----a-w- C:\Documents and Settings\Daniel\Desktop\mbar\mbar.exe

2014-09-28 18:06:48 5F9B2112F55EC84DBF4C5DAA8CA58402 821560 ----a-w- C:\Documents and Settings\Daniel\Desktop\mbar\Plugins\fixdamage.exe

2014-09-28 18:05:39 DFF72B75746001A9060AB2B80310012E 14349744 ----a-w- C:\Documents and Settings\Daniel\My Documents\Downloads\mbar-1.07.0.1012.exe

2014-09-28 11:48:55 13B1EC5EA6B9CFD157C7D7B6FE747B6F 1885088 ----a-w- C:\Documents and Settings\Daniel\My Documents\Downloads\SmitfraudFix.exe

2014-09-27 11:49:33 6613D13DC95EBB61ACA8536017CB9E8E 490136 ----a-w- C:\Program Files\stinger\mfehidin.exe

2014-09-27 11:28:31 91E89EB0D8371178A92E053BDC7AB04F 155416856 ----a-w- C:\Documents and Settings\Daniel\My Documents\Downloads\evpayz3y.exe

2014-09-27 11:23:51 82AD421BAB03C8B5BFA4AE2899D5CD34 11045744 ----a-w- C:\Documents and Settings\Daniel\My Documents\Downloads\stinger32(1).exe

2014-09-25 01:51:06 7CA4092A339EA30DE8FF06D3FF79D6ED 749648 ----a-w- C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.124\37.0.2062.124_37.0.2062.120_chrome_updater.exe

2014-09-24 08:57:48 483962C296153EB42BC2F9AF222945CC 1024790 ----a-w- C:\Documents and Settings\Daniel\My Documents\Downloads\JRT.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1229272821-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"ctfmon.exe"="C:\windows\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"ctfmon.exe"="C:\windows\system32\ctfmon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AdobeARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APSDaemon"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ctfmon"

"hkey"="HKCU"

"command"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleUpdate"

"hkey"="HKCU"

"command"="\"C:\\Documents and Settings\\Daniel\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ITSecMng]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ItSecMng"

"hkey"="HKLM"

"command"="%ProgramFiles%\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe /START"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvCpl"

"hkey"="HKLM"

"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NvMediaCenter"

"hkey"="HKLM"

"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ProfilerU]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ProfilerU"

"hkey"="HKLM"

"command"="C:\\Program Files\\Saitek\\SD6\\Software\\ProfilerU.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QTTask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RTHDCPL"

"hkey"="HKLM"

"command"="RTHDCPL.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SaiMfd]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SaiMfd"

"hkey"="HKLM"

"command"="C:\\Program Files\\Saitek\\SD6\\Software\\SaiMfd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GoogleToolbarNotifier"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoCAD Startup Accelerator.lnk"

"backup"="C:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"

"command"="C:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "

"item"="AutoCAD Startup Accelerator"

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 21:29]

C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [17/02/2012 18:31]

C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [17/02/2012 18:31]

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003Core.job --a------ C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [17/02/2012 15:44]

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-57989841-839522115-1003UA.job --a------ C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [17/02/2012 15:44]

C:\windows\tasks\Microsoft Windows XP End of Service Notification Logon.job --a------ [undetermined Task]

C:\windows\tasks\Microsoft Windows XP End of Service Notification Monthly.job --a------ C:\windows\system32\xp_eos.exe [26/02/2014 02:59]

C:\windows\tasks\MyDefrag v4.3.1 Daily.job --a------ [undetermined Task]

C:\windows\tasks\MyDefrag v4.3.1 Monthly.job --a------ [undetermined Task]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\online_banking@kaspersky.com" [19/05/2014 09:35]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4x8eqyg5.default-1395688218937

- Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\anti_banner@kaspersky.com

ProfilePath: C:\Documents and Settings\Daniel\Application Data\Thunderbird\Profiles\tu99gdji.default

- Google Calendar Tab - %ProfilePath%\extensions\googlecalendartab@momo.xpi

- Mail Merge - %ProfilePath%\extensions\mailmerge@example.net.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\4x8eqyg5.default-1395688218937

DFC9460CC37E5C414DC4680B10C19E7A - C:\windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash

9419AA8A2799526EC32B473C2BB7A10D - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

F51ECBBA611C75E47578295D5241630F - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

D654525C0902C21118AD29217E4ECB49 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

FB5621842FDABF9F8359775573498FBC - C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update

FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update

A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U51

9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13

9D4A0B314CB9CF134CA27E1E0217E51E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

EEEB86077BB4682B3FCFEDA5AED3E396 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4

BADFB0DCCD9B7E9F2F6EB7954D24EED1 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4

1153F58FACBC9731AF6CDF313F76DF29 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4

9E4F520270BF7301CC24E8FA67791C22 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4

E50A1DB5DE70D656287511297B42F9F2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[14/01/2013 14:43]

hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\online_banking_chrome.crx[14/01/2013 14:43]

hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx[14/01/2013 14:43]

jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx[22/07/2013 15:24]

lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]

pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\ab.crx[14/01/2013 14:43]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=60 folders=11 12425077 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully

C:\Documents and Settings\Daniel\Local Settings\temp will be emptied at reboot

C:\Documents and Settings\Default User\Local Settings\temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully

C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied

C:\DOCUME~1\Daniel\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 30/09/2014 at 20:25:41.03 ======================

Link to post
Share on other sites

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No FileSearchScopes: HKLM - DefaultScope value is missing.Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No FileCMD: ipconfig /flushdnsEmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-09-2014
Ran by Daniel at 2014-10-01 07:50:45 Run:3
Running from C:\Documents and Settings\Daniel\Desktop\FR
Loaded Profile: Daniel (Available profiles: Daniel & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
CMD: ipconfig /flushdns
EmptyTemp:
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => Value not found.
"HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => Key not found.

=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========

EmptyTemp: => Removed 13 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

ESET Results

 

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7c7aa20dc8125e40840d6f0c95a8795e
# engine=20379
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-01 08:23:40
# local_time=2014-10-01 09:23:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=337800
# found=15
# cleaned=0
# scan_time=4756
sh=75D8346BAE87C66C3E78CA024ED07AC06049CE24 ft=1 fh=9ea2d1131a55effc vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\Daniel\Application Data\Search Protection\Uninstall.exe.vir"
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\ccsetup315.exe"
sh=9663CAB5F4802FDAD8C719864F2E390BB99F195C ft=1 fh=02a711254bf91c09 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\ccsetup316.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\ccsetup326.exe"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\ccsetup400.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\ccsetup402.exe"
sh=F3CBD24F22043C7D99BB1AF79BA0195EC12BC137 ft=1 fh=7a4c33456738eee1 vn="multiple threats" ac=I fn="C:\Documents and Settings\Daniel\My Documents\Downloads\ErrorEND_Pro_Installer.exe"
sh=EC38A071476860D3DA681052AF62B3BE377FEC73 ft=1 fh=68c299741b777df3 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\Downloads\FreeYouTubeToMP3Converter.exe"
sh=EEBB02CE4B740B3A6565917A604B3693400264B2 ft=1 fh=38f672b50a552c3a vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\Documents and Settings\Daniel\My Documents\Downloads\SmitfraudFix.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{E93139C4-7C5C-498F-A57B-75273A7C8340}\RP221\A0398882.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{E93139C4-7C5C-498F-A57B-75273A7C8340}\RP222\A0401239.exe"
sh=6B1401729469E1FE5512F517F79345FC655A89DD ft=1 fh=ba110ac62a417598 vn="a variant of Win32/AdWare.ErrorEND.A application" ac=I fn="C:\System Volume Information\_restore{E93139C4-7C5C-498F-A57B-75273A7C8340}\RP222\A0401462.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{E93139C4-7C5C-498F-A57B-75273A7C8340}\RP223\A0402708.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\System Volume Information\_restore{E93139C4-7C5C-498F-A57B-75273A7C8340}\RP224\A0404035.exe"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\WINDOWS\system32\Process.exe"
 

Link to post
Share on other sites

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).

    Copy and paste its contents in your next reply.

Link to post
Share on other sites

Hi,
 

24-09-2014 10:51:32 System Checkpoint25-09-2014 19:03:24 System Checkpoint27-09-2014 09:59:30 System Checkpoint28-09-2014 11:15:24 Restore Operation28-09-2014 11:33:28 Restore Operation28-09-2014 16:11:47 Restore Operation28-09-2014 18:38:15 Restore Operation29-09-2014 11:15:55 Restore Operation29-09-2014 12:09:51 Restore Operation29-09-2014 15:28:01 Installed HiJackThis

There are restore points.

 

http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.