Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware or malware associated with Delta Search?


  • This topic is locked This topic is locked
16 replies to this topic

#1 Lakes

Lakes

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 11 September 2013 - 11:24 PM

Both Firefox and Chrome browsers load web pages very slowly or "web page not found/ timed out etc" and my machine is very slow to boot up. I cannot use my bookmarks to navigate and have to type in even my email client's na,e into google just to sign in. I'm almost certain this must be an adware or malware problem I have since I inadvertantly installed Delta Search when I was installing something. I have subsequently uninstalled it in add/remove but it is still there. I have run Bleechbit, Malwarebytes which came up with 15 threats (PUP) and Spybot search and destroy which found a few moderate threats but the problem persists.

I am running Microsoft Windows XP Media Center Edition Version 2008 Service Pack three with AMD™ Sempron processor 3500+ (201 GHz/ 225 GB of RAM) with Panda anti virus.

 

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:23:18, on 12/09/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-1214440339-1957994488-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7292 bytes
 


Edited by Lakes, 12 September 2013 - 10:09 AM.


BC AdBot (Login to Remove)

 


#2 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 13 September 2013 - 11:06 AM

This problem still persists and I am having a very difficult time with getting online as I keep getting timed out. I have had a look at the advice on this page: http://malwaretips.com/blogs/remove-delta-search/ but I don't want to start doing anything that I'm not too sure about. Here is an updated Hijackthis log report:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:03:45, on 13/09/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-1214440339-1957994488-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7530 bytes
 



#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 16 September 2013 - 09:19 AM

Hi Lakes,

Sorry for the delay in response to your thread.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.


Step 1
Recommendation.
We stopped recommending Spybot Search & Destory some time ago due to poor testing results.
As you have MBAM installed, SS&D really isn't needed.
I recommend you uninstall it.


Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 3
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
JRT.txt
AdwCleaner report
and both reports from OTL


Thanks.

BBPP6nz.png


#4 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 16 September 2013 - 11:54 AM

Thank you very much Starbuck. The AdwCleaner came up empty and it said "Pending" when I hit clean so I'm not sure if I should have waited but here are the logs anyway. I have uninstalled Spybot Search & Destroy and disabled Panda while I was running the apps you specified. Here are the Logs:

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Simon on 16/09/2013 at 16:51:06.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\staged"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/09/2013 at 16:57:37.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner report

 

# AdwCleaner v3.004 - Report created 16/09/2013 at 17:15:08

# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Simon - FUNNY-90F7F5F9E
# Running from : C:\Documents and Settings\Simon\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [988 octets] - [16/09/2013 17:03:37]
AdwCleaner[S0].txt - [910 octets] - [16/09/2013 17:15:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [969 octets] ##########
 

OTL. Txt

 

OTL logfile created on: 16/09/2013 17:32:50 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Simon\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.25 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 65.77% Memory free
4.10 Gb Paging File | 3.43 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.44 Gb Total Space | 12.12 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive D: | 27.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: FUNNY-90F7F5F9E | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Simon\My Documents\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe (3Connect)
PRC - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\pdf.dll ()
MOD - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\libglesv2.dll ()
MOD - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\libegl.dll ()
MOD - C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\ffmpegsumo.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
MOD - C:\Program Files\3 Mobile Broadband\3Connect\SocketMgr.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PSUAService) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (BecHelperService) -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (yukonwxp) -- system32\DRIVERS\yk51x86.sys File not found
DRV - (WudfRd) -- C:\WINDOWS\system32\wudfrd.sys File not found
DRV - (WudfPf) -- C:\WINDOWS\system32\WudfPf.sys File not found
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (filtertdidriver) -- system32\drivers\ewfiltertdidriver.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (Changer) --  File not found
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (NNSHTTPS) -- C:\WINDOWS\system32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\WINDOWS\system32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\WINDOWS\system32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\WINDOWS\system32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\WINDOWS\system32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\WINDOWS\system32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\WINDOWS\system32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\WINDOWS\system32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSPIHS) -- C:\WINDOWS\system32\drivers\NNSpihs.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\WINDOWS\system32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\WINDOWS\system32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\WINDOWS\system32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\WINDOWS\system32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (NNSNAHS) -- C:\WINDOWS\system32\drivers\NNSNAHS.sys (Panda Security, S.L.)
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_cdcacm) -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\System32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B26BF5F0-D37B-4523-8C9C-6B3E9657FB9F}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=407453"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: wcapturex%40deskperience.com:5.0.4406
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/10 04:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/12 05:51:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/12 05:51:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/10 04:22:20 | 000,000,000 | ---D | M]
 
[2012/12/25 23:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Extensions
[2013/09/12 02:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions
[2013/03/31 23:37:23 | 000,615,655 | ---- | M] () (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\testpilot@labs.mozilla.com.xpi
[2013/08/01 00:05:54 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/18 19:15:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\searchplugins\yahoo.xml
[2013/09/16 16:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/12 05:51:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/12 05:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/12 05:51:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/12 05:51:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/10 04:22:20 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
[2012/02/10 18:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: PicBadges = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.7_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/07 00:31:51 | 000,445,502 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15325 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SlimDrivers] C:\Program Files\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/09 19:37:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/23 19:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/07/22 12:37:40 | 000,027,750 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/03/23 19:17:40 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/16 17:18:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/09/16 17:17:52 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2013/09/16 17:03:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/16 16:16:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/16 12:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Pininterest
[2013/09/16 11:30:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Simon\IECompatCache
[2013/09/15 18:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\nEW rON
[2013/09/14 23:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\be gam
[2013/09/14 21:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\PPH
[2013/09/14 14:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\New shirts
[2013/09/12 05:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/12 04:59:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\dreamstime
[2013/09/12 02:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/09/12 02:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/09/12 01:29:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Local Settings\Application Data\avgchrome
[2013/09/10 10:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Clean up
[2013/09/07 12:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Time flies
[2013/09/07 10:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Time slow
[2013/09/06 22:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Party Peeps logo
[2013/09/06 10:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Napkins 72 dpi
[2013/09/05 19:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Cocktail napkins
[2013/09/02 15:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Blueprints
[2013/09/02 10:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\SL PP banner
[2013/09/02 10:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Nutz Zazzle banner
[2013/08/31 21:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Zazzle PPeeps
[2013/08/31 14:04:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\New Folder
[2013/08/31 11:45:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\September
[2013/08/28 19:21:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\Newz
[2013/08/25 18:14:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\New Nutz
[2013/08/22 17:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\New NW
[2013/06/20 17:19:13 | 005,369,040 | ---- | C] (PC Cleaners) -- C:\Documents and Settings\All Users\Application Data\pclunst.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/16 17:25:01 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AC9760B5-E4A4-4449-A33E-347A5925D556}.job
[2013/09/16 17:18:30 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/09/16 17:18:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/16 17:17:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/16 17:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/09/16 16:57:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/09/16 16:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/16 12:47:25 | 000,021,380 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\5872fbfe6b0f961d485fedea81044b73.jpg
[2013/09/15 21:01:36 | 000,060,914 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\1237119_499693523456901_2021289358_n.jpg
[2013/09/15 18:46:26 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\EZ Fonts.lnk
[2013/09/14 18:30:24 | 000,039,340 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\551118_524874324248683_1979011049_n.jpg
[2013/09/14 15:00:12 | 000,057,650 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Party Peeps Google.jpg
[2013/09/14 13:50:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/14 13:50:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/13 19:17:29 | 000,289,407 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Flamingo invite.jpg
[2013/09/13 19:14:34 | 000,895,405 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Flamingo.jpg
[2013/09/13 03:15:15 | 000,354,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/12 02:29:40 | 000,007,186 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/09/06 10:25:02 | 003,998,761 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Simon Lake cocktail napkin designs.zip
[2013/09/04 12:03:31 | 000,109,538 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\zazzle logo.jpg
[2013/09/01 17:53:29 | 000,057,319 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Poster.jpg
[2013/09/01 15:09:11 | 000,837,852 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\sharky.jpg
[2013/08/31 16:07:38 | 000,064,231 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\weebly.jpg
[2013/08/20 13:19:40 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/16 12:47:25 | 000,021,380 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\5872fbfe6b0f961d485fedea81044b73.jpg
[2013/09/15 21:01:35 | 000,060,914 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\1237119_499693523456901_2021289358_n.jpg
[2013/09/14 18:30:22 | 000,039,340 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\551118_524874324248683_1979011049_n.jpg
[2013/09/14 15:00:11 | 000,057,650 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Party Peeps Google.jpg
[2013/09/13 19:17:27 | 000,289,407 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Flamingo invite.jpg
[2013/09/13 18:57:48 | 000,895,405 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Flamingo.jpg
[2013/09/11 23:00:22 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2013/09/11 22:57:03 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/09/10 10:29:39 | 000,310,758 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Latte Baby coffee coaster.jpg
[2013/09/06 10:24:28 | 003,998,761 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Simon Lake cocktail napkin designs.zip
[2013/09/04 12:03:29 | 000,109,538 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\zazzle logo.jpg
[2013/09/01 17:53:26 | 000,057,319 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Poster.jpg
[2013/09/01 15:09:09 | 000,837,852 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\sharky.jpg
[2013/08/31 16:07:37 | 000,064,231 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\weebly.jpg
[2013/08/20 13:19:40 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YTD Video Downloader.lnk
[2013/08/12 13:38:06 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\file__0.localstorage
[2013/04/02 16:09:58 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2013/04/02 16:09:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2013/03/18 13:11:15 | 002,216,480 | ---- | C] () -- C:\WINDOWS\System32\wweb32.dll
[2012/11/22 17:49:30 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/11/22 17:01:15 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/11/22 16:30:53 | 000,007,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2012/11/22 15:59:28 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/10/29 18:45:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/09/29 01:03:52 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Simon\.recently-used.xbel
[2012/09/15 14:29:04 | 000,000,178 | RHS- | C] () -- C:\WINDOWS\System32\thssdk32.sys
[2012/09/10 20:54:10 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-P9ST5.exe
[2012/09/04 20:49:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0x0304A000.sfl
[2012/05/16 16:31:50 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/16 16:31:50 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/16 16:31:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/14 11:57:07 | 000,022,440 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\2035822_Setup.crx
[2012/05/13 11:30:11 | 000,007,186 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/08 10:03:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/03/07 06:51:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/05 22:14:30 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 11:53:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/15 17:33:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 07:07:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\fusioncache.dat
[2012/02/09 22:40:00 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/09 20:11:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/09 20:06:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/02/09 20:03:05 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.fx.cleanup.xml
[2012/02/09 20:03:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.ie.cleanup.xml
[2012/02/09 20:03:05 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.fx.toolbars.xml
[2012/02/09 20:03:05 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.ie.toolbars.xml
[2012/02/09 20:02:58 | 000,011,653 | -H-- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\seuf.yda
[2012/02/09 19:58:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/09 19:40:42 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012/02/09 19:34:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/09 19:31:39 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2012/02/09 19:12:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/09 19:09:58 | 000,354,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2012/02/09 19:37:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/20 04:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/02/15 17:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2F214
[2013/04/16 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/22 20:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/05/02 01:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/02 16:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2012/02/10 11:46:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/10 16:33:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/09/02 16:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/02/13 12:12:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/02/10 16:34:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2012/12/25 05:02:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/16 12:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2013/07/10 14:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/05/02 01:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/06/20 16:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/05/02 00:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/16 18:21:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/09/15 14:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.bittorrent
[2012/05/12 23:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.Tribler
[2013/04/16 18:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\AVG
[2013/07/11 10:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Azureus
[2013/04/02 16:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Birdstep Technology
[2012/02/11 11:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\BleachBit
[2012/09/11 22:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\blekkotb_019
[2012/02/13 12:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Canon
[2013/08/12 13:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Imagitech
[2012/10/02 02:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\inkscape
[2012/09/15 16:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ipodderX
[2012/09/09 06:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Marine Aquarium Lite
[2012/02/14 13:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\mediabarbs
[2012/06/19 15:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Oracle
[2012/02/11 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Panda Security
[2012/11/22 15:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SecondLife
[2012/02/09 20:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Styler
[2012/02/13 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\T-Mobile
[2012/02/13 17:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\T-Mobile Internet Manager
[2012/05/14 05:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\thejokeapp.com
[2012/12/25 05:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TuneUp Software
[2013/08/15 14:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\uTorrent
[2012/02/11 12:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\wincorebsband
[2013/04/14 21:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\WinPatrol
[2012/07/05 21:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\wtxpcom
[2013/08/30 01:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Zoichy
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/08/30 00:43:34 | 000,000,000 | ---- | M] () -- C:\#$%^.txt
[2012/09/11 20:57:21 | 000,007,371 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/12/04 12:32:58 | 000,011,479 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/04/10 17:22:37 | 000,006,431 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2012/02/09 19:37:07 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/02/09 19:28:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/09/13 07:11:34 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/09 19:37:07 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/07/10 14:53:17 | 000,000,000 | ---- | M] () -- C:\Cookies
[2008/04/08 11:46:45 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\devcon.exe
[2008/05/02 10:11:10 | 000,364,721 | ---- | M] () -- C:\DPsFnshr.exe
[2008/07/30 20:38:57 | 000,000,630 | ---- | M] () -- C:\DPsFnshr.ini
[2008/05/14 06:02:31 | 000,000,770 | ---- | M] () -- C:\DriverPack_LAN_wnt5_x86-32.ini
[2008/06/01 03:02:09 | 000,075,188 | ---- | M] () -- C:\DriverPack_MassStorage_wnt5_x86-32.ini
[2008/05/02 10:11:14 | 000,282,725 | ---- | M] () -- C:\DSPdsblr.exe
[2012/02/09 20:03:23 | 000,010,405 | ---- | M] () -- C:\hwids.dat
[2012/02/09 19:37:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/08 11:46:45 | 000,020,992 | ---- | M] () -- C:\makePNF.exe
[2012/02/09 19:37:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/08 11:46:45 | 000,137,728 | ---- | M] () -- C:\mute.exe
[2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/09/16 17:17:31 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/05/02 10:11:17 | 000,235,131 | ---- | M] () -- C:\pmtimer.exe
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/03/31 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD9F.DLL
[2008/03/31 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP9F.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2012/02/09 19:09:21 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/02/09 19:09:21 | 001,081,344 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/02/09 19:09:21 | 000,917,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\* >
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/12 05:51:39 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/12 05:51:39 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/12 05:51:39 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/12 05:51:42 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/12 05:51:42 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/12 05:51:42 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\shell\open\command\\: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/09/12 05:51:39 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/09/12 05:51:39 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/09/12 05:51:39 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/09/12 05:51:42 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/09/12 05:51:42 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/09/12 05:51:42 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.CNHMEQ33CIMTMMNLQXPR5G5NMY\shell\open\command\\: "C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/08/15 07:28:51 | 000,847,312 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5632 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:gs5sys
@Alternate Data Stream - 5120 bytes -> C:\Documents and Settings\All Users\Templates:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Documents and Settings\Simon\Templates:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Documents and Settings\Simon\Cookies:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Documents and Settings\Simon\My Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Documents and Settings\Simon\Desktop:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Documents and Settings\Simon\Application Data\desktop.ini:gs5sys
 
< End of report >
 
Extras. Txt
 

OTL Extras logfile created on: 16/09/2013 17:32:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Simon\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.25 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 65.77% Memory free
4.10 Gb Paging File | 3.43 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.44 Gb Total Space | 12.12 Gb Free Space | 27.27% Space Free | Partition Type: NTFS
Drive D: | 27.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: FUNNY-90F7F5F9E | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.CNHMEQ33CIMTMMNLQXPR5G5NMY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"3188:UDP" = 3188:UDP:*:Enabled:UDP 3188
"6286:TCP" = 6286:TCP:*:Enabled:TCP 6286
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\qBittorrent\qbittorrent.exe" = C:\Program Files\qBittorrent\qbittorrent.exe:*:Enabled:qBittorrent - A Bittorrent Client
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series" = Canon MP480 series MP Drivers
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}" = SlimDrivers
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{423A9ABA-E167-42F4-9715-485F17843750}" = Panda Cloud Antivirus
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5499A827-E4C8-49B8-8462-4C0E5CA976A5}" = CITB-ConstructionSkills
"{64C6A195-AC43-4AA7-BA10-C1373B8B2DFC}_is1" = Health, safety and environment test download for operatives and specialists 2013 edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BleachBit" = BleachBit
"Canon MP480 series User Registration" = Canon MP480 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"Redtube Video Downloader_is1" = Redtube Video Downloader 3.29
"Revo Uninstaller" = Revo Uninstaller 1.94
"VLC media player" = VLC media player 2.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WheelMouse" = Advanced Wheel Mouse 6.0.0.008
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/09/2013 22:09:25 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 SP1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
 could not be installed. Error code 1603. Additional information is available in
 the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error - 12/09/2013 22:09:26 | Computer Name = FUNNY-90F7F5F9E | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 15/09/2013 05:43:08 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 SP1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1 SP1.  The Windows installer
 cannot continue.
 
Error - 15/09/2013 05:43:11 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 SP1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
 could not be installed. Error code 1603. Additional information is available in
 the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error - 15/09/2013 05:43:11 | Computer Name = FUNNY-90F7F5F9E | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 15/09/2013 22:00:53 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 SP1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1 SP1.  The Windows installer
 cannot continue.
 
Error - 15/09/2013 22:00:55 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 SP1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
 could not be installed. Error code 1603. Additional information is available in
 the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error - 15/09/2013 22:00:57 | Computer Name = FUNNY-90F7F5F9E | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 16/09/2013 11:50:15 | Computer Name = FUNNY-90F7F5F9E | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.6.0.106, faulting module
 kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.
 
Error - 16/09/2013 11:50:19 | Computer Name = FUNNY-90F7F5F9E | Source = Application Error | ID = 1001
Description = Fault bucket -607506085.
 
[ System Events ]
Error - 16/09/2013 07:57:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 08:00:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 08:57:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 09:00:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 09:57:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 10:00:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 10:57:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 11:00:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 11:57:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error:   %%2147942403
 
Error - 16/09/2013 12:00:00 | Computer Name = FUNNY-90F7F5F9E | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error:   %%2147942403
 
 
< End of report >
 

 



#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 16 September 2013 - 03:26 PM

Thanks for that Lakes


Step 1
Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
DRV - (yukonwxp) -- system32\DRIVERS\yk51x86.sys File not found
DRV - (WudfRd) -- C:\WINDOWS\system32\wudfrd.sys File not found
DRV - (WudfPf) -- C:\WINDOWS\system32\WudfPf.sys File not found
DRV - (hwusbfake) -- system32\DRIVERS\ewusbfake.sys File not found
DRV - (filtertdidriver) -- system32\drivers\ewfiltertdidriver.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2012/02/15 17:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2F214
[2013/04/16 18:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/22 20:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/05/02 01:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/04/16 18:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\AVG
[2012/09/15 14:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.bittorrent
[2013/07/11 10:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Azureus
[2013/08/15 14:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\uTorrent
@Alternate Data Stream - 5632 bytes -> C:\Documents and Settings\All Users\Application Data\desktop.ini:gs5sys
@Alternate Data Stream - 5120 bytes -> C:\Documents and Settings\All Users\Templates:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Documents and Settings\Simon\Templates:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Documents and Settings\Simon\Cookies:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Documents and Settings\All Users\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Documents and Settings\Simon\My Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Documents and Settings\Simon\Desktop:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Documents and Settings\Simon\Application Data\desktop.ini:gs5sys

:Files
C:\WINDOWS\tasks\At*.job
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles



Step 2
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.



    In your next reply, please submit:
    Otl fix report
    Combofix.txt


    Thanks.

BBPP6nz.png


#6 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 16 September 2013 - 06:20 PM

Thanks, here are the Logs:

 

Otl fix report

 

All processes killed

========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File  %SystemRoot%\System32\hidserv.dll File not found not found.
Service yukonwxp stopped successfully!
Service yukonwxp deleted successfully!
File  system32\DRIVERS\yk51x86.sys File not found not found.
Service WudfRd stopped successfully!
Service WudfRd deleted successfully!
File  C:\WINDOWS\system32\wudfrd.sys File not found not found.
Service WudfPf stopped successfully!
Service WudfPf deleted successfully!
File  C:\WINDOWS\system32\WudfPf.sys File not found not found.
Service hwusbfake stopped successfully!
Service hwusbfake deleted successfully!
File  system32\DRIVERS\ewusbfake.sys File not found not found.
Service filtertdidriver stopped successfully!
Service filtertdidriver deleted successfully!
File  system32\drivers\ewfiltertdidriver.sys File not found not found.
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File  C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\2F214 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG\AWL\Program Statistics folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG\AWL folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013\IDS\quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013\IDS\config folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013\IDS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013 folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG\AWL2012\TuningIndex folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG\AWL2012\StartUp Manager folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG\AWL2012\Speed Optimizer folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG\AWL2012\Dashboard folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG\AWL2012\Backups folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG\AWL2012 folder moved successfully.
C:\Documents and Settings\Simon\Application Data\AVG folder moved successfully.
C:\Documents and Settings\Simon\Application Data\.bittorrent\data\resume folder moved successfully.
C:\Documents and Settings\Simon\Application Data\.bittorrent\data\metainfo folder moved successfully.
C:\Documents and Settings\Simon\Application Data\.bittorrent\data folder moved successfully.
C:\Documents and Settings\Simon\Application Data\.bittorrent folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\torrents folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\tmp folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\stats\2013\07 folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\stats\2013 folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\stats folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\shares folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\rss folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\plugins\azutp\x64 folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\plugins\azutp\win32 folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\plugins\azutp folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\plugins\azupnpav folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\plugins folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\net folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\logs folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\dht folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\devices folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus\active folder moved successfully.
C:\Documents and Settings\Simon\Application Data\Azureus folder moved successfully.
C:\Documents and Settings\Simon\Application Data\uTorrent folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\desktop.ini:gs5sys deleted successfully.
ADS C:\Documents and Settings\All Users\Templates:gs5sys deleted successfully.
ADS C:\Documents and Settings\Simon\Templates:gs5sys deleted successfully.
ADS C:\Documents and Settings\Simon\Cookies:gs5sys deleted successfully.
ADS C:\Documents and Settings\All Users\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Documents and Settings\Simon\My Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Documents and Settings\Simon\Desktop:gs5sys deleted successfully.
ADS C:\Documents and Settings\Simon\Application Data\desktop.ini:gs5sys deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Simon\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Simon\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temporary Internet Files folder emptied: 69967 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Simon
->Temp folder emptied: 1106698986 bytes
->Temporary Internet Files folder emptied: 9096010 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74947459 bytes
->Google Chrome cache emptied: 275060899 bytes
->Flash cache emptied: 1010 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 936710 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3902461 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2683687 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 127291928 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 31062160 bytes
 
Total Files Cleaned = 1,556.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09162013_233219
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

 

 

Combofix.txt

 

ComboFix 13-09-16.01 - Simon 17/09/2013   0:05.7.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2303.1713 [GMT 1:00]
Running from: c:\documents and settings\Simon\My Documents\Downloads\Combo-Fix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\Simon\WINDOWS
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-16 to 2013-09-16  )))))))))))))))))))))))))))))))
.
.
2013-09-16 23:00 . 2013-09-16 23:00 -------- d-----w- c:\windows\LastGood
2013-09-16 23:00 . 2012-11-07 08:00 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-09-16 22:32 . 2013-09-16 22:32 -------- d-----w- C:\_OTL
2013-09-16 22:27 . 2013-09-16 22:27 -------- d-----w- c:\program files\AAALOGO
2013-09-16 16:03 . 2013-09-16 16:15 -------- d-----w- C:\AdwCleaner
2013-09-16 15:16 . 2013-09-16 15:16 -------- d-----w- c:\windows\ERUNT
2013-09-16 10:30 . 2013-09-16 10:30 -------- d-sh--w- c:\documents and settings\Simon\IECompatCache
2013-09-12 01:33 . 2013-09-12 01:33 -------- d-----w- c:\program files\Enigma Software Group
2013-09-12 01:32 . 2013-09-12 01:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-09-12 00:29 . 2013-09-12 00:29 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\avgchrome
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 23:00 . 2012-11-22 14:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-09-14 12:50 . 2013-04-16 22:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-14 12:50 . 2013-04-16 22:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-07-30 19:29 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-07-30 19:29 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-07-30 19:28 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-14 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-07-30 19:29 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2008-07-30 19:24 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-07-18 18:16 . 2013-07-18 18:16 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 02:59 . 2008-04-23 05:34 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-20 16:18 . 2013-06-20 16:19 5369040 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-07-10 29378880]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-03-05 418024]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20143688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-01-27 32480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3188:UDP"= 3188:UDP:UDP 3188
"6286:TCP"= 6286:TCP:TCP 6286
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [26/11/2012 16:48 82728]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [26/11/2012 16:48 119080]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [09/01/2013 21:45 95584]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [26/11/2012 16:48 123944]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [26/11/2012 16:48 94632]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [26/11/2012 16:48 105640]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [26/11/2012 16:48 286888]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [26/11/2012 16:48 159528]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [26/11/2012 16:48 108200]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [28/11/2012 14:04 218024]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [26/11/2012 16:48 93096]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [09/11/2012 19:01 178728]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [02/04/2013 16:10 1740696]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [27/01/2013 20:16 140512]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/02/2011 22:23 35088]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [09/11/2012 19:01 149288]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [09/11/2012 19:01 102184]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [09/11/2012 19:01 114216]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [09/11/2012 19:01 123560]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [27/01/2013 22:38 37088]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [02/04/2013 16:10 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [02/04/2013 16:10 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [02/04/2013 16:10 73216]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [22/11/2012 16:30 7040]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/08/2013 11:10 3291008]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/06/2013 09:53 162408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/05/2012 14:52 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [02/04/2013 16:10 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [02/04/2013 16:10 90112]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [22/10/2012 12:08 38824]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [22/11/2012 15:59 13464]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [26/11/2012 16:48 51496]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PSKMAD
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-16 12:50]
.
2013-09-16 c:\windows\Tasks\User_Feed_Synchronization-{AC9760B5-E4A4-4449-A33E-347A5925D556}.job
- c:\windows\system32\msfeedssync.exe [2012-02-09 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: NameServer = 217.171.132.1 217.171.132.1
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\
FF - ExtSQL: 2013-07-27 22:12; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: !HIDDEN! 2012-06-13 23:44; wcapturex@deskperience.com; c:\program files\WordWeb\WCaptureMoz
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{64C6A195-AC43-4AA7-BA10-C1373B8B2DFC}_is1 - c:\program files\Health
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-17 00:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-09-17  00:17:21
ComboFix-quarantined-files.txt  2013-09-16 23:17
.
Pre-Run: 14,404,214,784 bytes free
Post-Run: 14,372,171,776 bytes free
.
- - End Of File - - 5E6928223CBEF6788ADCBA8002DCB3DF
6AEFA2BAC284226F1A5AED86E53D7BB9


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 17 September 2013 - 11:29 AM

Hi Lakes,

Both Firefox and Chrome browsers load web pages very slowly or "web page not found/ timed out etc" and my machine is very slow to boot up. I cannot use my bookmarks to navigate and have to type in even my email client's na,e into google just to sign in

How are the original problems now?
Any better?

BBPP6nz.png


#8 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 17 September 2013 - 01:09 PM

Yes, if I select my email inbox bookmark I get "web page not available" and have to type "outlook sign in" into my browser search to access it. The Delta Search thing appears to have gone though and this is a small thing but just thought I would point it out as it's not normal. I can still use my machine.



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 17 September 2013 - 01:49 PM

if I select my email inbox bookmark I get "web page not available" and have to type "outlook sign in" into my browser search to access it.

What exactly is the email inbox bookmark?
Is it linking to your email provider?
Who is your email provider?
Do your other bookmarks work ok?

BBPP6nz.png


#10 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 17 September 2013 - 02:09 PM

As I said, it appears that the problem has been solved and I am probably just experiencing browser/ connectivity problems and not malware/ adware related now.



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 17 September 2013 - 05:17 PM

Ok Lakes, if you are sure that the browser issue is nothing to worry about.

Let's just run a double check on everything before we give you an all clear:

I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png


Please post the report in your next reply.

Thanks

BBPP6nz.png


#12 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 17 September 2013 - 08:29 PM

Thanks Starbuck, here is the report:

 

C:\Documents and Settings\Simon\My Documents\Downloads\cbsidlm-cbsi118-YTD_Video_Downloader-ORG-10647340.exe probably a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Documents and Settings\Simon\My Documents\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.BQ application cleaned by deleting - quarantined
C:\Documents and Settings\Simon\My Documents\Downloads\RedtubeVideoDownloaderv327 (1).exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Simon\My Documents\Downloads\RedtubeVideoDownloaderv327.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Simon\My Documents\Downloads\Setup (1).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined
C:\Documents and Settings\Simon\My Documents\Downloads\Setup (2).exe Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Documents and Settings\Simon\My Documents\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.CN application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B49DA629-6648-46E3-A3A0-9270229A2BE5}\RP183\A0060613.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B49DA629-6648-46E3-A3A0-9270229A2BE5}\RP186\A0060784.exe a variant of Win32/DealPly.F application cleaned by deleting - quarantined


#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 18 September 2013 - 11:33 AM

Hi Lakes,

Nothing too serious there.
A couple of infected restore points (which we would have cleaned up in the final cleanup anyway)
The rest are dodgy downloads in your Download folder. (which aren't active)
The dodgy downloads may have been the cause of your problems though.
The bad files would have become active when the program was installed.
At least they have now been removed.

One final thing before we start the final cleanup.
AVG is still showing a reference in the WMI.
Also a couple of locked registry entries.
nothing to cause any problem, but we may as well tidy them up.

Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
SecCenter::
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]


Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
cf.gif

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Once this has been done we'll start the final cleanup.

Thanks

BBPP6nz.png


#14 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:07:18 PM

Posted 18 September 2013 - 12:02 PM

Okay thanks done! Do you require the log for this? My machine is running superbly and that browser problem has gone.



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:18 AM

Posted 18 September 2013 - 02:50 PM

Hi Lakes,
 

Do you require the log for this?

No thanks, it was only a bit of 'housekeeping'.
 

My machine is running superbly and that browser problem has gone.

That's great to hear.

Let's finish off the cleaning now.
We need to remove the programs we used and create a fresh restore point.

Step 1
Restart MBAM.
Click on the Quarantine tab
If there are items in quarantine.....
Make sure everything is selected and then click Delete All.
Close MBAM.


Step 2
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
JRT and Eset Online Scanner can now be removed also.


Step 3
Please uninstall ComboFix by
Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok
cfu.png

This action will uninstall Combofix and also perform a few cleanup measures

Step 4
  • Please double-click OTL to run it.
  • You should see a CleanUp! button, press that button,

    cleanupbutton.png
  • This will cleanup an assortment of tools used during malware removal, plus itself
Note:
MBAM will not be removed if installed.


Step 5
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
To find out how you may have been infected....read this topic:
How did i get infected?



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall


Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

They offer better security, more stability, and better speed.

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users