Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My 32 bit windows xp is infected with: Win32:Evo


  • Please log in to reply
45 replies to this topic

#1 JohnLRhodes

JohnLRhodes

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 25 November 2013 - 10:13 AM

Hi I have looked over the forums for a solution to this problem, which I did find but using 'ComboFix' and combo fix scans seem to start running in the command application dialog, then crashes, crashing the whole computer making it impossible to follow the known fixes, any help would be much appreciated. Also my Avast! anti-virus software picked up the infection and since trying to tackle the infection my Avast! cannot perform full scans to even identify the virus anymore.

 

Thankyou

 

JohnLRhodes



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 28 November 2013 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 04 December 2013 - 09:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 05 December 2013 - 09:33 AM

removed
nasdaq

Edited by nasdaq, 05 December 2013 - 09:34 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 05 December 2013 - 09:33 AM

This topic has been re-opened at the request of the person who originally posted.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 05 December 2013 - 09:35 AM

Can you boot to save mode with this problem computer?

If so run the DDS tool.

If not then let me know what Operating system is installed.
Need to know to suggest correct tools.

#7 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 05 December 2013 - 09:39 AM

Ive got the PC up and running again, however the CPU usage is at 100%

 

the operating system is windows XP

 

your help is much appreciated.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 05 December 2013 - 09:45 AM

Download this tool from a good computer. Copy the file to the desktop of the problem computer. Post the log when you can.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#9 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 05 December 2013 - 09:59 AM

These are my Logs nasdaq:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version 04-12-2013 01
Ran by CLAIRE (administrator) on LEWI on 05-12-2013 145447
Running from G
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language English(US)
Internet Explorer Version 7
Boot Mode Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) CWINDOWSsystem32ati2evxx.exe
(AVAST Software) CProgram FilesAlwil SoftwareAvast5AvastSvc.exe
(Lexmark International, Inc.) CWINDOWSsystem32LexBceS.exe
(Apple Inc.) CProgram FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
(Autodesk) CProgram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
(Apple Inc.) CProgram FilesBonjourmDNSResponder.exe
(Oracle Corporation) CProgram FilesJavajre7binjqs.exe
(Kontiki Inc.) CProgram FilesKontikiKService.exe
(LogMeIn, Inc.) CProgram FilesLogMeInx86LMIGuardianSvc.exe
(Microsoft Corporation) CProgram FilesMicrosoft SQL ServerMSSQL$ACT7Binnsqlservr.exe
() CWINDOWSsystem32PSIService.exe
(Symantec Corporation) CProgram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
(AVAST Software) CProgram FilesAlwil SoftwareAvast5AvastUI.exe
(Oracle Corporation) CProgram FilesCommon FilesJavaJava Updatejusched.exe
(McAfee, Inc.) CProgram FilesMcAfee Security Scan2.1.121SSScheduler.exe
(Microsoft Corporation) CWINDOWSsystem32wuauclt.exe
(Microsoft Corporation) CWINDOWSsystem32wscntfy.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM...Run [avast] - CProgram FilesAlwil SoftwareAvast5AvastUI.exe [4241512 2012-03-06] (AVAST Software)
HKLM...Run [SunJavaUpdateSched] - CProgram FilesCommon FilesJavaJava Updatejusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM...Run [Adobe ARM] - CProgram FilesCommon FilesAdobeARM1.0AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
WinlogonNotifyLMIinit CWindowssystem32LMIinit.dll (LogMeIn, Inc.)
HKLM...PoliciesExplorer [NoCDBurning] 0
HKCU...Run [AdobeBridge] - [x]
MountPoints2 {0cfdd6f1-fe07-11db-874f-000d60b7a2ed} - EInstallTomTomHOME.exe
Startup CDocuments and SettingsAll UsersStart MenuProgramsStartupMcAfee Security Scan Plus.lnk
ShortcutTarget McAfee Security Scan Plus.lnk - CProgram FilesMcAfee Security Scan2.1.121SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer ftp=217.217.17.1121;gopher=217.217.17.1180;http=217.217.17.1180;https=217.217.17.1180
HKCUSoftwareMicrosoftInternet ExplorerMain,SearchMigratedDefaultURL = httpwww.google.comsearchq={searchTerms}&sourceid=ie7&rls=com.microsoften-US&ie=utf8&oe=utf8
HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = httpwww.microsoft.comisapiredir.dllprd=ie&ar=iesearch
HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = httpuk.msn.com
HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Secondary_Page_URL = httpwww.live.com
HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = httpwww.microsoft.comisapiredir.dllprd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = httpus.rd.yahoo.comcustomizeiedefaultssbmsgr8httpwww.yahoo.comextsearchsearch.html
SearchScopes HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = httpwww.mywebsearch.comjspcfg_redir2.jspid=ZJman000&fl=0&ptb=ule4AK1EsCkgD0yHMxPOcw&url=httpedits.mywebsearch.comtoolbareditsbarsearch.jhtml&st=sb&searchfor={searchTerms}
SearchScopes HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = httpwww.mywebsearch.comjspcfg_redir2.jspid=ZJman000&fl=0&ptb=ule4AK1EsCkgD0yHMxPOcw&url=httpedits.mywebsearch.comtoolbareditsbarsearch.jhtml&st=sb&searchfor={searchTerms}
SearchScopes HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = httpsearch.myheritage.comorig=ds&q={searchTerms}
SearchScopes HKCU - {D42F5BAB-328E-4AE0-A45C-4C9AE5A06675} URL = httpus.yhs.search.yahoo.comavgsearchfr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - CProgram FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
BHO RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
BHO No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - CProgram FilesJavajre7binssv.dll (Oracle Corporation)
BHO avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - CProgram FilesAlwil SoftwareAvast5aswWebRepIE.dll (AVAST Software)
BHO Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - CProgram FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corporation)
BHO Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - CProgram FilesMicrosoft OfficeOffice14URLREDIR.DLL (Microsoft Corporation)
BHO Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - CWINDOWSsystem32mscoree.dll (Microsoft Corporation)
BHO Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - CProgram FilesJavajre7binjp2ssv.dll (Oracle Corporation)
Toolbar HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - CProgram FilesAlwil SoftwareAvast5aswWebRepIE.dll (AVAST Software)
Toolbar HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - CWINDOWSsystem32browseui.dll (Microsoft Corporation)
Toolbar HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - CWINDOWSsystem32shell32.dll (Microsoft Corporation)
Toolbar HKCU - No Name - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} -  No File
Toolbar HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - CWINDOWSsystem32ieframe.dll (Microsoft Corporation)
Toolbar HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -  No File
Toolbar HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} httpa1540.g.akamai.net715405220061205qtinstall.info.apple.comqtactivexqtplugin.cab
DPF {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} httpdownload.microsoft.comdownloade73e7345c16-80aa-4488-ae10-9ac6be844f99OGAControl.cab
DPF {0CCA191D-13A6-4E29-B746-314DEE697D83} httpupload.facebook.comcontrolsFacebookPhotoUploader5.cab
DPF {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} httpdownload.microsoft.comdownload0fb0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5VirtualEarth3D.cab
DPF {166B1BCA-3F9C-11CF-8075-444553540000} httpfpdownload.macromedia.compubshockwavecabsdirectorsw.cab
DPF {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} CProgram FilesYahoo!Commonyinsthelper.dll
DPF {48DD0448-9209-4F81-9F6D-D83562940134} httplads.myspace.comuploadMySpaceUploader1006.cab
DPF {4C39376E-FA9D-4349-BACC-D305C1750EF3} httptools.ebayimg.comepswlactivexeBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} httpupload.facebook.comcontrolsFacebookPhotoUploader3.cab
DPF {5F8469B4-B055-49DD-83F7-62B522420ECC} httpupload.facebook.comcontrolsFacebookPhotoUploader.cab
DPF {67DABFBF-D0AB-41FA-9C46-CC0F21721616} httpdownload.divx.complayerDivXBrowserPlugin.cab
DPF {6D75BB25-0924-440D-865A-E0BDA690163F} httpmessage2.myvideowebstream.comocxVTControl42.CAB
DPF {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} httpupdate.microsoft.commicrosoftupdatev6V5Controlsenx86clientmuweb_site.cab1168538542687
DPF {8AD9C840-044E-11D1-B3E9-00805F499D93} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} httpfpdownload.macromedia.comgetflashplayercurrentultrashim.cab
DPF {A8F2B9BD-A6A0-486A-9744-18920D898429} httpwww.sibelius.comdownloadsoftwarewinActiveXPlugin.cab
DPF {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} httpoffice.microsoft.comofficeupdatecontentopuc4.cab
DPF {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_06-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_09-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_10-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_11-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_01-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_02-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_03-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_05-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} httpupload.facebook.comcontrolsFacebookPhotoUploader4_5.cab
DPF {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} httpwww.shockwave.comcontentzumasispopcaploader_v10.cab
DPF {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} httpwww.zoomify.comdownloadzoomify214.cab
DPF {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} httpssecure.logmein.comactivexractrl.cablmi=100
Handler livecall - {828030A1-22C1-4009-854F-8E305202313F} - CProgram FilesWindows LiveMessengermsgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - CProgram FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL (Microsoft Corporation)
Handler msnim - {828030A1-22C1-4009-854F-8E305202313F} - CProgram FilesWindows LiveMessengermsgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - CWINDOWSsystem32shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - CProgram FilesWindows Desktop SearchMsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock Catalog5 05 CProgram FilesBonjourmdnsNSP.dll [152864] (Apple Inc.)
Hosts There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip..Interfaces{F5E24AA9-2844-4804-9E5E-28200A59F869} [NameServer]192.168.0.1
 
FireFox
========
FF ProfilePath CDocuments and SettingsCLAIREApplication DataMozillaFirefoxProfilesrfw8cano.default
FF SelectedSearchEngine Google
FF Homepage hxxpwww.google.co.uk
FF Plugin @adobe.comFlashPlayer - CWINDOWSsystem32MacromedFlashNPSWF32_11_9_900_117.dll ()
FF Plugin @divx.comDivX Browser Plugin,version=1.0.0 - CProgram FilesDivXDivX Web Playernpdivx32.dll No File
FF Plugin @java.comDTPlugin,version=10.45.2 - CProgram FilesJavajre7bindtpluginnpDeployJava1.dll (Oracle Corporation)
FF Plugin @java.comJavaPlugin,version=10.45.2 - CProgram FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)
FF Plugin @Microsoft.comNpCtrl,version=1.0 - cProgram FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)
FF Plugin @microsoft.comOfficeAuthz,version=14.0 - CPROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin @microsoft.comSharePoint,version=14.0 - CPROGRA~1MICROS~2Office14NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin @microsoft.comWPF,version=3.5 - cWINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF Plugin @real.comnppl3260;version=12.0.1.669 - cprogram filesrealrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF Plugin @real.comnpracplug;version=1.0.0.0 - CProgram FilesRealRealArcadePluginsMozillanpracplug.dll (RealNetworks)
FF Plugin @real.comnprjplug;version=12.0.1.669 - cprogram filesrealrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF Plugin @real.comnprpchromebrowserrecordext;version=12.0.1.669 - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin @real.comnprphtml5videoshim;version=12.0.1.669 - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin @real.comnprpjplug;version=12.0.1.669 - cprogram filesrealrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)
FF Plugin @tools.google.comGoogle Update;version=3 - CProgram FilesGoogleUpdate1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin @tools.google.comGoogle Update;version=9 - CProgram FilesGoogleUpdate1.3.21.165npGoogleUpdate3.dll (Google Inc.)
FF Plugin Adobe Reader - CProgram FilesAdobeReader 11.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)
FF Plugin yaxmpb@yahoo.comYahooActiveXPluginBridge;version=1.0.0.1 - CProgram FilesYahoo!Commonnpyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU @citrixonline.comappdetectorplugin - CDocuments and SettingsCLAIRELocal SettingsApplication DataCitrixPlugins104npappdetector.dll (Citrix Online)
FF Plugin HKCU @unity3d.comUnityPlayer,version=1.0 - CDocuments and SettingsCLAIRELocal SettingsApplication DataUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin CProgram Filesmozilla firefoxsearchpluginsanswers.xml
FF SearchPlugin CProgram Filesmozilla firefoxsearchpluginsavg_igeared.xml
FF SearchPlugin CProgram Filesmozilla firefoxsearchpluginscreativecommons.xml
FF SearchPlugin CProgram Filesmozilla firefoxbrowsersearchpluginsamazon-en-GB.xml
FF SearchPlugin CProgram Filesmozilla firefoxbrowsersearchpluginschambers-en-GB.xml
FF SearchPlugin CProgram Filesmozilla firefoxbrowsersearchpluginseBay-en-GB.xml
FF SearchPlugin CProgram Filesmozilla firefoxbrowsersearchpluginsyahoo-en-GB.xml
FF Extension Chromifox Basic - CDocuments and SettingsCLAIREApplication DataMozillaFirefoxProfilesrfw8cano.defaultExtensionschromifox@altmusictv.com
FF Extension gaurangnshah - CDocuments and SettingsCLAIREApplication DataMozillaFirefoxProfilesrfw8cano.defaultExtensionsgaurangnshah@gmail.com.xpi
FF Extension googtrans - CDocuments and SettingsCLAIREApplication DataMozillaFirefoxProfilesrfw8cano.defaultExtensions{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
FF Extension Java Console - CProgram FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension Java Console - CProgram FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM...FirefoxExtensions [{20a82645-c095-46ed-80e3-08825760534b}] - cWINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF Extension Microsoft .NET Framework Assistant - cWINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF HKLM...FirefoxExtensions [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExt
FF Extension RealPlayer Browser Record Plugin - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExt
FF HKLM...FirefoxExtensions [wrc@avast.com] - CProgram FilesAlwil SoftwareAvast5WebRepFF
FF Extension avast! WebRep - CProgram FilesAlwil SoftwareAvast5WebRepFF
 
Chrome 
=======
CHR HomePage hxxpwww.google.com
CHR RestoreOnStartup hxxpwww.google.com
CHR DefaultSearchURL (Google) - {googlebaseURL}search{googleRLZ}{googleacceptedSuggestion}{googleoriginalQueryForSuggestion}{googlesearchFieldtrialParameter}{googleinstantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL (Google) - {googlebaseSuggestURL}search{googlesearchFieldtrialParameter}{googleinstantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin (Shockwave Flash) - CProgram FilesGoogleChromeApplication19.0.1084.56gcswf32.dll No File
CHR Plugin (Shockwave Flash) - CWINDOWSsystem32MacromedFlashNPSWF32.dll No File
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin.dll (Apple Inc.)
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin2.dll (Apple Inc.)
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin3.dll (Apple Inc.)
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin4.dll (Apple Inc.)
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin5.dll (Apple Inc.)
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin6.dll (Apple Inc.)
CHR Plugin (QuickTime Plug-in 7.6.7) - CProgram FilesMozilla Firefoxpluginsnpqtplugin7.dll (Apple Inc.)
CHR Plugin (Java Deployment Toolkit 6.0.260.3) - CProgram FilesJavajre6binnew_pluginnpdeployJava1.dll No File
CHR Plugin (Java™ Platform SE 6 U26) - CProgram FilesJavajre6binnew_pluginnpjp2.dll No File
CHR Plugin (Adobe Acrobat) - CProgram FilesAdobeReader 10.0ReaderBrowsernppdf32.dll No File
CHR Plugin (Silverlight Plug-In) - cProgram FilesMicrosoft Silverlight4.0.60531.0npctrl.dll No File
CHR Plugin (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - CProgram FilesMozilla Firefoxpluginsnppl3260.dll (RealNetworks, Inc.)
CHR Plugin (RealPlayer Version Plugin) - CProgram FilesMozilla Firefoxpluginsnprpjplug.dll (RealNetworks, Inc.)
CHR Plugin (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin (Microsoftu00AE Windows Media Player Firefox Plugin) - CProgram FilesMozilla Firefoxpluginsnp-mswmp.dll (Microsoft Corporation)
CHR Plugin (Microsoft Office 2003) - CProgram FilesMozilla FirefoxpluginsNPOFFICE.DLL (Microsoft Corporation)
CHR Plugin (Remoting Viewer) - internal-remoting-viewer
CHR Plugin (Native Client) - CProgram FilesGoogleChromeApplication19.0.1084.56ppGoogleNaClPluginChrome.dll No File
CHR Plugin (Chrome PDF Viewer) - CProgram FilesGoogleChromeApplication19.0.1084.56pdf.dll No File
CHR Plugin (BitCometAgent) - CProgram FilesMozilla FirefoxpluginsnpBitCometAgent.dll (BitComet)
CHR Plugin (RealJukebox NS Plugin) - CProgram FilesMozilla Firefoxpluginsnprjplug.dll (RealNetworks, Inc.)
CHR Plugin (Microsoftu00AE DRM) - CProgram FilesWindows Media Playernpdrmv2.dll (Microsoft Corporation)
CHR Plugin (Microsoftu00AE DRM) - CProgram FilesWindows Media Playernpwmsdrm.dll (Microsoft Corporation)
CHR Plugin (Google Update) - CProgram FilesGoogleUpdate1.3.21.65npGoogleUpdate3.dll No File
CHR Plugin (RealArcade Mozilla Plugin) - CProgram FilesRealRealArcadePluginsMozillanpracplug.dll (RealNetworks)
CHR Plugin (MetaStream 3 Plugin) - CProgram FilesViewpointViewpoint Experience TechnologynpViewpoint.dll No File
CHR Plugin (Yahoo! activeX Plug-in Bridge) - CProgram FilesYahoo!Commonnpyaxmpb.dll (Yahoo! Inc.)
CHR Plugin (Windows Presentation Foundation) - cWINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
CHR Plugin (Default Plug-in) - default_plugin No File
CHR Extension (avast! WebRep) - CDocuments and SettingsCLAIRELocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsicmlaeflemplmjndnaapfdbbnpncnbda7.0.1426_0
CHR Extension (RealPlayer HTML5Video Downloader Extension) - CDocuments and SettingsCLAIRELocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0
CHR HKLM...ChromeExtension [icmlaeflemplmjndnaapfdbbnpncnbda] - CProgram FilesAlwil SoftwareAvast5WebRepChromeaswWebRepChrome.crx
CHR HKLM...ChromeExtension [jfmjfhklogoienhpfnppmbcbjfjnkonk] - CDocuments and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginChromeExtrphtml5video.crx
 
========================== Services (Whitelisted) =================
 
R2 Akamai; cprogram filescommon filesakamainetsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 avast! Antivirus; CProgram FilesAlwil SoftwareAvast5AvastSvc.exe [44768 2012-03-06] (AVAST Software)
S3 bepldr; CProgram FilesCommon FilesBCL TechnologieseasyPDF 5bepldr.exe [151552 2007-02-21] ()
R2 KService; CProgram FilesKontikiKService.exe [3072184 2008-02-27] (Kontiki Inc.)
R2 LexBceS; CWINDOWSsystem32LEXBCES.EXE [283136 1998-10-14] (Lexmark International, Inc.)
S3 Macromedia Licensing Service; CProgram FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe [69632 2005-10-20] (Macromedia)
S3 McComponentHostService; CProgram FilesMcAfee Security Scan2.1.121McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 MSSQL$ACT7; CProgram FilesMicrosoft SQL ServerMSSQL$ACT7Binnsqlservr.exe [7544916 2003-06-01] (Microsoft Corporation)
S3 MSSQLServerADHelper; CProgram FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 ProtexisLicensing; CWINDOWSsystem32PSIService.exe [177704 2007-06-05] ()
S3 SPTISRV; CProgram FilesCommon FilesSony SharedAVLibSPTISRV.exe [69718 2005-08-30] (Sony Corporation)
S3 SQLAgent$ACT7; CProgram FilesMicrosoft SQL ServerMSSQL$ACT7Binnsqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 Symantec Core LC; CProgram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe [1174152 2007-02-14] (Symantec Corporation)
U4 avast! Firewall; CProgram FilesAlwil SoftwareAvast5afwServ.exe [x]
R2 JavaQuickStarterService; CProgram FilesJavajre7binjqs.exe -service -config CProgram FilesJavajre7libdeployjqsjqs.conf
S2 VRaySpawner 90; C3dsMax9vrayspawner90.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; CWindowsSystem32DriversAavmker4.sys [24920 2012-03-06] (AVAST Software)
R2 aswFsBlk; CWindowsSystem32DriversaswFsBlk.sys [20696 2012-03-06] (AVAST Software)
R1 aswKbd; CWindowsSystem32DriversaswKbd.sys [24408 2012-03-06] (AVAST Software)
R2 aswMon2; CWindowsSystem32DriversaswMon2.sys [95704 2012-03-06] (AVAST Software)
R1 aswRdr; CWindowsSystem32DriversaswRdr.sys [35672 2012-03-06] (AVAST Software)
R1 aswSnx; CWindowsSystem32DriversaswSnx.sys [612184 2012-03-06] (AVAST Software)
R1 aswSP; CWindowsSystem32DriversaswSP.sys [337880 2012-03-06] (AVAST Software)
R1 aswTdi; CWindowsSystem32DriversaswTdi.sys [53848 2012-03-06] (AVAST Software)
S3 BlueletAudio; CWindowsSystem32DRIVERSblueletaudio.sys [20096 2004-10-19] (IVT Corporation)
S3 BT; CWindowsSystem32DRIVERSbtnetdrv.sys [10804 2004-09-22] (IVT Corporation)
S3 Btcsrusb; CWindowsSystem32Driversbtcusb.sys [22488 2004-12-02] (IVT Corporation)
S3 BTHidEnum; CWindowsSystem32DRIVERSvbtenum.sys [11604 2004-09-22] ()
R0 BTHidMgr; CWindowsSystem32DriversBTHidMgr.sys [28207 2004-10-19] (IVT Corporation)
S3 CCDECODE; CWindowsSystem32DRIVERSCCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eeCtrl; CProgram FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys [371248 2008-09-12] (Symantec Corporation)
S3 EGATHDRV; CWINDOWSDownloaded Program FilesEGATHDRV.SYS [5120 2004-02-25] (IBM Corporation)
S3 EuDisk; CWindowsSystem32DRIVERSEuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 k750bus; CWindowsSystem32DRIVERSk750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; CWindowsSystem32DRIVERSk750mdfl.sys [6576 2005-02-11] (MCCI)
S3 k750mdm; CWindowsSystem32DRIVERSk750mdm.sys [89872 2005-02-11] (MCCI)
S3 k750mgmt; CWindowsSystem32DRIVERSk750mgmt.sys [81728 2005-02-11] (MCCI)
S3 k750obex; CWindowsSystem32DRIVERSk750obex.sys [79488 2005-02-11] (MCCI)
S3 Logu1pnnnp; CWINDOWSsystem32driversatmlane.sys [55808 2008-04-13] (Microsoft Corporation)
S3 NdisIP; CWindowsSystem32DRIVERSNdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; CWINDOWSsystem32driverspacket.sys [13299 2004-09-22] ()
S3 NuidFltr; CWindowsSystem32DRIVERSNuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R2 PMEM; CWINDOWSSYSTEM32DriversPMEMNT.SYS [7012 2000-06-01] (Microsoft Corporation)
R0 sptd; CWindowsSystem32Driverssptd.sys [691696 2009-11-25] ()
S3 Spyder3; CWindowsSystem32DRIVERSSpyder3.sys [12288 2007-12-12] ()
R2 symlcbrd; CWINDOWSsystem32driverssymlcbrd.sys [10344 2006-01-24] (Symantec Corporation)
S3 VComm; CWindowsSystem32DRIVERSVComm.sys [61312 2004-10-19] (IVT Corporation)
S3 VcommMgr; CWindowsSystem32DriversVcommMgr.sys [82148 2004-11-05] (IVT Corporation)
R2 WIBUKEY; CWindowsSystem32DRIVERSWibuKey.sys [78648 2009-12-03] (WIBU-SYSTEMS AG)
S3 Wibukey2; CWindowsSystem32driverswibukey2.sys [16384 2009-09-08] (WIBU-SYSTEMS AG)
U3 a2f54oeu; CWindowsSystem32Driversa2f54oeu.sys [0 ] (Microsoft Corporation)
U3 acvkc85a; CWindowsSystem32Driversacvkc85a.sys [0 ] (Microsoft Corporation)
S2 adfs; No ImagePath
S1 ASPI32; No ImagePath
S3 catchme; CDOCUME~1CLAIRELOCALS~1Tempcatchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; CWindowssystem32driversscsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SunkFilt; CWINDOWSSystem32Driverssunkfilt.sys [x]
S3 w550bus; system32DRIVERSw550bus.sys [x]
S3 w550mdfl; system32DRIVERSw550mdfl.sys [x]
S3 w550mdm; system32DRIVERSw550mdm.sys [x]
S3 w550mgmt; system32DRIVERSw550mgmt.sys [x]
S3 w550obex; system32DRIVERSw550obex.sys [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-05 1454 - 2013-12-05 1454 - 00000000 ____D CFRST
2013-12-04 1657 - 2013-12-04 1657 - 00308294 ____N CDocuments and SettingsCLAIREDesktopDevise Ltd-5070181900.xlsx
2013-11-26 1155 - 2013-11-26 1155 - 00001804 _____ CDocuments and SettingsAll UsersStart MenuProgramsAdobe Reader XI.lnk
2013-11-26 1155 - 2013-11-26 1155 - 00001774 _____ CDocuments and SettingsAll UsersDesktopAdobe Reader XI.lnk
2013-11-25 1017 - 2013-11-25 1025 - 00000000 ___SD CComboFixnewe
2013-11-25 0927 - 2013-11-25 0928 - 00000000 ____D CDocuments and SettingsAll UsersStart MenuProgramsMcAfee Security Scan Plus
2013-11-22 1612 - 2013-11-22 1612 - 00000000 ____D CProgram FilesESET
2013-11-22 1611 - 2013-11-25 0927 - 00000000 ____D CProgram FilesMcAfee Security Scan
2013-11-22 1611 - 2013-11-22 1611 - 00000000 ____D CDocuments and SettingsAll UsersApplication DataMcAfee Security Scan
2013-11-22 1611 - 2013-11-22 1610 - 00264616 _____ (Oracle Corporation) CWINDOWSsystem32javaws.exe
2013-11-22 1611 - 2013-11-22 1610 - 00175016 _____ (Oracle Corporation) CWINDOWSsystem32javaw.exe
2013-11-22 1611 - 2013-11-22 1610 - 00174504 _____ (Oracle Corporation) CWINDOWSsystem32java.exe
2013-11-22 1611 - 2013-11-22 1610 - 00094632 _____ (Oracle Corporation) CWINDOWSsystem32WindowsAccessBridge.dll
2013-11-22 1607 - 2013-11-22 1607 - 00000000 ____D CDocuments and SettingsCLAIREDesktopbackups
2013-11-22 1556 - 2013-11-22 1556 - 00915368 _____ (Oracle Corporation) CDocuments and SettingsCLAIREDesktopjxpiinstall.exe
2013-11-22 1554 - 2013-11-22 1554 - 00388608 _____ (Trend Micro Inc.) CDocuments and SettingsCLAIREDesktopHijackThis.exe
2013-11-22 1534 - 2013-11-22 1543 - 00050180 _____ CWINDOWSie8Uninst.log
2013-11-22 1507 - 2013-11-22 1507 - 00000957 _____ CDocuments and SettingsCLAIREDesktopRevo Uninstaller.lnk
2013-11-22 1507 - 2013-11-22 1507 - 00000000 ____D CProgram FilesVS Revo Group
2013-11-22 1506 - 2013-11-22 1507 - 02623656 _____ (VS Revo Group Ltd.) CDocuments and SettingsCLAIREDesktoprevosetup.exe
2013-11-22 1334 - 2013-11-22 1334 - 00000000 ____D Ccmdcons
2013-11-22 1334 - 2005-10-19 2349 - 00000194 _____ CBoot.bak
2013-11-22 1334 - 2004-08-03 2300 - 00260272 __RSH Ccmldr
2013-11-22 1332 - 2011-06-26 0645 - 00256000 _____ CWINDOWSPEV.exe
2013-11-22 1332 - 2010-11-07 1720 - 00208896 _____ CWINDOWSMBR.exe
2013-11-22 1332 - 2009-04-20 0456 - 00060416 _____ (NirSoft) CWINDOWSNIRCMD.exe
2013-11-22 1332 - 2000-08-31 0000 - 00518144 _____ (SteelWerX) CWINDOWSSWREG.exe
2013-11-22 1332 - 2000-08-31 0000 - 00406528 _____ (SteelWerX) CWINDOWSSWSC.exe
2013-11-22 1332 - 2000-08-31 0000 - 00212480 _____ (SteelWerX) CWINDOWSSWXCACLS.exe
2013-11-22 1332 - 2000-08-31 0000 - 00098816 _____ CWINDOWSsed.exe
2013-11-22 1332 - 2000-08-31 0000 - 00080412 _____ CWINDOWSgrep.exe
2013-11-22 1332 - 2000-08-31 0000 - 00068096 _____ CWINDOWSzip.exe
2013-11-22 1312 - 2013-11-22 1332 - 00000000 ____D CQoobox
2013-11-22 1312 - 2013-11-22 1312 - 00000000 ____D CWINDOWSerdnt
2013-11-22 1232 - 2013-11-22 1234 - 00000000 ____D CAdwCleaner
2013-11-22 1230 - 2013-11-22 1230 - 00223989 _____ CDocuments and SettingsCLAIREDesktopremoving the virus.htm
2013-11-22 0932 - 2013-12-05 1029 - 00000280 _____ CWINDOWSTasksRealUpgradeLogonTaskS-1-5-21-570416574-2463386557-4080376233-1005.job
2013-11-20 1154 - 2013-11-20 1218 - 1464812544 _____ CDocuments and SettingsCLAIREDesktopStewart_Devise_02.pst
2013-11-18 1229 - 2013-11-19 1515 - 00000000 ____D CProgram FilesMozilla Firefox
2013-11-18 1223 - 2013-11-18 1223 - 00000038 _____ CDocuments and SettingsCLAIREDesktopjavascript;.URL
2013-11-12 1319 - 2013-11-12 1319 - 00000000 ____D CDocuments and SettingsCLAIREApplication DataMonotype Imaging Inc
2013-11-12 1318 - 2013-11-12 1318 - 00000000 ____D CDocuments and SettingsLocalServiceApplication DataMonotype Imaging Inc
2013-11-12 1318 - 2013-02-27 2013 - 00068096 _____ (Teco Image Systems Co., Ltd.) CWINDOWSsystem32GNEG_LMON.dll
2013-11-12 1316 - 2013-11-12 1316 - 00000000 ____D CDocuments and SettingsCLAIREApplication Datacopa_twain
2013-11-12 1316 - 2013-11-12 1316 - 00000000 ____D CDocuments and SettingsAll UsersApplication DataRicoh
 
==================== One Month Modified Files and Folders =======
 
2013-12-05 1455 - 2007-04-05 1356 - 00000000 ____D CDocuments and SettingsAll UsersApplication DataKontiki
2013-12-05 1454 - 2013-12-05 1454 - 00000000 ____D CFRST
2013-12-05 1451 - 2009-05-26 1334 - 00000424 ____H CWINDOWSTasksUser_Feed_Synchronization-{E02B2315-E37C-4CA1-AC8A-AE42D896D911}.job
2013-12-05 1451 - 2005-09-30 1754 - 00032420 _____ CWINDOWSSchedLgU.Txt
2013-12-05 1412 - 2013-04-30 1006 - 00000830 _____ CWINDOWSTasksAdobe Flash Player Updater.job
2013-12-05 1404 - 2011-09-13 0857 - 00000886 _____ CWINDOWSTasksGoogleUpdateTaskMachineUA.job
2013-12-05 1349 - 2005-09-30 1747 - 01706482 _____ CWINDOWSWindowsUpdate.log
2013-12-05 1030 - 2011-09-13 0857 - 00000882 _____ CWINDOWSTasksGoogleUpdateTaskMachineCore.job
2013-12-05 1030 - 1980-01-01 0700 - 00002206 _____ CWINDOWSsystem32wpa.dbl
2013-12-05 1029 - 2013-11-22 0932 - 00000280 _____ CWINDOWSTasksRealUpgradeLogonTaskS-1-5-21-570416574-2463386557-4080376233-1005.job
2013-12-05 1028 - 2010-03-31 1222 - 00000288 _____ CWINDOWSTasksRealUpgradeScheduledTaskS-1-5-21-570416574-2463386557-4080376233-1005.job
2013-12-05 1007 - 2010-11-10 1005 - 00000000 ____D CProgram FilesCommon FilesAkamai
2013-12-05 1007 - 2005-09-30 1744 - 00000159 _____ CWINDOWSwiadebug.log
2013-12-05 1007 - 2005-09-30 1744 - 00000049 _____ CWINDOWSwiaservc.log
2013-12-05 1006 - 2005-09-30 1754 - 00000006 ____H CWINDOWSTasksSA.DAT
2013-12-04 1701 - 2005-10-19 2349 - 00000278 ___SH CDocuments and SettingsCLAIREntuser.ini
2013-12-04 1657 - 2013-12-04 1657 - 00308294 ____N CDocuments and SettingsCLAIREDesktopDevise Ltd-5070181900.xlsx
2013-12-03 1709 - 2012-01-16 1749 - 00131072 _____ CWINDOWSsystem32configOAlerts.evt
2013-12-02 1041 - 2012-09-04 1312 - 00000000 ____D CDocuments and SettingsCLAIREMy DocumentsOutlook Files
2013-11-28 1504 - 2012-01-17 1123 - 00000000 ____D CDocuments and SettingsLocalServiceLocal SettingsApplication DataAdobe
2013-11-26 1155 - 2013-11-26 1155 - 00001804 _____ CDocuments and SettingsAll UsersStart MenuProgramsAdobe Reader XI.lnk
2013-11-26 1155 - 2013-11-26 1155 - 00001774 _____ CDocuments and SettingsAll UsersDesktopAdobe Reader XI.lnk
2013-11-26 1155 - 2005-10-31 2044 - 00000000 ____D CProgram FilesCommon FilesAdobe
2013-11-26 1154 - 2005-10-31 2044 - 00000000 ____D CProgram FilesAdobe
2013-11-26 1151 - 2005-10-31 2045 - 00000000 ____D CDocuments and SettingsCLAIRELocal SettingsApplication DataAdobe
2013-11-25 1404 - 2005-10-19 2349 - 00000000 ____D CDocuments and SettingsCLAIRE
2013-11-25 1025 - 2013-11-25 1017 - 00000000 ___SD CComboFixnewe
2013-11-25 0928 - 2013-11-25 0927 - 00000000 ____D CDocuments and SettingsAll UsersStart MenuProgramsMcAfee Security Scan Plus
2013-11-25 0927 - 2013-11-22 1611 - 00000000 ____D CProgram FilesMcAfee Security Scan
2013-11-25 0916 - 2012-01-16 1731 - 00000000 ____D CDocuments and SettingsAll UsersApplication DataMicrosoft Help
2013-11-25 0916 - 2005-10-20 0047 - 00000000 ____D CDocuments and SettingsAll UsersStart MenuProgramsMicrosoft Office
2013-11-22 1844 - 2010-07-15 0838 - 00000000 ___RD CProgram FilesCS3 suite
2013-11-22 1844 - 2009-11-25 1137 - 00000000 ____D CProgram FilesDAEMON Tools Lite
2013-11-22 1612 - 2013-11-22 1612 - 00000000 ____D CProgram FilesESET
2013-11-22 1611 - 2013-11-22 1611 - 00000000 ____D CDocuments and SettingsAll UsersApplication DataMcAfee Security Scan
2013-11-22 1611 - 2005-12-02 2313 - 00000000 ____D CProgram FilesCommon FilesJava
2013-11-22 1610 - 2013-11-22 1611 - 00264616 _____ (Oracle Corporation) CWINDOWSsystem32javaws.exe
2013-11-22 1610 - 2013-11-22 1611 - 00175016 _____ (Oracle Corporation) CWINDOWSsystem32javaw.exe
2013-11-22 1610 - 2013-11-22 1611 - 00174504 _____ (Oracle Corporation) CWINDOWSsystem32java.exe
2013-11-22 1610 - 2013-11-22 1611 - 00094632 _____ (Oracle Corporation) CWINDOWSsystem32WindowsAccessBridge.dll
2013-11-22 1610 - 2007-04-10 1554 - 00145408 _____ (Oracle Corporation) CWINDOWSsystem32javacpl.cpl
2013-11-22 1607 - 2013-11-22 1607 - 00000000 ____D CDocuments and SettingsCLAIREDesktopbackups
2013-11-22 1601 - 2010-03-15 1507 - 00000000 ____D Cspm
2013-11-22 1556 - 2013-11-22 1556 - 00915368 _____ (Oracle Corporation) CDocuments and SettingsCLAIREDesktopjxpiinstall.exe
2013-11-22 1554 - 2013-11-22 1554 - 00388608 _____ (Trend Micro Inc.) CDocuments and SettingsCLAIREDesktopHijackThis.exe
2013-11-22 1554 - 2012-05-23 1122 - 00000000 ___RD CDocuments and SettingsCLAIREMy DocumentsDropbox
2013-11-22 1554 - 2012-05-23 1119 - 00000000 ____D CDocuments and SettingsCLAIREApplication DataDropbox
2013-11-22 1550 - 2010-08-26 1546 - 00000843 _____ CDocuments and SettingsCLAIREStart MenuProgramsInternet Explorer.lnk
2013-11-22 1548 - 2005-09-30 1736 - 00000000 ____D CWINDOWSMedia
2013-11-22 1548 - 2005-09-30 1736 - 00000000 ____D CWINDOWSHelp
2013-11-22 1543 - 2013-11-22 1534 - 00050180 _____ CWINDOWSie8Uninst.log
2013-11-22 1543 - 2011-06-16 1549 - 00624091 _____ CWINDOWSiis6.log
2013-11-22 1543 - 2011-06-16 1549 - 00264605 _____ CWINDOWStsoc.log
2013-11-22 1543 - 2011-06-16 1549 - 00192400 _____ CWINDOWScomsetup.log
2013-11-22 1543 - 2011-06-16 1549 - 00117123 _____ CWINDOWSntdtcsetup.log
2013-11-22 1543 - 2011-06-16 1549 - 00032060 _____ CWINDOWSocmsn.log
2013-11-22 1543 - 2011-06-16 1549 - 00028923 _____ CWINDOWStabletoc.log
2013-11-22 1543 - 2011-06-16 1549 - 00001393 _____ CWINDOWSimsins.log
2013-11-22 1543 - 2009-05-26 1327 - 00000000 ____D CWINDOWSie8updates
2013-11-22 1542 - 2011-06-16 1554 - 00074194 _____ CWINDOWSupdspapi.log
2013-11-22 1541 - 2011-06-16 1549 - 00576227 _____ CWINDOWSFaxSetup.log
2013-11-22 1541 - 2011-06-16 1549 - 00280546 _____ CWINDOWSocgen.log
2013-11-22 1541 - 2011-06-16 1549 - 00176372 _____ CWINDOWSmsmqinst.log
2013-11-22 1541 - 2011-06-16 1549 - 00101737 _____ CWINDOWSnetfxocm.log
2013-11-22 1541 - 2011-06-16 1549 - 00040113 _____ CWINDOWSMedCtrOC.log
2013-11-22 1541 - 2011-06-16 1549 - 00029036 _____ CWINDOWSmsgsocm.log
2013-11-22 1541 - 2011-05-13 1644 - 00335225 _____ CWINDOWSsetupapi.log
2013-11-22 1507 - 2013-11-22 1507 - 00000957 _____ CDocuments and SettingsCLAIREDesktopRevo Uninstaller.lnk
2013-11-22 1507 - 2013-11-22 1507 - 00000000 ____D CProgram FilesVS Revo Group
2013-11-22 1507 - 2013-11-22 1506 - 02623656 _____ (VS Revo Group Ltd.) CDocuments and SettingsCLAIREDesktoprevosetup.exe
2013-11-22 1334 - 2013-11-22 1334 - 00000000 ____D Ccmdcons
2013-11-22 1334 - 2001-09-17 2002 - 00000310 __RSH CBOOT.INI
2013-11-22 1332 - 2013-11-22 1312 - 00000000 ____D CQoobox
2013-11-22 1312 - 2013-11-22 1312 - 00000000 ____D CWINDOWSerdnt
2013-11-22 1234 - 2013-11-22 1232 - 00000000 ____D CAdwCleaner
2013-11-22 1230 - 2013-11-22 1230 - 00223989 _____ CDocuments and SettingsCLAIREDesktopremoving the virus.htm
2013-11-21 1025 - 2011-06-16 1549 - 00000176 _____ CWINDOWSsetupact.log
2013-11-20 1218 - 2013-11-20 1154 - 1464812544 _____ CDocuments and SettingsCLAIREDesktopStewart_Devise_02.pst
2013-11-20 0837 - 2012-05-04 0858 - 00000000 ____D CProgram FilesMozilla Maintenance Service
2013-11-19 1515 - 2013-11-18 1229 - 00000000 ____D CProgram FilesMozilla Firefox
2013-11-18 1223 - 2013-11-18 1223 - 00000038 _____ CDocuments and SettingsCLAIREDesktopjavascript;.URL
2013-11-12 1319 - 2013-11-12 1319 - 00000000 ____D CDocuments and SettingsCLAIREApplication DataMonotype Imaging Inc
2013-11-12 1318 - 2013-11-12 1318 - 00000000 ____D CDocuments and SettingsLocalServiceApplication DataMonotype Imaging Inc
2013-11-12 1317 - 2005-09-30 1757 - 00000000 ___HD CProgram FilesInstallShield Installation Information
2013-11-12 1316 - 2013-11-12 1316 - 00000000 ____D CDocuments and SettingsCLAIREApplication Datacopa_twain
2013-11-12 1316 - 2013-11-12 1316 - 00000000 ____D CDocuments and SettingsAll UsersApplication DataRicoh
2013-11-12 1316 - 2005-09-30 1736 - 00000000 ____D CWINDOWStwain_32
 
Some content of TEMP
====================
CDocuments and SettingsCLAIRELocal SettingsTempcontentDATs.exe
CDocuments and SettingsCLAIRELocal SettingsTempjre-7u40-windows-i586-iftw.exe
CDocuments and SettingsCLAIRELocal SettingsTempjre-7u45-windows-i586-iftw.exe
CDocuments and SettingsCLAIRELocal SettingsTempmssinstaller.exe
CDocuments and SettingsCLAIRELocal SettingsTempQuarantine.exe
CDocuments and SettingsCLAIRELocal SettingsTempSecurityScan_Release.exe
 
 
==================== Bamital & volsnap Check =================
 
CWindowsexplorer.exe = MD5 is legit
CWindowsSystem32winlogon.exe = MD5 is legit
CWindowsSystem32svchost.exe = MD5 is legit
CWindowsSystem32services.exe = MD5 is legit
CWindowsSystem32User32.dll = MD5 is legit
CWindowsSystem32userinit.exe = MD5 is legit
CWindowsSystem32Driversvolsnap.sys = MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
 
(I Used a USB to transport the recovery scan this is why the drive is 'G')


#10 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 05 December 2013 - 11:15 AM

Also my CPU doesn't seem to be over run at this moment, but every now and then it jumps back to 100% when theirs no programs running.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,222 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 AM

Posted 05 December 2013 - 02:15 PM

This fix may not work as there are not PATH FOLDER separators. No \ is not present in the log to indicate the folder location.

If it fails then copy the tool to the desktop of the problem computer and run it from there.
post a fresh log.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = httpwww.mywebsearch.comjspcfg_redir2.jspid=ZJman000&fl=0&ptb=ule4AK1EsCkgD0yHMxPOcw&url=httpedits.mywebsearch.comtoolbareditsbarsearch.jhtml&st=sb&searchfor={searchTerms}
SearchScopes HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = httpwww.mywebsearch.comjspcfg_redir2.jspid=ZJman000&fl=0&ptb=ule4AK1EsCkgD0yHMxPOcw&url=httpedits.mywebsearch.comtoolbareditsbarsearch.jhtml&st=sb&searchfor={searchTerms}
BHO No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar HKCU - No Name - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} -  No File
Toolbar HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -  No File
Toolbar HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF {8AD9C840-044E-11D1-B3E9-00805F499D93} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_06-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_09-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_10-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_11-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_02-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_03-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_05-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
FF Homepage hxxpwww.google.co.uk
CHR HomePage hxxpwww.google.com
CHR RestoreOnStartup hxxpwww.google.com
S3 catchme; CDOCUME~1CLAIRELOCALS~1Tempcatchme.sys [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

#12 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 06 December 2013 - 04:53 AM

These Are the Logs posted from the desktop scan nasdaq:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2013
Ran by CLAIRE (administrator) on LEWI on 06-12-2013 09:39:08
Running from C:\Documents and Settings\CLAIRE\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LexBceS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Kontiki Inc.) C:\Program Files\Kontiki\KService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
() C:\WINDOWS\system32\PSIService.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [avast] - C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4241512 2012-03-06] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {0cfdd6f1-fe07-11db-874f-000d60b7a2ed} - E:\InstallTomTomHOME.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: ftp=217.217.17.11:21;gopher=217.217.17.11:80;http=217.217.17.11:80;https=217.217.17.11:80
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} -  No File
Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -  No File
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6D75BB25-0924-440D-865A-E0BDA690163F} http://message2.myvideowebstream.com/ocx/VTControl42.CAB
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} http://www.zoomify.com/download/zoomify214.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{F5E24AA9-2844-4804-9E5E-28200A59F869}: [NameServer]192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\CLAIRE\Application Data\Mozilla\Firefox\Profiles\rfw8cano.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\CLAIRE\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\CLAIRE\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Chromifox Basic - C:\Documents and Settings\CLAIRE\Application Data\Mozilla\Firefox\Profiles\rfw8cano.default\Extensions\chromifox@altmusictv.com
FF Extension: gaurangnshah - C:\Documents and Settings\CLAIRE\Application Data\Mozilla\Firefox\Profiles\rfw8cano.default\Extensions\gaurangnshah@gmail.com.xpi
FF Extension: googtrans - C:\Documents and Settings\CLAIRE\Application Data\Mozilla\Firefox\Profiles\rfw8cano.default\Extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\Alwil Software\Avast5\WebRep\FF
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll No File
CHR Plugin: (BitCometAgent) - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (RealArcade Mozilla Plugin) - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (avast! WebRep) - C:\Documents and Settings\CLAIRE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\CLAIRE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
 
========================== Services (Whitelisted) =================
 
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44768 2012-03-06] (AVAST Software)
S3 bepldr; C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [151552 2007-02-21] ()
R2 KService; C:\Program Files\Kontiki\KService.exe [3072184 2008-02-27] (Kontiki Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [283136 1998-10-14] (Lexmark International, Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2005-10-20] (Macromedia)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [7544916 2003-06-01] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-08-30] (Sony Corporation)
S3 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
R2 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1174152 2007-02-14] (Symantec Corporation)
U4 avast! Firewall; "C:\Program Files\Alwil Software\Avast5\afwServ.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 VRaySpawner 90; C:\3dsMax9\vrayspawner90.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [24920 2012-03-06] (AVAST Software)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-06] (AVAST Software)
R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [95704 2012-03-06] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-06] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [20096 2004-10-19] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [10804 2004-09-22] (IVT Corporation)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [22488 2004-12-02] (IVT Corporation)
S3 BTHidEnum; C:\Windows\System32\DRIVERS\vbtenum.sys [11604 2004-09-22] ()
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [28207 2004-10-19] (IVT Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2008-09-12] (Symantec Corporation)
S3 EGATHDRV; C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS [5120 2004-02-25] (IBM Corporation)
S3 EuDisk; C:\Windows\System32\DRIVERS\EuDisk.sys [122504 2009-12-02] (CHENGDU YIWO Tech Development Co., Ltd)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)
S3 Logu1pnnnp; C:\WINDOWS\system32\drivers\atmlane.sys [55808 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NPF; C:\WINDOWS\system32\drivers\packet.sys [13299 2004-09-22] ()
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R2 PMEM; C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [7012 2000-06-01] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2009-11-25] ()
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [12288 2007-12-12] ()
R2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2006-01-24] (Symantec Corporation)
S3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation)
S3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [82148 2004-11-05] (IVT Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey.sys [78648 2009-12-03] (WIBU-SYSTEMS AG)
S3 Wibukey2; C:\Windows\System32\drivers\wibukey2.sys [16384 2009-09-08] (WIBU-SYSTEMS AG)
U3 akyvk5em; C:\Windows\System32\Drivers\akyvk5em.sys [0 ] (Microsoft Corporation)
U3 awbnqzqo; C:\Windows\System32\Drivers\awbnqzqo.sys [0 ] (Microsoft Corporation)
S2 adfs; No ImagePath
S1 ASPI32; No ImagePath
S3 catchme; \??\C:\DOCUME~1\CLAIRE\LOCALS~1\Temp\catchme.sys [x]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SunkFilt; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [x]
S3 w550bus; system32\DRIVERS\w550bus.sys [x]
S3 w550mdfl; system32\DRIVERS\w550mdfl.sys [x]
S3 w550mdm; system32\DRIVERS\w550mdm.sys [x]
S3 w550mgmt; system32\DRIVERS\w550mgmt.sys [x]
S3 w550obex; system32\DRIVERS\w550obex.sys [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-06 09:39 - 2013-12-06 09:39 - 00027158 _____ C:\Documents and Settings\CLAIRE\Desktop\FRST.txt
2013-12-06 09:37 - 2013-12-06 09:38 - 01405939 _____ (Farbar) C:\Documents and Settings\CLAIRE\Desktop\FRST.exe
2013-12-06 09:37 - 2013-12-06 09:38 - 00000000 ____D C:\Documents and Settings\CLAIRE\Desktop\FRST
2013-12-05 14:54 - 2013-12-06 09:38 - 00000000 ____D C:\FRST
2013-12-04 16:57 - 2013-12-04 16:57 - 00308294 ____N C:\Documents and Settings\CLAIRE\Desktop\Devise Ltd-5070181900.xlsx
2013-11-26 11:55 - 2013-11-26 11:55 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-11-26 11:55 - 2013-11-26 11:55 - 00001774 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-11-25 10:17 - 2013-11-25 10:25 - 00000000 ___SD C:\ComboFixnewe
2013-11-25 09:27 - 2013-11-25 09:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-22 16:12 - 2013-11-22 16:12 - 00000000 ____D C:\Program Files\ESET
2013-11-22 16:11 - 2013-11-25 09:27 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-22 16:11 - 2013-11-22 16:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2013-11-22 16:11 - 2013-11-22 16:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-22 16:11 - 2013-11-22 16:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-22 16:11 - 2013-11-22 16:10 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-22 16:11 - 2013-11-22 16:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-22 16:07 - 2013-11-22 16:07 - 00000000 ____D C:\Documents and Settings\CLAIRE\Desktop\backups
2013-11-22 15:56 - 2013-11-22 15:56 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\CLAIRE\Desktop\jxpiinstall.exe
2013-11-22 15:54 - 2013-11-22 15:54 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\CLAIRE\Desktop\HijackThis.exe
2013-11-22 15:34 - 2013-11-22 15:43 - 00050180 _____ C:\WINDOWS\ie8Uninst.log
2013-11-22 15:07 - 2013-11-22 15:07 - 00000957 _____ C:\Documents and Settings\CLAIRE\Desktop\Revo Uninstaller.lnk
2013-11-22 15:07 - 2013-11-22 15:07 - 00000000 ____D C:\Program Files\VS Revo Group
2013-11-22 15:06 - 2013-11-22 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Documents and Settings\CLAIRE\Desktop\revosetup.exe
2013-11-22 13:34 - 2013-11-22 13:34 - 00000000 ____D C:\cmdcons
2013-11-22 13:34 - 2005-10-19 23:49 - 00000194 _____ C:\Boot.bak
2013-11-22 13:34 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-22 13:32 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-22 13:32 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-22 13:32 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-22 13:32 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-22 13:32 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-22 13:32 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-22 13:32 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-22 13:32 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-22 13:32 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-22 13:12 - 2013-11-22 13:32 - 00000000 ____D C:\Qoobox
2013-11-22 13:12 - 2013-11-22 13:12 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-22 12:32 - 2013-11-22 12:34 - 00000000 ____D C:\AdwCleaner
2013-11-22 12:30 - 2013-11-22 12:30 - 00223989 _____ C:\Documents and Settings\CLAIRE\Desktop\removing the virus.htm
2013-11-22 09:32 - 2013-12-06 09:36 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-570416574-2463386557-4080376233-1005.job
2013-11-20 11:54 - 2013-11-20 12:18 - 1464812544 _____ C:\Documents and Settings\CLAIRE\Desktop\Stewart_Devise_02.pst
2013-11-18 12:29 - 2013-11-19 15:15 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-18 12:23 - 2013-11-18 12:23 - 00000038 _____ C:\Documents and Settings\CLAIRE\Desktop\javascript;.URL
2013-11-12 13:19 - 2013-11-12 13:19 - 00000000 ____D C:\Documents and Settings\CLAIRE\Application Data\Monotype Imaging Inc
2013-11-12 13:18 - 2013-11-12 13:18 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Monotype Imaging Inc
2013-11-12 13:18 - 2013-02-27 20:13 - 00068096 _____ (Teco Image Systems Co., Ltd.) C:\WINDOWS\system32\GNEG_LMON.dll
2013-11-12 13:16 - 2013-11-12 13:16 - 00000000 ____D C:\Documents and Settings\CLAIRE\Application Data\copa_twain
2013-11-12 13:16 - 2013-11-12 13:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ricoh
 
==================== One Month Modified Files and Folders =======
 
2013-12-06 09:41 - 2007-04-05 13:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kontiki
2013-12-06 09:39 - 2013-12-06 09:39 - 00027158 _____ C:\Documents and Settings\CLAIRE\Desktop\FRST.txt
2013-12-06 09:39 - 2005-09-30 17:47 - 01728669 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-06 09:38 - 2013-12-06 09:37 - 01405939 _____ (Farbar) C:\Documents and Settings\CLAIRE\Desktop\FRST.exe
2013-12-06 09:38 - 2013-12-06 09:37 - 00000000 ____D C:\Documents and Settings\CLAIRE\Desktop\FRST
2013-12-06 09:38 - 2013-12-05 14:54 - 00000000 ____D C:\FRST
2013-12-06 09:36 - 2013-11-22 09:32 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-570416574-2463386557-4080376233-1005.job
2013-12-06 09:36 - 2010-03-31 12:22 - 00000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-570416574-2463386557-4080376233-1005.job
2013-12-06 09:36 - 2009-05-26 13:34 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{E02B2315-E37C-4CA1-AC8A-AE42D896D911}.job
2013-12-06 09:34 - 2011-09-13 08:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 09:34 - 2010-11-10 10:05 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-12-06 09:34 - 2005-09-30 17:44 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-06 09:34 - 2005-09-30 17:44 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-12-06 09:34 - 1980-01-01 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-06 09:33 - 2005-09-30 17:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-05 19:34 - 2005-10-19 23:49 - 00000278 ___SH C:\Documents and Settings\CLAIRE\ntuser.ini
2013-12-05 19:34 - 2005-09-30 17:54 - 00032420 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-05 19:12 - 2013-04-30 10:06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-05 19:04 - 2011-09-13 08:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 16:57 - 2013-12-04 16:57 - 00308294 ____N C:\Documents and Settings\CLAIRE\Desktop\Devise Ltd-5070181900.xlsx
2013-12-03 17:09 - 2012-01-16 17:49 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-12-02 10:41 - 2012-09-04 13:12 - 00000000 ____D C:\Documents and Settings\CLAIRE\My Documents\Outlook Files
2013-11-28 15:04 - 2012-01-17 11:23 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2013-11-26 11:55 - 2013-11-26 11:55 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-11-26 11:55 - 2013-11-26 11:55 - 00001774 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2013-11-26 11:55 - 2005-10-31 20:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-26 11:54 - 2005-10-31 20:44 - 00000000 ____D C:\Program Files\Adobe
2013-11-26 11:51 - 2005-10-31 20:45 - 00000000 ____D C:\Documents and Settings\CLAIRE\Local Settings\Application Data\Adobe
2013-11-25 14:04 - 2005-10-19 23:49 - 00000000 ____D C:\Documents and Settings\CLAIRE
2013-11-25 10:25 - 2013-11-25 10:17 - 00000000 ___SD C:\ComboFixnewe
2013-11-25 09:28 - 2013-11-25 09:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2013-11-25 09:27 - 2013-11-22 16:11 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-25 09:16 - 2012-01-16 17:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-11-25 09:16 - 2005-10-20 00:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2013-11-22 18:44 - 2010-07-15 08:38 - 00000000 ___RD C:\Program Files\CS3 suite
2013-11-22 18:44 - 2009-11-25 11:37 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2013-11-22 16:12 - 2013-11-22 16:12 - 00000000 ____D C:\Program Files\ESET
2013-11-22 16:11 - 2013-11-22 16:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2013-11-22 16:11 - 2005-12-02 23:13 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-22 16:10 - 2013-11-22 16:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-11-22 16:10 - 2013-11-22 16:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-11-22 16:10 - 2013-11-22 16:11 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-11-22 16:10 - 2013-11-22 16:11 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-11-22 16:10 - 2007-04-10 15:54 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-11-22 16:07 - 2013-11-22 16:07 - 00000000 ____D C:\Documents and Settings\CLAIRE\Desktop\backups
2013-11-22 16:01 - 2010-03-15 15:07 - 00000000 ____D C:\spm
2013-11-22 15:56 - 2013-11-22 15:56 - 00915368 _____ (Oracle Corporation) C:\Documents and Settings\CLAIRE\Desktop\jxpiinstall.exe
2013-11-22 15:54 - 2013-11-22 15:54 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\CLAIRE\Desktop\HijackThis.exe
2013-11-22 15:54 - 2012-05-23 11:22 - 00000000 ___RD C:\Documents and Settings\CLAIRE\My Documents\Dropbox
2013-11-22 15:54 - 2012-05-23 11:19 - 00000000 ____D C:\Documents and Settings\CLAIRE\Application Data\Dropbox
2013-11-22 15:50 - 2010-08-26 15:46 - 00000843 _____ C:\Documents and Settings\CLAIRE\Start Menu\Programs\Internet Explorer.lnk
2013-11-22 15:48 - 2005-09-30 17:36 - 00000000 ____D C:\WINDOWS\Media
2013-11-22 15:48 - 2005-09-30 17:36 - 00000000 ____D C:\WINDOWS\Help
2013-11-22 15:43 - 2013-11-22 15:34 - 00050180 _____ C:\WINDOWS\ie8Uninst.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00624091 _____ C:\WINDOWS\iis6.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00264605 _____ C:\WINDOWS\tsoc.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00192400 _____ C:\WINDOWS\comsetup.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00117123 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00032060 _____ C:\WINDOWS\ocmsn.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00028923 _____ C:\WINDOWS\tabletoc.log
2013-11-22 15:43 - 2011-06-16 15:49 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-22 15:43 - 2009-05-26 13:27 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-22 15:42 - 2011-06-16 15:54 - 00074194 _____ C:\WINDOWS\updspapi.log
2013-11-22 15:41 - 2011-06-16 15:49 - 00576227 _____ C:\WINDOWS\FaxSetup.log
2013-11-22 15:41 - 2011-06-16 15:49 - 00280546 _____ C:\WINDOWS\ocgen.log
2013-11-22 15:41 - 2011-06-16 15:49 - 00176372 _____ C:\WINDOWS\msmqinst.log
2013-11-22 15:41 - 2011-06-16 15:49 - 00101737 _____ C:\WINDOWS\netfxocm.log
2013-11-22 15:41 - 2011-06-16 15:49 - 00040113 _____ C:\WINDOWS\MedCtrOC.log
2013-11-22 15:41 - 2011-06-16 15:49 - 00029036 _____ C:\WINDOWS\msgsocm.log
2013-11-22 15:41 - 2011-05-13 16:44 - 00335225 _____ C:\WINDOWS\setupapi.log
2013-11-22 15:07 - 2013-11-22 15:07 - 00000957 _____ C:\Documents and Settings\CLAIRE\Desktop\Revo Uninstaller.lnk
2013-11-22 15:07 - 2013-11-22 15:07 - 00000000 ____D C:\Program Files\VS Revo Group
2013-11-22 15:07 - 2013-11-22 15:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Documents and Settings\CLAIRE\Desktop\revosetup.exe
2013-11-22 13:34 - 2013-11-22 13:34 - 00000000 ____D C:\cmdcons
2013-11-22 13:34 - 2001-09-17 20:02 - 00000310 __RSH C:\BOOT.INI
2013-11-22 13:32 - 2013-11-22 13:12 - 00000000 ____D C:\Qoobox
2013-11-22 13:12 - 2013-11-22 13:12 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-22 12:34 - 2013-11-22 12:32 - 00000000 ____D C:\AdwCleaner
2013-11-22 12:30 - 2013-11-22 12:30 - 00223989 _____ C:\Documents and Settings\CLAIRE\Desktop\removing the virus.htm
2013-11-21 10:25 - 2011-06-16 15:49 - 00000176 _____ C:\WINDOWS\setupact.log
2013-11-20 12:18 - 2013-11-20 11:54 - 1464812544 _____ C:\Documents and Settings\CLAIRE\Desktop\Stewart_Devise_02.pst
2013-11-20 08:37 - 2012-05-04 08:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-19 15:15 - 2013-11-18 12:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-18 12:23 - 2013-11-18 12:23 - 00000038 _____ C:\Documents and Settings\CLAIRE\Desktop\javascript;.URL
2013-11-12 13:19 - 2013-11-12 13:19 - 00000000 ____D C:\Documents and Settings\CLAIRE\Application Data\Monotype Imaging Inc
2013-11-12 13:18 - 2013-11-12 13:18 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Monotype Imaging Inc
2013-11-12 13:17 - 2005-09-30 17:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-12 13:16 - 2013-11-12 13:16 - 00000000 ____D C:\Documents and Settings\CLAIRE\Application Data\copa_twain
2013-11-12 13:16 - 2013-11-12 13:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ricoh
2013-11-12 13:16 - 2005-09-30 17:36 - 00000000 ____D C:\WINDOWS\twain_32
 
Some content of TEMP:
====================
C:\Documents and Settings\CLAIRE\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\CLAIRE\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\CLAIRE\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\CLAIRE\Local Settings\Temp\mssinstaller.exe
C:\Documents and Settings\CLAIRE\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\CLAIRE\Local Settings\Temp\SecurityScan_Release.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
 
 
I will Post the next step shortly.


#13 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 06 December 2013 - 05:07 AM

Running the fix, along with the fix logs (It did this in a very short amount of time) :

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-12-2013
Ran by CLAIRE at 2013-12-06 10:04:24 Run:1
Running from C:\Documents and Settings\CLAIRE\Desktop\FRST
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
SearchScopes HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = httpwww.mywebsearch.comjspcfg_redir2.jspid=ZJman000&fl=0&ptb=ule4AK1EsCkgD0yHMxPOcw&url=httpedits.mywebsearch.comtoolbareditsbarsearch.jhtml&st=sb&searchfor={searchTerms}
SearchScopes HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = httpwww.mywebsearch.comjspcfg_redir2.jspid=ZJman000&fl=0&ptb=ule4AK1EsCkgD0yHMxPOcw&url=httpedits.mywebsearch.comtoolbareditsbarsearch.jhtml&st=sb&searchfor={searchTerms}
BHO No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar HKCU - No Name - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} -  No File
Toolbar HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -  No File
Toolbar HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF {8AD9C840-044E-11D1-B3E9-00805F499D93} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_06-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_09-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_10-windows-i586.cab
DPF {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} httpjava.sun.comupdate1.5.0jinstall-1_5_0_11-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_02-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_03-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_05-windows-i586.cab
DPF {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
DPF {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} httpjava.sun.comupdate1.6.0jinstall-1_6_0_07-windows-i586.cab
FF Homepage hxxpwww.google.co.uk
CHR HomePage hxxpwww.google.com
CHR RestoreOnStartup hxxpwww.google.com
S3 catchme; CDOCUME~1CLAIRELOCALS~1Tempcatchme.sys [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
 
end
*****************
 
catchme => Service deleted successfully.
Winsock - Google Desktop Search Backup Before First Install => Service deleted successfully.
Winsock - Google Desktop Search Backup Before Last Install => Service deleted successfully.
 
==== End of Fixlog ====


#14 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 06 December 2013 - 05:51 AM

My machine is still running painfully slow after this, I checked online and realised the CPU usage being used by Svchost.exe system is actually a separate bug I have solved this problem. But I am sure that the win32:Evo virus is still in the system.



#15 JohnLRhodes

JohnLRhodes
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:22 PM

Posted 06 December 2013 - 06:01 AM

My Bad, The CPU is still being leveraged at 100% even after I applied the fix to the bug, this means it can't be a bug






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users