Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC slow in normal mode, OK in safe mode, Catchme rootkit detected by Avast?


  • This topic is locked This topic is locked
32 replies to this topic

#1 Flaemilau

Flaemilau

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 28 November 2013 - 08:25 PM

Hello,

 

OS : WIndows XP SP3

 

My computer (actually on loan from my mother in law!) is taking ages to start and when it does, it is very slow to respond and even freezes. Eventually an Avast alert pops up and tells me it detected a rootkit called "Catchme". I didn't try to delete it, I don't know if I should have or even if Avast was right.

The PC was already slow when I first got it. I ran Malwarebytes before and it found a trojan.agent that was apparently deleted. I also ran JRT that found bad things too (tell me if you need the log).

When I run in Safe mode, the PC seems OK, more responsive.

 

Anyone to help me?

 

Thank you.


Edited by Flaemilau, 29 November 2013 - 04:25 PM.


BC AdBot (Login to Remove)

 


#2 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 29 November 2013 - 07:30 AM

Hi,

 

I turned PC on this morning, it was still very slow to start, but the Avast message about the rootkit didn't come up this time! PC was still slow to respond though.

I decided to run AdwCleaner (saved on to USB key from my laptop and copied then on to the PC) just to see and it found 9 "bad" registry keys. I cleaned them and restarted the PC as prompted. PC seems a bit faster to repond now. I also ran Malwarebytes (quick scan) which didn't find anything.

Still think something is not right, can somebody help me check for rootkit or anything else please? Thank you


Edited by Flaemilau, 29 November 2013 - 04:25 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 03 December 2013 - 10:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#4 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 05 December 2013 - 06:08 PM

Hello nasdaq and thank you for helping me!

 

I scanned with RogueKiller and here is the report:

 

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Maureen [Admin rights]
Mode : Remove -- Date : 12/03/2013 17:40:43
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600JB-75GVA0 +++++
--- User ---
[MBR] a66a930898b2e25ed59715faf266e1b6
[BSP] 7fe52d7fe465e0e6005b0ba19f807eb1 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 149730 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 306729045 | Size: 2816 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12032013_174042.txt >>
RKreport[0]_S_12032013_173819.txt

 

 

Then I tried to run ComboFix (saved to my desktop) but it didn't work, it got stuck on the blue window saying "scanning for infected files... This typically doesn't take more than 10 minutes however, scan times for badly infected machines may easily double" for over 2 hours! so I gave up!

 

 

I didn't run the security check, I wasn't sure if I should run it anyway.

 

What do you recommend me to do now?

 

Thank you.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 06 December 2013 - 10:45 AM

Try this tool.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#6 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 06 December 2013 - 05:16 PM

Hello nasdaq,

 

Please find below the 2 OTL reports:

 

OTL.Txt

 

OTL logfile created on: 06/12/2013 21:27:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Maureen Hedderman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
509.98 Mb Total Physical Memory | 168.89 Mb Available Physical Memory | 33.12% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 71.33 Gb Free Space | 48.78% Space Free | Partition Type: NTFS
 
Computer Name: DCZZ1J1J | User Name: Maureen Hedderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/06 21:24:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
PRC - [2013/11/29 23:48:27 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/29 23:48:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/06 12:30:15 | 002,152,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13120600\algo.dll
MOD - [2013/11/29 23:49:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/29 23:48:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/27 18:42:41 | 000,182,184 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/23 20:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/12/07 17:31:24 | 000,303,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe -- (WSWNA3100M)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\Laura\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)
DRV - [2013/11/29 23:49:35 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2013/11/29 23:49:35 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/29 23:49:35 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2013/11/29 23:49:34 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSnx.sys -- (aswSnx)
DRV - [2013/11/29 23:49:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/29 23:49:32 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/29 23:49:32 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/29 23:49:31 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (AswRdr)
DRV - [2011/11/28 20:43:42 | 001,284,712 | ---- | M] (NETGEAR Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WNA3100M.sys -- (WNA3100M)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/29 16:50:12 | 000,391,430 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbVM303.sys -- (ZSMC303)
DRV - [2006/01/18 13:05:18 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtpaSp50.sys -- (NTPASp50)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS -- (FsVga)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/10/21 11:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Ca533av.sys -- (Ca533av)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk533.sys -- (USBCamera)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes,DefaultScope = {CF25A840-44C4-488C-9DD6-F7E2A11C013E}
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes\{6340E22F-7269-4DC5-BE25-82F5730E2F15}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes\{CF25A840-44C4-488C-9DD6-F7E2A11C013E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..oldKeyword: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/23 17:31:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/29 15:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/17 21:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/03 22:12:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/29 15:38:08 | 000,000,000 | ---D | M]
 
[2011/06/18 16:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Extensions
[2013/12/05 22:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions
[2010/09/15 19:40:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/05 22:20:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\foxyproxy@eric.h.jung
[2013/12/05 22:20:29 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/03 22:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/03 22:21:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16244 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: BeFunky Photo Editor = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Super Mario Bros = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cldhiebgknkdgjedabljpfffcnpjfadf\1.3.2_0\
CHR - Extension: Learn Italian - Molto Bene = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe\1.46_0\
CHR - Extension: Angry Birds Cool West-2011 version! = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egkpbocpdacphnlfilnjeogolepiooio\2.0_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Totem Breaker = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlffpiiabmdgalaoebphhpkhadofhgmd\1.0.4_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: BBC Good Food = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
CHR - Extension: Gravity Duck = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\
CHR - Extension: Online TV From Ireland = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kloeijnimhipefjhgcidooaojgciifcn\2.2_0\
CHR - Extension: TV for Google Chrome™ = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: Diet Diary = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd\1.1_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Super Mario Atari = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nokdphohbjccgojnakcpcnmdpgfmgmle\1_0\
 
O1 HOSTS File: ([2013/09/14 23:55:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No CLSID value found.
O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\d1d859de-5a4f-4aaa-8ede-3626640df3aa.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AEC5981-5A43-4CB0-9618-DDBDA71EC7E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 18:39:18 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O33 - MountPoints2\{87bcf76e-b1fe-11da-9fd6-001111bd355d}\Shell - "" = AutoRun
O33 - MountPoints2\{87bcf76e-b1fe-11da-9fd6-001111bd355d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87bcf76e-b1fe-11da-9fd6-001111bd355d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{9290c826-98e2-11da-9f9f-001111bd355d}\Shell - "" = AutoRun
O33 - MountPoints2\{9290c826-98e2-11da-9f9f-001111bd355d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9290c826-98e2-11da-9f9f-001111bd355d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
O33 - MountPoints2\{e04d1384-bd3f-11e1-85cb-001111bd355d}\Shell - "" = AutoRun
O33 - MountPoints2\{e04d1384-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e04d1384-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e04d1385-bd3f-11e1-85cb-001111bd355d}\Shell - "" = AutoRun
O33 - MountPoints2\{e04d1385-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e04d1385-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e04d1394-bd3f-11e1-85cb-001111bd355d}\Shell - "" = AutoRun
O33 - MountPoints2\{e04d1394-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e04d1394-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/06 21:24:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
[2013/12/03 22:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/03 21:54:12 | 020,703,896 | ---- | C] (SUPERAntiSpyware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\SUPERAntiSpyware.exe
[2013/12/03 20:59:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Maureen Hedderman\Recent
[2013/12/03 20:03:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/03 18:07:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/12/03 18:07:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maureen Hedderman\Start Menu\Programs\Administrative Tools
[2013/12/03 18:00:14 | 005,151,572 | R--- | C] (Swearware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\ComboFix.exe
[2013/12/03 17:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen Hedderman\Desktop\RK_Quarantine
[2013/12/03 16:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen Hedderman\Application Data\AVAST Software
[2013/11/29 23:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/11/29 12:28:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[24 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp files -> C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/06 21:36:12 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
[2013/12/06 21:36:04 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
[2013/12/06 21:24:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
[2013/12/06 20:55:07 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/06 20:27:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2013/12/05 21:58:53 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2013/12/05 21:53:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2013/12/03 22:32:03 | 000,002,390 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/03 22:32:02 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\Google Chrome.lnk
[2013/12/03 22:27:42 | 020,703,896 | ---- | M] (SUPERAntiSpyware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\SUPERAntiSpyware.exe
[2013/12/03 19:39:36 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\untitled.bmp
[2013/12/03 18:01:45 | 005,151,572 | R--- | M] (Swearware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\ComboFix.exe
[2013/12/03 17:22:04 | 003,687,936 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\RogueKiller.exe
[2013/11/29 23:55:55 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/29 23:51:32 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/11/29 23:49:35 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/11/29 23:49:35 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/29 23:49:35 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/11/29 23:49:34 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/11/29 23:49:34 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/11/29 23:49:32 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/11/29 23:49:32 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/11/29 23:49:31 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/11/29 23:49:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/29 23:49:23 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/11/29 23:43:33 | 000,443,226 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2013/11/29 23:43:33 | 000,072,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2013/11/29 21:55:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/11/29 12:43:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[24 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp files -> C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/03 22:50:33 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2013/12/03 21:17:57 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
[2013/12/03 21:17:55 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
[2013/12/03 19:39:34 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\untitled.bmp
[2013/12/03 17:21:56 | 003,687,936 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\RogueKiller.exe
[2013/08/17 21:52:27 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/17 21:52:25 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/14 22:43:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/14 22:43:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/14 22:43:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/14 22:43:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/14 22:43:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/13 19:41:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/01/28 14:59:31 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\fusioncache.dat
[2007/01/22 20:25:56 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/13 14:47:44 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/12/02 21:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVAST Software
[2013/08/14 21:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2013/11/29 23:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/09/05 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2013/08/04 23:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/08/04 21:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2009/04/18 12:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/04/15 21:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009/04/23 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/07/01 11:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/07/18 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/19 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/03/02 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/30 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/07/09 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/29 16:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2008/07/20 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/06/18 15:45:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4EF77D37-415C-4195-AE30-904ED23A3940}
[2009/04/15 14:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/11/29 23:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\AVAST Software
[2010/11/07 16:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\CheckPoint
[2009/09/07 12:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\DMCache
[2009/08/18 17:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\FUJIFILM
[2009/04/18 10:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\GlarySoft
[2009/07/10 16:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\KC Softwares
[2009/09/07 08:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\LimeWire
[2009/04/19 10:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\Nokia
[2009/04/19 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\PC Suite
[2009/08/27 11:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\Research In Motion
[2009/01/05 10:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\ScanSoft
[2009/06/22 09:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\Simply Super Software
[2009/05/05 12:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\Smart PC Solutions
[2009/10/30 17:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\Sports Interactive
[2009/06/03 09:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\SystemRequirementsLab
[2009/06/04 08:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Laura\Application Data\TrojanHunter
[2009/06/15 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louise\Application Data\PC Suite
[2009/07/21 09:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\alot
[2013/12/03 16:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\AVAST Software
[2009/08/27 19:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Blackberry Desktop
[2010/10/08 18:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\CheckPoint
[2010/05/30 19:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/09/15 15:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Datalayer
[2006/11/05 19:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\FTW
[2009/09/20 20:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\FUJIFILM
[2011/11/11 17:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\FunnyGames
[2011/02/27 21:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Nokia
[2006/09/15 15:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Nokia Multimedia Player
[2009/04/19 16:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\PC Suite
[2009/08/26 21:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Research In Motion
[2008/05/01 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\ScanSoft
[2005/10/23 18:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Template
[2008/03/02 15:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\ubi.com
[2011/12/11 15:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Visan
[2011/11/14 18:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\alot
[2010/10/24 08:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\CheckPoint
[2006/09/18 09:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Datalayer
[2009/02/04 22:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Nokia
[2006/09/18 09:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Nokia Multimedia Player
[2009/04/26 12:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\PC Suite
[2007/08/23 12:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ScanSoft
[2013/08/05 11:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab
[2006/03/31 20:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Template
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/14 00:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\alg.exe -- (ALG)
SRV - [2008/04/14 00:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\qmgr.dll -- (BITS)
SRV - [2012/07/06 13:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\browser.dll -- (Browser)
SRV - [2008/04/14 00:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 00:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 17:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (Eventlog)
SRV - [2008/04/14 00:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 00:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 00:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 00:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 00:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 00:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 00:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\netman.dll -- (Netman)
SRV - [2008/06/20 16:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\mswsock.dll -- (Nla)
SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (PlugPlay)
SRV - [2010/08/17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 00:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 00:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 00:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 00:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (SamSs)
SRV - [2008/04/14 00:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 05:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 00:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srsvc.dll -- (srservice)
SRV - [2008/04/14 00:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 00:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 00:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 00:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\termsrv.dll -- (TermService)
SRV - [2009/07/27 23:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 00:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vssvc.exe -- (VSS)
SRV - [2008/04/14 00:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 00:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 00:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 00:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 00:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 00:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 00:12:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 06:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: SERVICES  >
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\I386\SERVICES
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\SYSTEM32\DRIVERS\ETC\SERVICES
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 10:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.CNF  >
[2009/08/31 16:20:24 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Laura\My Documents\My Webs\_vti_pvt\services.cnf
[2007/02/25 12:08:29 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Documents and Settings\Maureen Hedderman\My Documents\My Webs\_vti_pvt\services.cnf
 
< MD5 for: SERVICES.DAT  >
[2013/11/05 22:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Documents and Settings\Laura\Local Settings\temp\jrt\services.dat
[2013/09/08 02:23:53 | 000,002,632 | ---- | M] () MD5=C4CCA8EB41B89E98EF1930EE42997010 -- C:\Documents and Settings\Administrator\Local Settings\temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 11:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 00:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\services.exe
[2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe
[2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SYSTEM32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\I386\SERVICES.EXE
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
 
< MD5 for: SERVICES.EXE-3019B50A.PF  >
[2013/12/03 19:58:43 | 000,017,306 | ---- | M] () MD5=F3665884F26912932EE18F975EE295A0 -- C:\WINDOWS\Prefetch\SERVICES.EXE-3019B50A.pf
 
< MD5 for: SERVICES.LNK  >
[2011/08/29 13:18:35 | 000,001,602 | ---- | M] () MD5=66122CFC045184316D1A1509CF420546 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\I386\SERVICES.MSC
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\SYSTEM32\SERVICES.MSC
 
< MD5 for: SVCHOST.EXE  >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\I386\SVCHOST.EXE
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\I386\USERINIT.EXE
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\DLLCACHE\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\I386\WINLOGON.EXE
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\DLLCACHE\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\I386\WINSOCK.DLL
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\SYSTEM32\DLLCACHE\winsock.dll
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\SYSTEM32\WINSOCK.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E7127D2
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 

 

Extras.Txt

 

OTL Extras logfile created on: 06/12/2013 21:27:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Maureen Hedderman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
509.98 Mb Total Physical Memory | 168.89 Mb Available Physical Memory | 33.12% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 71.33 Gb Free Space | 48.78% Space Free | Partition Type: NTFS
 
Computer Name: DCZZ1J1J | User Name: Maureen Hedderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:*:Enabled:RoxioUpnpService9 -- (Sonic Solutions)
"C:\Documents and Settings\Maureen Hedderman\Local Settings\temp\7zS441F\setup\hpznui01.exe" = C:\Documents and Settings\Maureen Hedderman\Local Settings\temp\7zS441F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:*:Enabled:RoxioUpnpService9 -- (Sonic Solutions)
"C:\Documents and Settings\Maureen Hedderman\Local Settings\temp\7zS441F\setup\hpznui01.exe" = C:\Documents and Settings\Maureen Hedderman\Local Settings\temp\7zS441F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 Academic Edition
"{43077338-B681-464A-8BE5-972DFCB003EC}" = Garfield PreSchool Maths Readiness
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50E60EDB-B7C9-440D-9345-511A55959387}" = Philips Firmware Manager
"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AEBDA27-60AF-43EA-B71E-B78115EABC76}" = MINITAB Release 14
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6261F-C0EC-46EF-85D6-67EDEEE2EF89}" = Corel Snapfire Plus
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = VIMICRO USB PC Camera (ZC0301PLH)
"{D3580358-0F78-402A-BE53-2E9D06383E04}" = NETGEAR WNA3100M N300 Wireless USB Adapter
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F20D2884-D854-48A7-B0F0-2921F3A23F81}" = BlackBerry Desktop Software 4.3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"24C8EE9E-CACE-4C60-8B1F-E2317BC2B510" = Crystal Maze (For Remote Control) from Dell Media Experience (remove only)
"24F30DB9-CBD0-420A-B39D-3BB5655E5334" = Overball from Dell Media Experience (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"542A04D2-5975-4FE3-9B47-8A708648CEA9" = Orbital from Dell Media Experience (remove only)
"7034285D-DFC3-42E5-B957-93A2622BC737" = Polar Bowler from Dell Media Experience (remove only)
"7-Zip" = 7-Zip 4.65
"8FDE0001-5FA4-45E6-8BD8-61EDEFE3EFDC" = Bounce Symphony from Dell Media Experience (remove only)
"932A7BED-387F-440F-9C95-F77FC6A4B843" = Crystal Maze from Dell Media Experience (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"B661BAD0-C7B4-40A0-AA2E-64612316D766" = Slyder from Dell Media Experience (remove only)
"BEF6363C-7A4A-421D-903C-24D785FF7B7B" = Tradewinds from Dell Media Experience (remove only)
"BlackBerry_{F20D2884-D854-48A7-B0F0-2921F3A23F81}" = BlackBerry Desktop Software 4.3
"CCleaner" = CCleaner
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DX-Ball 1.09" = DX-Ball 1.09
"E98B553D-C3DD-440C-AB4C-DA61E6AF72F4" = Slyder (For Remote Control) from Dell Media Experience (remove only)
"FileHippo.com" = FileHippo.com Update Checker
"Friendly Forest Reading Club" = Friendly Forest Reading Club
"Full Marks Key Stage 1 English Words" = Full Marks Key Stage 1 English Words
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Lemmings Revolution" = Lemmings Revolution
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Meteor Hotspot" = Meteor Hotspot
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PROSet" = Intel® PRO Network Adapters and Drivers
"Revo Uninstaller" = Revo Uninstaller 1.95
"ROS Offline Application" = ROS Offline Application
"Scrivener 1570" = Scrivener
"ShapeCollage" = Shape Collage
"Shop for HP Supplies" = Shop for HP Supplies
"Sunplus CA533A" = Icatch(IV) Camera Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Texas Hold 'Em" = Texas Hold 'Em
"VLC media player" = VLC media player 1.0.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1603862713-883117177-3406226420-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FunnyGames - cool_west" = FunnyGames - Cool West
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03/12/2013 13:35:02 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 03/12/2013 13:35:02 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 03/12/2013 13:35:08 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 03/12/2013 13:35:23 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This operation returned because the timeout period expired.  
 
Error - 03/12/2013 13:35:23 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 03/12/2013 13:35:23 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 03/12/2013 13:35:23 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 03/12/2013 13:35:23 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The specified server cannot perform the requested operation.  
 
Error - 03/12/2013 13:35:23 | Computer Name = DCZZ1J1J | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 03/12/2013 16:52:33 | Computer Name = DCZZ1J1J | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 updatechecker.exe, P2 1.40.0.0, P3 50af322d,
 P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
 P10 NIL.
 
[ System Events ]
Error - 02/12/2013 17:23:40 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFD  AswRdr  aswRvrt  aswSnx  aswSP  aswTdi  aswVmm  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
Vsdatant
WS2IFSL
 
Error - 02/12/2013 17:24:05 | Computer Name = DCZZ1J1J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
 arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 02/12/2013 17:24:19 | Computer Name = DCZZ1J1J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 02/12/2013 18:38:57 | Computer Name = DCZZ1J1J | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 03/12/2013 12:46:12 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error:   %%1058
 
Error - 03/12/2013 13:50:34 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error:   %%1058
 
Error - 03/12/2013 15:59:10 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error:   %%1058
 
Error - 03/12/2013 16:40:00 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error:   %%1058
 
Error - 05/12/2013 17:54:30 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error:   %%1058
 
Error - 06/12/2013 16:27:28 | Computer Name = DCZZ1J1J | Source = Service Control Manager | ID = 7000
Description = The Icatch(IV) Video Camera Device service failed to start due to
the following error:   %%1058
 
 
< End of report >
 

 

Thank you!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 07 December 2013 - 09:44 AM

You have what has been identified as a Flash Drive Infection.

1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
  • Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
    ===

    Next,

    Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found
    IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No CLSID value found.
    O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-1603862713-883117177-3406226420-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\Auto\command - "" = AdobeR.exe e
    O33 - MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2b8a7bac-f8f4-11dd-90d5-001111bd355d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
    O33 - MountPoints2\{87bcf76e-b1fe-11da-9fd6-001111bd355d}\Shell - "" = AutoRun
    O33 - MountPoints2\{87bcf76e-b1fe-11da-9fd6-001111bd355d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{87bcf76e-b1fe-11da-9fd6-001111bd355d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
    O33 - MountPoints2\{9290c826-98e2-11da-9f9f-001111bd355d}\Shell - "" = AutoRun
    O33 - MountPoints2\{9290c826-98e2-11da-9f9f-001111bd355d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9290c826-98e2-11da-9f9f-001111bd355d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
    O33 - MountPoints2\{e04d1384-bd3f-11e1-85cb-001111bd355d}\Shell - "" = AutoRun
    O33 - MountPoints2\{e04d1384-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e04d1384-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{e04d1385-bd3f-11e1-85cb-001111bd355d}\Shell - "" = AutoRun
    O33 - MountPoints2\{e04d1385-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e04d1385-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{e04d1394-bd3f-11e1-85cb-001111bd355d}\Shell - "" = AutoRun
    O33 - MountPoints2\{e04d1394-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e04d1394-bd3f-11e1-85cb-001111bd355d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E7127D2
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Files
    ipconfig /flushdns /c
    
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    Run The ComboFix tool.
    If it fails to complete disable this FoxyProxy Standard

    [2013/12/05 22:20:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\foxyproxy@eric.h.jung


    Run the ComboFix again and post the log if you can.

    Let me know what problem persists with this computer.


#8 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 10 December 2013 - 09:26 AM

Hi nasdaq,

 

1 - Flash Drive Disinfector

 

Done, but can't see any hidden folder call autorun.inf, didn't want to delete it, just wanted to see it is there but can't find it.

 

OTL: here is the report:

 

OTL logfile created on: 07/12/2013 22:07:42 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Maureen Hedderman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
 
509.98 Mb Total Physical Memory | 79.50 Mb Available Physical Memory | 15.59% Memory free
1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.22 Gb Total Space | 71.18 Gb Free Space | 48.68% Space Free | Partition Type: NTFS
Drive E: | 967.22 Mb Total Space | 336.22 Mb Free Space | 34.76% Space Free | Partition Type: FAT
 
Computer Name: DCZZ1J1J | User Name: Maureen Hedderman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/06 21:24:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
PRC - [2013/11/29 23:48:27 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/29 23:48:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/06 19:20:28 | 002,152,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13120601\algo.dll
MOD - [2013/11/29 23:49:19 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/29 23:48:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/27 18:42:41 | 000,182,184 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/23 20:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/12/07 17:31:24 | 000,303,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe -- (WSWNA3100M)
SRV - [2009/03/04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\Laura\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)
DRV - [2013/11/29 23:49:35 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2013/11/29 23:49:35 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/29 23:49:35 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2013/11/29 23:49:34 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSnx.sys -- (aswSnx)
DRV - [2013/11/29 23:49:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/29 23:49:32 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/29 23:49:32 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/29 23:49:31 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (AswRdr)
DRV - [2011/11/28 20:43:42 | 001,284,712 | ---- | M] (NETGEAR Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WNA3100M.sys -- (WNA3100M)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/29 16:50:12 | 000,391,430 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbVM303.sys -- (ZSMC303)
DRV - [2006/01/18 13:05:18 | 000,017,536 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtpaSp50.sys -- (NTPASp50)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS -- (FsVga)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/10/21 11:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Ca533av.sys -- (Ca533av)
DRV - [2002/07/25 11:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Bulk533.sys -- (USBCamera)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {CF25A840-44C4-488C-9DD6-F7E2A11C013E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6340E22F-7269-4DC5-BE25-82F5730E2F15}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{CF25A840-44C4-488C-9DD6-F7E2A11C013E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.ie/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..oldKeyword: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/04/23 17:31:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/29 15:38:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/17 21:45:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/03 22:12:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/29 15:38:08 | 000,000,000 | ---D | M]
 
[2011/06/18 16:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Extensions
[2013/12/05 22:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions
[2010/09/15 19:40:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/12/05 22:20:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\foxyproxy@eric.h.jung
[2013/12/05 22:20:29 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\0ahvokxh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/03 22:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/03 22:21:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16244 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: BeFunky Photo Editor = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Super Mario Bros = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cldhiebgknkdgjedabljpfffcnpjfadf\1.3.2_0\
CHR - Extension: Learn Italian - Molto Bene = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe\1.46_0\
CHR - Extension: Angry Birds Cool West-2011 version! = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egkpbocpdacphnlfilnjeogolepiooio\2.0_0\
CHR - Extension: Full Screen Weather = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Totem Breaker = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlffpiiabmdgalaoebphhpkhadofhgmd\1.0.4_0\
CHR - Extension: World of Solitaire = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: BBC Good Food = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
CHR - Extension: Gravity Duck = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\
CHR - Extension: Online TV From Ireland = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kloeijnimhipefjhgcidooaojgciifcn\2.2_0\
CHR - Extension: TV for Google Chrome™ = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\
CHR - Extension: Google Maps = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: Diet Diary = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd\1.1_0\
CHR - Extension: Mahjong Solitaire = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0\
CHR - Extension: Super Mario Atari = C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nokdphohbjccgojnakcpcnmdpgfmgmle\1_0\
 
O1 HOSTS File: ([2013/09/14 23:55:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\d1d859de-5a4f-4aaa-8ede-3626640df3aa.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AEC5981-5A43-4CB0-9618-DDBDA71EC7E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/28 18:39:18 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/28 19:39:20 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/07 21:55:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/06 21:24:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
[2013/12/03 22:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/03 21:54:12 | 020,703,896 | ---- | C] (SUPERAntiSpyware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\SUPERAntiSpyware.exe
[2013/12/03 20:59:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Maureen Hedderman\Recent
[2013/12/03 20:03:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/03 18:07:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/12/03 18:07:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Maureen Hedderman\Start Menu\Programs\Administrative Tools
[2013/12/03 18:00:14 | 005,151,572 | R--- | C] (Swearware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\ComboFix.exe
[2013/12/03 17:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen Hedderman\Desktop\RK_Quarantine
[2013/12/03 16:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen Hedderman\Application Data\AVAST Software
[2013/11/29 23:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/11/29 12:28:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[24 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp files -> C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/07 22:04:10 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/07 22:02:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2013/12/07 21:39:31 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\Flash_Disinfector.exe
[2013/12/07 21:36:25 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
[2013/12/07 21:36:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
[2013/12/07 20:46:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2013/12/06 21:55:08 | 000,002,390 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/06 21:55:07 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\Google Chrome.lnk
[2013/12/06 21:24:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
[2013/12/05 21:58:53 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
[2013/12/03 22:27:42 | 020,703,896 | ---- | M] (SUPERAntiSpyware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\SUPERAntiSpyware.exe
[2013/12/03 19:39:36 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\untitled.bmp
[2013/12/03 18:01:45 | 005,151,572 | R--- | M] (Swearware) -- C:\Documents and Settings\Maureen Hedderman\Desktop\ComboFix.exe
[2013/12/03 17:22:04 | 003,687,936 | ---- | M] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\RogueKiller.exe
[2013/11/29 23:55:55 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/29 23:51:32 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/11/29 23:49:35 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/11/29 23:49:35 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/11/29 23:49:35 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/11/29 23:49:34 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/11/29 23:49:34 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/11/29 23:49:32 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/11/29 23:49:32 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/11/29 23:49:31 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/11/29 23:49:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/11/29 23:49:23 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/11/29 23:43:33 | 000,443,226 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2013/11/29 23:43:33 | 000,072,492 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2013/11/29 21:55:04 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/11/29 12:43:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[24 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp files -> C:\Documents and Settings\Maureen Hedderman\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/07 21:39:20 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\Flash_Disinfector.exe
[2013/12/03 22:50:33 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
[2013/12/03 21:17:57 | 000,001,026 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
[2013/12/03 21:17:55 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
[2013/12/03 19:39:34 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\untitled.bmp
[2013/12/03 17:21:56 | 003,687,936 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Desktop\RogueKiller.exe
[2013/08/17 21:52:27 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/17 21:52:25 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/14 22:43:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/14 22:43:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/14 22:43:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/14 22:43:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/14 22:43:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/13 19:41:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2008/01/28 14:59:31 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\fusioncache.dat
[2007/01/22 20:25:56 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/13 14:47:44 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/29 23:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/09/05 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2013/08/04 23:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/08/04 21:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2009/04/18 12:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/04/15 21:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009/04/23 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/07/01 11:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/07/18 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/04/19 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/03/02 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/10/30 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/07/09 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/29 16:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2008/07/20 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/06/18 15:45:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4EF77D37-415C-4195-AE30-904ED23A3940}
[2009/04/15 14:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/21 09:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\alot
[2013/12/03 16:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\AVAST Software
[2009/08/27 19:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Blackberry Desktop
[2010/10/08 18:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\CheckPoint
[2010/05/30 19:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/09/15 15:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Datalayer
[2006/11/05 19:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\FTW
[2009/09/20 20:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\FUJIFILM
[2011/11/11 17:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\FunnyGames
[2011/02/27 21:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Nokia
[2006/09/15 15:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Nokia Multimedia Player
[2009/04/19 16:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\PC Suite
[2009/08/26 21:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Research In Motion
[2008/05/01 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\ScanSoft
[2005/10/23 18:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Template
[2008/03/02 15:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\ubi.com
[2011/12/11 15:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen Hedderman\Application Data\Visan
 
========== Purity Check ==========
 
 

< End of report >
 

 

ComboFix:

 

Didn't work, same problem as before, even after disabling FoxyProxy Standard

 

 

Thank you



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 10 December 2013 - 02:37 PM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Keep me posted.

#10 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 13 December 2013 - 07:36 PM

Hi nasdaq,

 

Sorry for the late response, only got the time to work on it today!

 

I did what you told me.

 

PC was better but still slow to respond or freezing sometimes.

 

I then tried to run ComboFix, thought it would work this time but the same problem still occured.

 

I then decided to run SUPERAntiSpyware Free Edition and it detected 2 Adware.RX threats as well as a good few tracking cookies. I removed them and restared the PC. It seems much better so far, but I am going to see tomorrow how it goes.

 

Should I try to run ComboFix in Safe Mode do you think?

 

Thanks



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 14 December 2013 - 10:21 AM

Run this one instead of ComboFix.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#12 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 14 December 2013 - 03:21 PM

Hi nasdaq,

 

I will do that, but first I started a full scan with Malwarebytes Anti-Malware, has been running for 4h30 and found 3 infections so far. I can post the report when it's finished if you want...



#13 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 14 December 2013 - 04:20 PM

Scan finished, found 4 infections!

Restarted the PC, but PC froze at startup, had to turn off and restart manually.

PC was taking a bit more time to respond at the beginning, seemed a bit better after 5-10  minutes.

 

I am going to scan with Farbar now. Will post the report when finished.



#14 Flaemilau

Flaemilau
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 14 December 2013 - 05:25 PM

FRST scan finished, please find the FRST.txt log below and the Addition.txt log attached as requested:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-12-2013 01
Ran by Maureen Hedderman (administrator) on DCZZ1J1J on 14-12-2013 21:24:25
Running from C:\Documents and Settings\Maureen Hedderman\Desktop\Farbar Recovery Scan Tool
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-12] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Simon\...\Run: [kdx] - C:\Program Files\Kontiki\KHost.exe -all
HKU\Simon\...\Run: [AdobeUpdater] - "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/ie/enu/gen/default.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6340E22F-7269-4DC5-BE25-82F5730E2F15} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: No Name - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -  No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Maureen Hedderman\Application Data\Mozilla\Firefox\Profiles\a47x47ap.default-1386681634015
FF Homepage: www.google.ie
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: r
CHR DefaultSearchProvider: Search Results
CHR DefaultSearchURL: http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (getPlusPlus for Adobe 16244) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Google Update) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Angry Birds) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (BeFunky Photo Editor) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab\1.1_0
CHR Extension: (YouTube) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0
CHR Extension: (Super Mario Bros) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cldhiebgknkdgjedabljpfffcnpjfadf\1.3.2_0
CHR Extension: (Learn Italian - Molto Bene) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe\1.46_0
CHR Extension: (Angry Birds Cool West-2011 version!) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egkpbocpdacphnlfilnjeogolepiooio\2.0_0
CHR Extension: (Full Screen Weather) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0
CHR Extension: (Totem Breaker) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlffpiiabmdgalaoebphhpkhadofhgmd\1.0.4_0
CHR Extension: (World of Solitaire) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0
CHR Extension: (BBC Good Food) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0
CHR Extension: (Gravity Duck) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0
CHR Extension: (Online TV From Ireland) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kloeijnimhipefjhgcidooaojgciifcn\2.2_0
CHR Extension: (TV for Google Chrome™) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0
CHR Extension: (Google Maps) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0
CHR Extension: (Aviary Photo Editor for Facebook) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0
CHR Extension: (Diet Diary) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd\1.1_0
CHR Extension: (Mahjong Solitaire) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc\1.0.0.2_0
CHR Extension: (Super Mario Atari) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nokdphohbjccgojnakcpcnmdpgfmgmle\1_0
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-12] (AVAST Software)
S4 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
S4 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S4 gupdate1c9a8837b0e06ce; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-19] (Google Inc.)
S4 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S4 WSWNA3100M; C:\Program Files\NETGEAR\WNA3100M\WifiSvc.exe [303360 2011-12-07] ()
S4 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-07-28] (Cisco Systems, Inc.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-12-12] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-12-12] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-12] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-12-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-12-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-12] ()
S3 BrScnUsb; C:\Windows\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [55152 2009-02-06] (Microsoft Corporation)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2004-08-04] (Microsoft Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NTPASp50; C:\Windows\System32\Drivers\NTPASp50.sys [17536 2006-01-18] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
R3 WNA3100M; C:\Windows\System32\DRIVERS\WNA3100M.sys [1284712 2011-11-28] (NETGEAR Corporation                           )
S3 ZSMC303; C:\Windows\System32\Drivers\usbVM303.sys [391430 2006-04-29] (Vimicro Corporation)
S3 bvrp_pci; No ImagePath
S2 Ca533av; System32\Drivers\Ca533av.sys [x]
S4 catchme; \??\C:\DOCUME~1\Laura\LOCALS~1\Temp\catchme.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 srescan; system32\ZoneLabs\srescan.sys [x]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 USBCamera; System32\Drivers\Bulk533.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-14 21:23 - 2013-12-14 21:23 - 00000000 ____D C:\FRST
2013-12-14 21:09 - 2013-12-14 21:24 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Desktop\Farbar Recovery Scan Tool
2013-12-14 15:32 - 2013-12-14 15:32 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 15:32 - 2013-12-14 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-14 15:31 - 2013-12-14 15:32 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-14 15:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-13 20:53 - 2013-12-13 20:53 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-12-13 20:53 - 2013-12-13 20:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-12-13 20:52 - 2013-12-13 21:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-13 19:24 - 2013-12-13 21:07 - 120469824 _____ (NVIDIA Corporation) C:\Documents and Settings\Maureen Hedderman\Desktop\327.23-desktop-winxp-32bit-english-whql.exe
2013-12-13 19:24 - 2013-12-13 20:40 - 100289344 _____ (Advanced Micro Devices, Inc.) C:\Documents and Settings\Maureen Hedderman\Desktop\13-4_xp32_dd_ccc_whql.exe
2013-12-13 14:47 - 2013-12-13 14:49 - 00012597 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-13 14:47 - 2013-12-13 14:49 - 00003421 _____ C:\WINDOWS\updspapi.log
2013-12-13 14:47 - 2013-12-13 14:47 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-13 14:46 - 2013-12-13 14:47 - 00004862 _____ C:\WINDOWS\KB2904266.log
2013-12-13 14:46 - 2013-12-13 14:46 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-13 14:13 - 2013-12-13 14:13 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-13 14:12 - 2013-12-13 14:12 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-13 14:11 - 2013-12-13 14:49 - 00036952 _____ C:\WINDOWS\FaxSetup.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00014154 _____ C:\WINDOWS\tsoc.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00012315 _____ C:\WINDOWS\comsetup.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00007470 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00006013 _____ C:\WINDOWS\iis6.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00002052 _____ C:\WINDOWS\ocmsn.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-12-13 14:11 - 2013-12-13 14:49 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-13 14:11 - 2013-12-13 14:47 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-13 13:50 - 2013-12-13 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-12-13 13:50 - 2013-12-13 13:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-13 13:50 - 2013-12-13 13:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-13 13:50 - 2013-12-13 13:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-13 13:50 - 2013-12-13 13:48 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-13 13:50 - 2013-12-13 13:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-13 13:47 - 2013-12-13 13:47 - 00000000 ____D C:\Program Files\Java
2013-12-12 13:54 - 2013-12-14 21:00 - 00000386 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-12 13:54 - 2013-12-12 13:54 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-12 13:54 - 2013-12-12 13:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-12-12 13:52 - 2013-12-12 13:52 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-12 13:52 - 2013-12-12 13:52 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-12-12 13:48 - 2013-12-12 13:48 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-11 14:13 - 2013-12-11 14:13 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2013-12-11 13:25 - 2013-12-12 13:38 - 00015026 _____ C:\WINDOWS\bitssetup.log
2013-12-11 13:25 - 2013-12-12 13:16 - 00001114 _____ C:\WINDOWS\Windows Update.log
2013-12-11 12:44 - 2013-12-12 13:38 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-11 12:36 - 2013-12-11 12:36 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Desktop\tweaking.com_windows_repair_aio
2013-12-11 12:34 - 2013-12-11 12:35 - 02900332 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\tweaking.com_windows_repair_aio.zip
2013-12-11 12:17 - 2013-12-13 14:47 - 00017201 _____ C:\WINDOWS\KB2898715.log
2013-12-11 12:17 - 2013-12-13 14:13 - 00015986 _____ C:\WINDOWS\KB2893294.log
2013-12-11 12:17 - 2013-12-13 14:12 - 00017774 _____ C:\WINDOWS\KB2893984.log
2013-12-11 12:16 - 2013-12-13 14:11 - 00015447 _____ C:\WINDOWS\KB2892075.log
2013-12-10 14:13 - 2013-12-14 15:15 - 00009064 _____ C:\WINDOWS\setupapi.log
2013-12-10 12:51 - 2013-12-10 12:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-10 12:27 - 2013-12-10 12:33 - 23108416 _____ (Mozilla) C:\Documents and Settings\Maureen Hedderman\Desktop\Firefox Setup 25.0.1.exe
2013-12-07 23:20 - 2013-12-07 23:21 - 00000403 _____ C:\WINDOWS\wmsetup.log
2013-12-07 21:55 - 2013-12-07 21:55 - 00000000 ____D C:\_OTL
2013-12-07 21:39 - 2013-12-07 21:39 - 00132597 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\Flash_Disinfector.exe
2013-12-06 22:04 - 2013-12-07 22:32 - 00086318 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.Txt
2013-12-06 22:04 - 2013-12-06 22:04 - 00065484 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\Extras.Txt
2013-12-06 21:24 - 2013-12-06 21:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
2013-12-03 22:50 - 2013-12-05 21:58 - 00002048 _____ C:\Uninstall.dat
2013-12-03 22:11 - 2013-12-10 12:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-03 21:17 - 2013-12-14 19:37 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
2013-12-03 21:17 - 2013-12-13 21:37 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
2013-12-03 17:40 - 2013-12-03 17:41 - 00001626 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\RKreport[0]_D_12032013_174042.txt
2013-12-03 17:23 - 2013-12-03 17:40 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Desktop\RK_Quarantine
2013-12-03 17:21 - 2013-12-03 17:22 - 03687936 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\RogueKiller.exe
2013-12-03 16:47 - 2013-12-03 16:47 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Application Data\AVAST Software
2013-12-02 21:24 - 2013-12-02 21:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
2013-11-29 23:59 - 2013-11-29 23:59 - 00000000 ____D C:\Documents and Settings\Laura\Application Data\AVAST Software
2013-11-29 23:37 - 2013-11-26 11:37 - 87529432 _____ (AVAST Software) C:\Documents and Settings\Laura\Desktop\avast_free_antivirus_setup.exe
2013-11-29 23:15 - 2013-11-29 23:15 - 00000581 _____ C:\Documents and Settings\Laura\Desktop\JRT.txt
2013-11-29 22:50 - 2013-11-29 22:40 - 01034531 _____ (Thisisu) C:\Documents and Settings\Laura\Desktop\JRT.exe
2013-11-29 22:14 - 2013-11-29 22:15 - 00016196 _____ C:\Documents and Settings\Laura\Desktop\install.txt
2013-11-29 19:04 - 2013-11-29 19:04 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-29 18:47 - 2013-11-29 18:47 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-29 18:46 - 2013-11-29 18:46 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2847311$
2013-11-29 18:45 - 2013-11-29 18:45 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2862335$
2013-11-29 18:42 - 2013-11-29 18:42 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-29 18:41 - 2013-11-29 18:41 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-29 18:40 - 2013-11-29 18:40 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2868038$
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2883150$
2013-11-29 18:30 - 2013-11-29 18:30 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-29 11:50 - 2013-11-29 11:37 - 01091882 _____ C:\Documents and Settings\Laura\Desktop\AdwCleaner.exe

==================== One Month Modified Files and Folders =======

2013-12-14 21:24 - 2013-12-14 21:09 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Desktop\Farbar Recovery Scan Tool
2013-12-14 21:23 - 2013-12-14 21:23 - 00000000 ____D C:\FRST
2013-12-14 21:08 - 2005-02-21 14:55 - 01911224 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-14 21:00 - 2013-12-12 13:54 - 00000386 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-14 20:51 - 2005-02-21 14:55 - 00032646 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-14 20:50 - 2005-02-21 14:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-14 20:50 - 2004-08-10 12:59 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2013-12-14 20:50 - 2004-08-10 12:59 - 00000050 _____ C:\WINDOWS\WIASERVC.LOG
2013-12-14 20:34 - 2012-01-13 23:09 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2585542$
2013-12-14 20:34 - 2005-10-21 14:45 - 00000278 ___SH C:\Documents and Settings\Maureen Hedderman\NTUSER.INI
2013-12-14 19:37 - 2013-12-03 21:17 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006UA.job
2013-12-14 15:38 - 2005-02-21 14:48 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-12-14 15:32 - 2013-12-14 15:32 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-14 15:32 - 2013-12-14 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-14 15:32 - 2013-12-14 15:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-14 15:15 - 2013-12-10 14:13 - 00009064 _____ C:\WINDOWS\setupapi.log
2013-12-14 00:01 - 2005-02-21 14:51 - 00000327 __RSH C:\BOOT.INI
2013-12-14 00:01 - 2004-08-10 13:04 - 00001669 _____ C:\WINDOWS\WIN.INI
2013-12-14 00:01 - 2004-08-10 12:57 - 00000502 _____ C:\WINDOWS\system.ini
2013-12-13 21:37 - 2013-12-03 21:17 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1603862713-883117177-3406226420-1006Core.job
2013-12-13 21:11 - 2013-12-13 20:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-13 21:07 - 2013-12-13 19:24 - 120469824 _____ (NVIDIA Corporation) C:\Documents and Settings\Maureen Hedderman\Desktop\327.23-desktop-winxp-32bit-english-whql.exe
2013-12-13 20:53 - 2013-12-13 20:53 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-12-13 20:53 - 2013-12-13 20:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-12-13 20:40 - 2013-12-13 19:24 - 100289344 _____ (Advanced Micro Devices, Inc.) C:\Documents and Settings\Maureen Hedderman\Desktop\13-4_xp32_dd_ccc_whql.exe
2013-12-13 16:41 - 2009-06-30 17:55 - 00000000 ____D C:\WINDOWS\ERDNT
2013-12-13 16:41 - 2005-02-21 14:47 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-13 15:03 - 2004-08-10 13:08 - 00230392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-13 14:49 - 2013-12-13 14:47 - 00012597 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-13 14:49 - 2013-12-13 14:47 - 00003421 _____ C:\WINDOWS\updspapi.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00036952 _____ C:\WINDOWS\FaxSetup.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00017736 _____ C:\WINDOWS\ocgen.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00014154 _____ C:\WINDOWS\tsoc.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00012315 _____ C:\WINDOWS\comsetup.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00007470 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00006013 _____ C:\WINDOWS\iis6.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00002052 _____ C:\WINDOWS\ocmsn.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00001854 _____ C:\WINDOWS\msgsocm.log
2013-12-13 14:49 - 2013-12-13 14:11 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-13 14:48 - 2009-06-19 18:09 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-13 14:47 - 2013-12-13 14:47 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-13 14:47 - 2013-12-13 14:46 - 00004862 _____ C:\WINDOWS\KB2904266.log
2013-12-13 14:47 - 2013-12-13 14:11 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-13 14:47 - 2013-12-11 12:17 - 00017201 _____ C:\WINDOWS\KB2898715.log
2013-12-13 14:47 - 2007-02-15 13:46 - 00886200 _____ C:\WINDOWS\system32\TZLog.log
2013-12-13 14:46 - 2013-12-13 14:46 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-13 14:45 - 2013-08-17 22:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-13 14:21 - 2006-05-09 12:48 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-13 14:13 - 2013-12-13 14:13 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-13 14:13 - 2013-12-11 12:17 - 00015986 _____ C:\WINDOWS\KB2893294.log
2013-12-13 14:12 - 2013-12-13 14:12 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-13 14:12 - 2013-12-11 12:17 - 00017774 _____ C:\WINDOWS\KB2893984.log
2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 _____ C:\WINDOWS\setupact.log
2013-12-13 14:11 - 2013-12-11 12:16 - 00015447 _____ C:\WINDOWS\KB2892075.log
2013-12-13 13:50 - 2013-12-13 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-12-13 13:48 - 2013-12-13 13:50 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-13 13:48 - 2013-12-13 13:50 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-13 13:48 - 2013-12-13 13:50 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-13 13:48 - 2013-12-13 13:50 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-12-13 13:48 - 2013-12-13 13:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-12-13 13:47 - 2013-12-13 13:47 - 00000000 ____D C:\Program Files\Java
2013-12-13 12:36 - 2005-02-21 15:03 - 00000000 ____D C:\Program Files\Common Files\Java
2013-12-12 13:54 - 2013-12-12 13:54 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-12-12 13:54 - 2013-12-12 13:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-12-12 13:52 - 2013-12-12 13:52 - 00774392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00403440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00178304 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00070384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-12 13:52 - 2013-12-12 13:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-12 13:52 - 2013-12-12 13:52 - 00035656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-12-12 13:52 - 2013-08-17 21:52 - 00269216 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-12 13:48 - 2013-12-12 13:48 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-12 13:47 - 2013-08-05 10:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-12 13:46 - 2005-02-21 14:55 - 00524888 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-12 13:45 - 2005-12-12 16:26 - 00059568 _____ C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-12 13:38 - 2013-12-11 13:25 - 00015026 _____ C:\WINDOWS\bitssetup.log
2013-12-12 13:38 - 2013-12-11 12:44 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-12 13:31 - 2004-08-10 13:04 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-12-12 13:31 - 2004-08-10 13:04 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-12-12 13:16 - 2013-12-11 13:25 - 00001114 _____ C:\WINDOWS\Windows Update.log
2013-12-11 14:17 - 2004-08-04 05:00 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_643
2013-12-11 14:13 - 2013-12-11 14:13 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2013-12-11 12:36 - 2013-12-11 12:36 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Desktop\tweaking.com_windows_repair_aio
2013-12-11 12:35 - 2013-12-11 12:34 - 02900332 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\tweaking.com_windows_repair_aio.zip
2013-12-11 11:27 - 2005-02-21 14:53 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2013-12-10 12:51 - 2013-12-10 12:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-10 12:51 - 2013-12-03 22:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-10 12:51 - 2013-08-04 23:06 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-10 12:51 - 2013-08-04 23:06 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-10 12:33 - 2013-12-10 12:27 - 23108416 _____ (Mozilla) C:\Documents and Settings\Maureen Hedderman\Desktop\Firefox Setup 25.0.1.exe
2013-12-07 23:32 - 2005-10-21 14:45 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman
2013-12-07 23:21 - 2013-12-07 23:20 - 00000403 _____ C:\WINDOWS\wmsetup.log
2013-12-07 23:20 - 2006-03-13 14:47 - 00017920 _____ C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-07 22:32 - 2013-12-06 22:04 - 00086318 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.Txt
2013-12-07 21:55 - 2013-12-07 21:55 - 00000000 ____D C:\_OTL
2013-12-07 21:39 - 2013-12-07 21:39 - 00132597 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\Flash_Disinfector.exe
2013-12-06 22:04 - 2013-12-06 22:04 - 00065484 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\Extras.Txt
2013-12-06 21:55 - 2011-10-09 19:05 - 00002372 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\Google Chrome.lnk
2013-12-06 21:24 - 2013-12-06 21:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Maureen Hedderman\Desktop\OTL.exe
2013-12-05 21:58 - 2013-12-03 22:50 - 00002048 _____ C:\Uninstall.dat
2013-12-03 21:04 - 2009-04-13 11:43 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Tracing
2013-12-03 17:41 - 2013-12-03 17:40 - 00001626 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\RKreport[0]_D_12032013_174042.txt
2013-12-03 17:40 - 2013-12-03 17:23 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Desktop\RK_Quarantine
2013-12-03 17:22 - 2013-12-03 17:21 - 03687936 _____ C:\Documents and Settings\Maureen Hedderman\Desktop\RogueKiller.exe
2013-12-03 16:47 - 2013-12-03 16:47 - 00000000 ____D C:\Documents and Settings\Maureen Hedderman\Application Data\AVAST Software
2013-12-02 22:38 - 2009-06-27 13:09 - 00000178 ___SH C:\Documents and Settings\Administrator\NTUSER.INI
2013-12-02 21:24 - 2013-12-02 21:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVAST Software
2013-11-30 00:05 - 2005-10-23 19:35 - 00000278 ___SH C:\Documents and Settings\Laura\NTUSER.INI
2013-11-30 00:05 - 2005-10-23 19:35 - 00000000 ____D C:\Documents and Settings\Laura
2013-11-30 00:00 - 2007-04-01 17:35 - 00059568 _____ C:\Documents and Settings\Laura\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-29 23:59 - 2013-11-29 23:59 - 00000000 ____D C:\Documents and Settings\Laura\Application Data\AVAST Software
2013-11-29 23:23 - 2005-10-25 19:01 - 00002513 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
2013-11-29 23:20 - 2005-02-21 14:48 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-11-29 23:15 - 2013-11-29 23:15 - 00000581 _____ C:\Documents and Settings\Laura\Desktop\JRT.txt
2013-11-29 22:40 - 2013-11-29 22:50 - 01034531 _____ (Thisisu) C:\Documents and Settings\Laura\Desktop\JRT.exe
2013-11-29 22:15 - 2013-11-29 22:14 - 00016196 _____ C:\Documents and Settings\Laura\Desktop\install.txt
2013-11-29 22:11 - 2005-02-21 14:46 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-11-29 22:06 - 2009-08-05 20:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-11-29 21:55 - 2013-07-26 17:46 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-11-29 21:54 - 2013-07-26 17:45 - 00000000 ____D C:\Program Files\CCleaner
2013-11-29 19:04 - 2013-11-29 19:04 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-29 18:47 - 2013-11-29 18:47 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-29 18:46 - 2013-11-29 18:46 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2847311$
2013-11-29 18:45 - 2013-11-29 18:45 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2862335$
2013-11-29 18:42 - 2013-11-29 18:42 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-29 18:41 - 2013-11-29 18:41 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-29 18:40 - 2013-11-29 18:40 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2868038$
2013-11-29 18:32 - 2013-11-29 18:32 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2883150$
2013-11-29 18:30 - 2013-11-29 18:30 - 00000000 ___DC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-29 12:05 - 2013-09-15 10:26 - 00000000 ____D C:\AdwCleaner
2013-11-29 11:37 - 2013-11-29 11:50 - 01091882 _____ C:\Documents and Settings\Laura\Desktop\AdwCleaner.exe
2013-11-28 14:04 - 2009-06-27 13:09 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-27 12:54 - 2009-06-18 20:31 - 00000000 ____D C:\Documents and Settings\Laura\Desktop\Louise
2013-11-26 11:37 - 2013-11-29 23:37 - 87529432 _____ (AVAST Software) C:\Documents and Settings\Laura\Desktop\avast_free_antivirus_setup.exe

Some content of TEMP:
====================
C:\Documents and Settings\Laura\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files


Edited by Flaemilau, 14 December 2013 - 05:26 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:47 AM

Posted 15 December 2013 - 09:15 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

BHO: No Name - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -  No File
BHO: No Name - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -  No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
CHR DefaultSearchKeyword: r
CHR DefaultSearchURL: http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Maureen Hedderman\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally.
===

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users