Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware threat. Computer very sick.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Lakes

Lakes

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 11 December 2013 - 11:17 PM

My Computer is running very slowly and takes about 20 minutes to boot up if at all as I sometimes have to turn it off at the box and start it again and again. I am sure this must be an adware or malware problem as I recognize the symptoms of sluggishness. When I AM able to eventually get online, it doesn't take long to freeze altogether. I have run Bleechbit, CC Cleaner and Malwarebytes which came up with 4 threats (PUP). I also have "Mysearch avg" bar which is impossible to get rid of. I'm not even running AVG as I have Panda. I'm not sure if I have inadvertantly downloaded something with a virus but I am usually very dilligent in this regard.

I am running Microsoft Windows XP Media Center Edition Version 2008 Service Pack three with AMD™ Sempron processor 3500+ (201 GHz/ 225 GB of RAM) with Panda anti virus.

Here is my hijackthis Log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:06:03, on 12/12/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [SlimDrivers] "C:\Program Files\SlimDrivers\SlimDrivers.exe" -boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-1214440339-1957994488-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

--
End of file - 7076 bytes
 


Edited by Lakes, 11 December 2013 - 11:21 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 12 December 2013 - 04:43 PM

Good evening. :)

As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow step 6 and post accordingly into this thread.


So long, and thanks for all the fish.

 

 


#3 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 12 December 2013 - 05:00 PM

Hi Noviciate,

 

Thanks for the hasty reply. Please find attached "attach.txt"

 

Best,

Lakes

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 12 December 2013 - 05:35 PM

If you re-read the link that I posted you should see that you need to copy and paste the first of the two logs that DDS created - DDs.txt.


So long, and thanks for all the fish.

 

 


#5 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 12 December 2013 - 05:37 PM

Oops sorry, my bad!

 

Here it is...

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702
Run by Simon at 21:48:53 on 2013-12-12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2303.391 [GMT 0:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* 
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0} : NameServer = 217.171.132.1 217.171.132.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\simon\application data\mozilla\firefox\profiles\pomw66pe.default-1364769427953\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com?type=937811&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\wordweb\wcapturemoz\plugins\npWCX.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2012-06-13 23:44; wcapturex@deskperience.com; c:\program files\wordweb\WCaptureMoz
.
============= SERVICES / DRIVERS ===============
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2013-5-29 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2013-5-29 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [2013-5-29 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2013-5-29 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2013-5-29 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2013-5-29 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2013-5-29 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2013-5-29 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2013-5-29 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2013-5-29 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2013-5-29 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2013-10-11 179944]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2013-4-2 1740696]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-18 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-18 701512]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2012-2-9 99328]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2013-10-3 140768]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2013-10-17 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2013-10-11 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2013-10-11 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2013-10-11 128232]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2013-10-19 37344]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-9-16 3273088]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2013-10-30 1373480]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-4-2 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-4-2 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-4-2 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-18 22856]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2013-11-30 47632]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2012-11-22 7040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-5-16 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-4-2 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-4-2 90112]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [2013-10-11 97896]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-22 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2013-5-29 52328]
.
=============== Created Last 30 ================
.
2013-12-11 00:50:58 9293192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-11-30 12:05:46 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-11-14 15:39:01 -------- d-----w- c:\program files\Uninstaller
2013-11-14 15:38:28 -------- d-----w- c:\program files\MyPC Backup
2013-11-14 15:37:43 -------- d-----w- c:\program files\VideoPlayer
.
==================== Find3M  ====================
.
2013-12-12 14:13:24 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-12-11 01:50:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 01:50:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 14:32:46 6784 ----a-w- c:\documents and settings\all users\application data\NanoRepository.bin
2013-10-17 19:31:22 145640 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-11 09:47:23 97896 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2013-10-11 09:46:44 128232 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2013-10-11 09:46:43 115048 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2013-10-11 09:46:42 179944 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2013-10-11 09:46:42 103528 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 21:50:36.51 ===============


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 13 December 2013 - 02:22 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.
 

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Download OTL by OldTimer from here and save it to your Desktop.
 

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 


So long, and thanks for all the fish.

 

 


#7 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 13 December 2013 - 05:59 PM

Hi again Noviciate,

 

Eset Online scanner did not identify any threats. 

 

Here is the OTL.txt...

 

OTL logfile created on: 13/12/2013 22:41:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Simon\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.25 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 30.69% Memory free
4.10 Gb Paging File | 2.30 Gb Available in Paging File | 56.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.44 Gb Total Space | 10.01 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive D: | 27.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: FUNNY-90F7F5F9E | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/13 22:40:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon\My Documents\Downloads\OTL.exe
PRC - [2013/10/19 05:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2013/10/19 05:19:34 | 000,032,736 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2013/10/03 06:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2013/09/16 11:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/08/15 06:28:51 | 000,847,312 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/07/10 07:58:32 | 029,378,880 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2013/05/16 21:40:06 | 000,077,056 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/05 19:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/03/23 15:32:42 | 010,042,776 | ---- | M] (3Connect) -- C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
PRC - [2011/03/23 15:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2008/07/30 19:23:13 | 000,336,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/03 16:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/01/22 08:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/09/07 18:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 18:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2000/01/01 00:00:00 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/15 06:28:49 | 000,415,184 | ---- | M] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\ppgooglenaclpluginchrome.dll
MOD - [2013/08/15 06:28:48 | 013,602,768 | ---- | M] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\PepperFlash\pepflashplayer.dll
MOD - [2013/08/15 06:28:46 | 004,055,504 | ---- | M] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\pdf.dll
MOD - [2013/08/15 06:27:56 | 000,698,832 | ---- | M] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\libglesv2.dll
MOD - [2013/08/15 06:27:55 | 000,099,792 | ---- | M] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\libegl.dll
MOD - [2013/08/15 06:27:53 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.10\ffmpegsumo.dll
MOD - [2013/06/08 20:29:58 | 002,926,848 | ---- | M] () -- C:\WINDOWS\system32\wweb32.dll
MOD - [2013/06/04 07:23:02 | 000,562,688 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2013/04/12 17:23:30 | 000,612,664 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\sqlite3.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/12/10 01:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/11/03 15:28:36 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2011/03/23 15:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2011/03/23 15:17:48 | 000,194,560 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\SocketMgr.dll
MOD - [2008/07/30 19:23:19 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/01/22 08:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013/12/11 01:50:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/19 05:19:35 | 000,037,344 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2013/10/03 06:13:48 | 000,140,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2013/09/16 11:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/12 04:51:41 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/03/23 15:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2008/01/22 08:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/09/07 18:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2000/01/01 00:00:00 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/13 19:51:42 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/10/17 19:31:22 | 000,145,640 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2013/10/11 09:47:23 | 000,097,896 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PSINReg.sys -- (PSINReg)
DRV - [2013/10/11 09:46:44 | 000,128,232 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2013/10/11 09:46:43 | 000,115,048 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2013/10/11 09:46:42 | 000,179,944 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2013/10/11 09:46:42 | 000,103,528 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2013/05/29 03:55:11 | 000,230,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2013/05/29 03:55:11 | 000,108,904 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2013/05/29 03:55:11 | 000,093,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2013/05/29 03:55:10 | 000,287,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2013/05/29 03:55:10 | 000,161,384 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2013/05/29 03:55:10 | 000,106,344 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2013/05/29 03:55:09 | 000,124,648 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2013/05/29 03:55:09 | 000,095,464 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2013/05/29 03:55:09 | 000,052,328 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)
DRV - [2013/05/29 03:55:08 | 000,126,184 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2013/05/29 03:55:08 | 000,107,752 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV - [2013/05/29 03:55:08 | 000,084,200 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2013/04/29 07:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/23 15:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 15:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/03/23 15:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 15:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 15:15:48 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/23 15:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 15:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011/02/11 21:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008/07/30 19:36:20 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/04/14 12:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/02/16 19:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 18:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/16 00:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2000/01/01 00:00:00 | 005,589,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2000/01/01 00:00:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2000/01/01 00:00:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2000/01/01 00:00:00 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2000/01/01 00:00:00 | 000,007,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {9C950E3E-B79A-4378-BAC2-74E7C03B5101}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9C950E3E-B79A-4378-BAC2-74E7C03B5101}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{B26BF5F0-D37B-4523-8C9C-6B3E9657FB9F}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=407453"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "http://uk.search.yahoo.com?type=937811&fr=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.7
FF - prefs.js..extensions.enabledAddons: wcapturex%40deskperience.com:5.0.4406
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/10 03:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/12 04:51:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/11 14:05:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2012/02/10 03:22:20 | 000,000,000 | ---D | M]
 
[2012/12/25 22:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Extensions
[2013/12/12 04:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions
[2013/10/08 18:21:29 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\savingsslider@mybrowserbar.com
[2013/12/12 04:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\staged
[2013/03/31 22:37:23 | 000,615,655 | ---- | M] () (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\testpilot@labs.mozilla.com.xpi
[2013/12/12 04:04:02 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/12 04:03:59 | 000,010,433 | ---- | M] () (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\staged\savingsslider@mybrowserbar.com.xpi
[2013/12/12 04:03:59 | 000,619,291 | ---- | M] () (No name found) -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\extensions\staged\testpilot@labs.mozilla.com.xpi
[2013/07/18 18:15:59 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\searchplugins\yahoo.xml
[2013/10/08 18:20:48 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\searchplugins\yahoo_ff.xml
[2013/09/16 15:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/23 21:11:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/12 04:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/23 21:11:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/12 04:51:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/10 03:22:20 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
[2012/02/10 17:35:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg.com/?cid={8D6F5C92-9FD5-495E-BA97-9D5560432D04}&mid=21ea302a405a47d09fead15756fb968e-2188174100fd93d9544876084314b5c43360fc2b&lang=en&ds=ad011&pr=sa&d=2013-05-06 03:25:09&v=15.1.0.2&pid=safeguard&sg=2&sap=hp
CHR - Extension: Google Docs = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: YouTube = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Search = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Dark Vibe = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: Pinterest = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_1\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: PicBadges = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_0\
CHR - Extension: PicBadges = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgjkknncnlepghplinfpikcijdbmidbg\1.8_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.7_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.8_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2013/09/18 16:57:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [SlimDrivers] C:\Program Files\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4CC0BD0-0B5B-4BC6-BF33-A4B045DD17F0}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/09 18:37:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/23 18:37:04 | 000,148,888 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/07/22 11:37:40 | 000,027,750 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/03/23 18:17:40 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/13 20:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/13 19:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/12/13 10:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\England World Cup
[2013/12/13 01:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/12/12 18:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Vicky
[2013/12/12 03:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Simon\Recent
[2013/12/11 17:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Start Menu\Programs\BleachBit
[2013/12/10 01:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\New
[2013/12/07 19:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Horse
[2013/12/07 19:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\December
[2013/11/30 12:05:46 | 000,047,632 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2013/11/30 00:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2013/11/23 17:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\New Pixies
[2013/11/23 03:03:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Simon\Desktop\Web design
[2013/11/21 19:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Facebook Album
[2013/11/19 14:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Funny Farm
[2013/11/14 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/11/14 15:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/11/14 15:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/11/14 15:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoPlayer
[2013/11/14 15:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoPlayer
[2013/06/20 16:19:13 | 005,369,040 | ---- | C] (PC Cleaners) -- C:\Documents and Settings\All Users\Application Data\pclunst.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/13 22:54:09 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AC9760B5-E4A4-4449-A33E-347A5925D556}.job
[2013/12/13 22:50:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/13 19:51:42 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/13 19:50:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/13 19:49:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/13 03:10:08 | 000,443,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/13 01:42:59 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/13 00:08:52 | 000,066,573 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Different-age-different-perspective.jpg
[2013/12/12 23:00:37 | 000,026,949 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\chevron iphone 5.jpg
[2013/12/12 03:40:28 | 000,050,550 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\url.jpg
[2013/12/09 18:33:03 | 005,758,637 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\IRS W-8 BEN form Simon Lake.jpg
[2013/12/09 14:47:04 | 000,104,411 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\fw8ben.pdf
[2013/12/04 16:49:10 | 000,002,239 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\EZ Fonts.lnk
[2013/11/23 09:25:11 | 000,414,205 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Flaticon-Photoshop-Plugin-Beta-v1.3.zip
 
========== Files Created - No Company Name ==========
 
[2013/12/13 01:40:07 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/12/13 00:08:50 | 000,066,573 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Different-age-different-perspective.jpg
[2013/12/12 23:00:36 | 000,026,949 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\chevron iphone 5.jpg
[2013/12/12 03:40:26 | 000,050,550 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\url.jpg
[2013/12/09 18:31:18 | 005,758,637 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\IRS W-8 BEN form Simon Lake.jpg
[2013/12/09 14:46:52 | 000,104,411 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\fw8ben.pdf
[2013/11/23 09:25:08 | 000,414,205 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Flaticon-Photoshop-Plugin-Beta-v1.3.zip
[2013/11/02 01:26:24 | 000,006,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin.bak
[2013/11/02 01:26:24 | 000,006,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/08/12 12:38:06 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\file__0.localstorage
[2013/04/02 15:09:58 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2013/04/02 15:09:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2013/03/18 12:11:15 | 002,926,848 | ---- | C] () -- C:\WINDOWS\System32\wweb32.dll
[2012/11/22 16:49:30 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/11/22 16:01:15 | 000,026,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/11/22 15:30:53 | 000,007,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys
[2012/11/22 14:59:28 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/10/29 17:45:42 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/09/29 00:03:52 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Simon\.recently-used.xbel
[2012/09/15 13:29:04 | 000,000,178 | RHS- | C] () -- C:\WINDOWS\System32\thssdk32.sys
[2012/09/10 19:54:10 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-P9ST5.exe
[2012/09/04 19:49:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0x0304A000.sfl
[2012/05/16 15:31:50 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/05/16 15:31:50 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/05/16 15:31:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/05/14 10:57:07 | 000,022,440 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\2035822_Setup.crx
[2012/05/13 10:30:11 | 000,007,186 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/03/08 09:03:12 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2012/03/07 05:51:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/05 21:14:30 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 10:53:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/15 16:33:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 06:07:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\fusioncache.dat
[2012/02/09 21:40:00 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/09 19:11:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/09 19:06:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/02/09 19:03:05 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.fx.cleanup.xml
[2012/02/09 19:03:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.ie.cleanup.xml
[2012/02/09 19:03:05 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.fx.toolbars.xml
[2012/02/09 19:03:05 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Simon\20120209184741265.ie.toolbars.xml
[2012/02/09 19:02:58 | 000,011,653 | -H-- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\seuf.yda
[2012/02/09 18:58:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/09 18:40:42 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012/02/09 18:34:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/09 18:31:39 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\CabTool.exe
[2012/02/09 18:12:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/09 18:09:58 | 000,443,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2012/02/09 18:37:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/20 03:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/02 15:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2012/02/10 10:46:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/10 15:33:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/12/05 15:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/02/13 11:12:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/02/10 15:34:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2012/12/25 04:02:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/02/16 11:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2013/07/10 13:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/05/02 00:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/06/20 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2013/11/14 15:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/10/08 18:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2012/05/01 23:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/16 17:21:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/05/12 22:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\.Tribler
[2013/04/02 15:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Birdstep Technology
[2012/02/11 10:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\BleachBit
[2012/09/11 21:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\blekkotb_019
[2012/02/13 11:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Canon
[2013/08/12 12:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Imagitech
[2012/10/02 01:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\inkscape
[2012/09/15 15:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ipodderX
[2012/09/09 05:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Marine Aquarium Lite
[2012/02/14 12:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\mediabarbs
[2012/06/19 14:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Oracle
[2012/02/11 11:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Panda Security
[2012/11/22 14:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SecondLife
[2012/02/09 19:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Styler
[2012/02/13 15:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\T-Mobile
[2012/02/13 16:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\T-Mobile Internet Manager
[2012/05/14 04:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\thejokeapp.com
[2012/12/25 04:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TuneUp Software
[2012/02/11 11:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\wincorebsband
[2013/04/14 20:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\WinPatrol
[2013/08/30 00:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Zoichy
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
 
< End of report >


#8 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 13 December 2013 - 06:00 PM

And here is the Extras.Txt...

 

OTL Extras logfile created on: 13/12/2013 22:41:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Simon\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.25 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 30.69% Memory free
4.10 Gb Paging File | 2.30 Gb Available in Paging File | 56.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 44.44 Gb Total Space | 10.01 Gb Free Space | 22.51% Space Free | Partition Type: NTFS
Drive D: | 27.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: FUNNY-90F7F5F9E | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.CNHMEQ33CIMTMMNLQXPR5G5NMY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"3188:UDP" = 3188:UDP:*:Enabled:UDP 3188
"6286:TCP" = 6286:TCP:*:Enabled:TCP 6286
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series" = Canon MP480 series MP Drivers
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.5.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}" = SlimDrivers
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5499A827-E4C8-49B8-8462-4C0E5CA976A5}" = CITB-ConstructionSkills
"{69833D2A-A3A1-449B-ADF7-5FEBFE48FC55}" = Panda Cloud Antivirus
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"BleachBit" = BleachBit
"Canon MP480 series User Registration" = Canon MP480 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"Redtube Video Downloader_is1" = Redtube Video Downloader 3.29
"VideoPlayer" = VideoPlayer v2.0.6
"VLC media player" = VLC media player 2.0.8
"Wacom Tablet Driver" = Wacom Tablet
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WheelMouse" = Advanced Wheel Mouse 6.0.0.008
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/12/2013 23:14:15 | Computer Name = FUNNY-90F7F5F9E | Source = Application Hang | ID = 1002
Description = Hanging application Wilog.exe, version 2.8.36.7, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 12/12/2013 21:44:18 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 SP1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1 SP1.  The Windows installer
 cannot continue.
 
Error - 12/12/2013 21:44:20 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 SP1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
 could not be installed. Error code 1603. Additional information is available in
 the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error - 12/12/2013 21:44:21 | Computer Name = FUNNY-90F7F5F9E | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 13/12/2013 01:00:36 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 SP1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1 SP1.  The Windows installer
 cannot continue.
 
Error - 13/12/2013 01:00:38 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 SP1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
 could not be installed. Error code 1603. Additional information is available in
 the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error - 13/12/2013 01:00:38 | Computer Name = FUNNY-90F7F5F9E | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 13/12/2013 07:44:07 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 SP1 -- Error 1706.No valid source
 could be found for product Microsoft .NET Framework 1.1 SP1.  The Windows installer
 cannot continue.
 
Error - 13/12/2013 07:44:10 | Computer Name = FUNNY-90F7F5F9E | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 SP1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
 could not be installed. Error code 1603. Additional information is available in
 the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
 
Error - 13/12/2013 07:44:11 | Computer Name = FUNNY-90F7F5F9E | Source = NativeWrapper | ID = 5000
Description = 
 
[ System Events ]
Error - 08/12/2013 09:29:11 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error - 08/12/2013 23:02:30 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error - 10/12/2013 11:27:15 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error - 10/12/2013 20:40:57 | Computer Name = FUNNY-90F7F5F9E | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
 stream and has disconnected the client.
 
Error - 11/12/2013 11:50:04 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error - 11/12/2013 16:37:38 | Computer Name = FUNNY-90F7F5F9E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   nvatabus
 
Error - 11/12/2013 20:04:23 | Computer Name = FUNNY-90F7F5F9E | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the TabletServiceWacom service.
 
Error - 12/12/2013 21:44:21 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error - 13/12/2013 01:00:39 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error - 13/12/2013 07:44:11 | Computer Name = FUNNY-90F7F5F9E | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on 
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
 
< End of report >


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 14 December 2013 - 02:54 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*

  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.

* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.


So long, and thanks for all the fish.

 

 


#10 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 14 December 2013 - 03:41 PM

Hi,

 

I did as instructed and disabled my AV then ran the Combofix but did not see anything related to installing a Recovery Console so I am assuming this was automatic? The machine does appear to be running a bit smoother but I still have that problem of the mysearch AVG thing and I know from experience that this is a nasty virus and difficult to get rid of? I may be wrong but I just thought I would point it out to you. If I try to open my email Client from it's bookmark, I get "page not found" (Please see attachments) I do not have AVG installed on my machine and I am running Panda which I have now re-enabled.

 

Here is the Combofix Log...

 

ComboFix 13-12-13.01 - Simon 14/12/2013  20:12:48.9.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2303.1488 [GMT 0:00]
Running from: c:\documents and settings\Simon\My Documents\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-14 to 2013-12-14  )))))))))))))))))))))))))))))))
.
.
2013-12-14 18:55 . 2013-12-14 18:55 -------- d-----w- c:\windows\LastGood
2013-12-13 20:22 . 2013-12-13 20:22 -------- d-----w- c:\program files\ESET
2013-12-13 01:43 . 2013-12-13 01:43 -------- d-----w- c:\windows\ie8updates
2013-12-11 00:50 . 2013-12-11 01:50 9293192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-11-30 12:05 . 2013-04-29 07:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 18:55 . 2012-11-22 14:59 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-12-11 01:50 . 2013-04-16 22:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 01:50 . 2013-04-16 22:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-09 14:32 . 2013-11-02 01:26 6784 ----a-w- c:\documents and settings\All Users\Application Data\NanoRepository.bin
2013-11-07 05:38 . 2008-04-14 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2012-02-09 20:48 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2008-04-14 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2008-07-30 19:29 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2008-07-30 19:29 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2008-07-30 19:28 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2008-07-30 19:29 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-14 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-17 19:31 . 2013-10-17 19:31 145640 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-11 09:47 . 2013-10-11 09:47 97896 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2013-10-11 09:46 . 2013-10-11 09:46 128232 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2013-10-11 09:46 . 2013-10-11 09:46 115048 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2013-10-11 09:46 . 2013-10-11 09:46 179944 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2013-10-11 09:46 . 2013-10-11 09:46 103528 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-07-10 29378880]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-03-05 418024]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2013-05-16 77056]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20145368]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-10-19 32736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3188:UDP"= 3188:UDP:UDP 3188
"6286:TCP"= 6286:TCP:TCP 6286
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [29/05/2013 03:55 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [29/05/2013 03:55 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [29/05/2013 03:55 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [29/05/2013 03:55 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [29/05/2013 03:55 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [29/05/2013 03:55 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [29/05/2013 03:55 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [29/05/2013 03:55 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [29/05/2013 03:55 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [29/05/2013 03:55 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [29/05/2013 03:55 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [11/10/2013 09:46 179944]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [02/04/2013 15:10 1740696]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [18/09/2013 20:51 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18/09/2013 20:51 701512]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [03/10/2013 06:13 140768]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/02/2011 21:23 35088]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [17/10/2013 19:31 145640]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [11/10/2013 09:46 103528]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [11/10/2013 09:46 115048]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [11/10/2013 09:46 128232]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [19/10/2013 05:19 37344]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [30/10/2013 15:54 1373480]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [02/04/2013 15:10 11136]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [02/04/2013 15:10 235392]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [02/04/2013 15:10 73216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18/09/2013 20:51 22856]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [30/11/2013 12:05 47632]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [22/11/2012 15:30 7040]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/05/2012 13:52 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [02/04/2013 15:10 102784]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [02/04/2013 15:10 90112]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [11/10/2013 09:47 97896]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [22/11/2012 14:59 13464]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [29/05/2013 03:55 52328]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-16 01:50]
.
2013-12-14 c:\windows\Tasks\User_Feed_Synchronization-{AC9760B5-E4A4-4449-A33E-347A5925D556}.job
- c:\windows\system32\msfeedssync.exe [2012-02-09 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\Simon\Application Data\Mozilla\Firefox\Profiles\pomw66pe.default-1364769427953\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com?type=937811&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - ExtSQL: !HIDDEN! 2012-06-13 23:44; wcapturex@deskperience.com; c:\program files\WordWeb\WCaptureMoz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-14 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5504)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\program files\WordWeb\WHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-12-14  20:23:24
ComboFix-quarantined-files.txt  2013-12-14 20:23
.
Pre-Run: 10,472,456,192 bytes free
Post-Run: 10,509,897,728 bytes free
.
- - End Of File - - 5076086094DE698A60D26C49B0D36E00
6AEFA2BAC284226F1A5AED86E53D7BB9

Attached Files


Edited by Lakes, 14 December 2013 - 03:43 PM.


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 14 December 2013 - 04:06 PM

All you need to do for this is to reset your Homepage - https://support.google.com/chrome/answer/95314?hl=en I assume that you had AVG at some point in time. Let me know how you get on.


So long, and thanks for all the fish.

 

 


#12 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 14 December 2013 - 04:21 PM

Oh yes thank you. Yes I did have AVG before. I have done that and so I take it that was nothing to do with the problems I was having. It is running better now but still very slow to boot up. I think I may have some start up programs such as Skype that may be causing this.



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 14 December 2013 - 05:02 PM

The homepage was presumably a change that AVG made when you installed it and it didn't revert to it's previous setting on removal.

 

The difficulty with speed issues is that it is hard to nail down the exact cause. The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download TFC by OldTimer from here and save it to your Desktop.
 

  • You will need to close all open programs and save any work as TFC will require a reboot.
  • Double-click TFC.exe to run it. (Note: If you are using Vista, right-click the file and select Run As Administrator from the menu that appears).
  • Click the Start button to begin. Depending on how often you clean temp files, execution time could be anywhere from a few seconds to a minute or two - just sit back and enjoy the view.
  • Once it has finished it should reboot your PC all by itself. If it does not, please manually reboot.
  • Once rebooted your PC will run like a Cray supercomputer, or at least have less junk on the hard drive - OT's not a miracle worker you know!
  • Please note that this tool will empty the Recycle Bin as part of it's actions. If you have anything in there that you haven't finished with, move it first.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

I happen to prefer a third-party defrag tool to the one that Windows offers. You can read about it, and find a linky, here - it's free too!

 

 

Run through the lot and tell me how you get on.


So long, and thanks for all the fish.

 

 


#14 Lakes

Lakes
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southport, England
  • Local time:02:18 PM

Posted 14 December 2013 - 07:12 PM

Good Morning,

 

I have gone through all of that and it appears to have really done the trick, thanks so much! I often go to the Windows defrag tool and analyze but it always tells me that I do not need to defrag this volume. Are you sure that is the correct link you have provided for an alternative? I can't see anything related to a defrag tool there.

 

Bleeping Computer kicks ass.



#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:06:18 PM

Posted 15 December 2013 - 02:15 PM

Good evening. :)

Yet again the internet changes and doesn't inform me - my bad! Try this link. I suggest you use the Auslogic link which you'll find under the two coloured buttons:

 

 

Alternatively, click here to download from our website

 


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users