Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVASTI constantly blocking explorer.exe


  • This topic is locked This topic is locked
27 replies to this topic

#1 carters66

carters66

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 25 January 2014 - 05:26 AM

Hi

 

I am a new member and am looking for help!

 

I am running XP on a dell laptop and AVAST! is constantly blocking URL:MAL from the process:Explorer.exe. Within the last week it has recorded over 7000 blocks, it raises an alert every few seconds.

 

I have run malwarebytes, spybot etc and nothing has been found.

 

Does anyone know how I can resolve this?

 

Thank you



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 25 January 2014 - 08:17 PM

Hello,

 

please run a FRST scan first:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#3 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 26 January 2014 - 04:50 AM

thanks aharonov

 

below are the contents of the two files

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-01-2014 01
Ran by ian cartwright at 2014-01-26 09:35:14
Running from C:\Documents and Settings\ian cartwright\Local Settings\Temporary Internet Files\Content.IE5\NWH6OL1R
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (Version: 10.1.8 - Adobe Systems Incorporated)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (Version: 9.0.2013 - Avast Software)
AVG 2013 (Version: 13.0.3162 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3272 - AVG Technologies) Hidden
Basic Operation Guide EPSON SX430 Series (Version:  - )
BearShare (Version: 10.0.0.131832 - Musiclab, LLC) Hidden
Betfair.com Poker (Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom ASF Management Applications (Version: 10.13.02 - Broadcom Corporation)
Broadcom Management Programs (Version: 10.15.01 - Broadcom Corporation)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CameraDrivers (Version: 9.0.0.155 - Hewlett-Packard) Hidden
CameraReadme (Version: 9.0.0 - Hewlett-Packard) Hidden
CCleaner (Version: 4.10 - Piriform)
Conexant HDA D330 MDC V.92 Modem (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Dell Touchpad (Version: 7.1.102.7 - Alps Electric)
Dell Wireless WLAN Card (Version: 4.100.15.8 - Dell Inc.)
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Line Detect (Version: 1.21 - BVRP Software, Inc)
Epson Easy Photo Print 2 (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Software (Version:  - )
EPSON Scan (Version:  - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.4j - SEIKO EPSON CORPORATION)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (Version: 32.0.1700.41 - Google Inc.)
Google Earth (Version: 7.0.3.8542 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4601.54 - Google Inc.)
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
HP Imaging Device Functions 9.0 (Version: 9.0 - HP)
HP Photosmart Cameras 9.0 (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (Version: 9.0 - HP)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
hpicamDrvQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5218 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (Version: 2.1.0 - Oracle Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Download Manager (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
Nero Burning ROM (Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 12 (Version: 12.5.00900 - Nero AG)
Nero ControlCenter (Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
NetWaiting (Version: 2.5.44 - BVRP Software, Inc)
Network Guide EPSON SX430 Series (Version:  - )
Norton Identity Safe (Version: 2014.6.0.27 - Symantec Corporation)
NovaBench 3.0.4 (Version:  - Novawave Inc.)
NVIDIA Performance Drivers (Version: 1.0.0.2 - NVIDIA Corporation)
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PDF Reader Packages (HKCU Version:  - ) <==== ATTENTION
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
SigmaTel Audio (Version: 5.10.5210.0 - SigmaTel)
Sky Poker (Version: 1.128 - British Sky Broadcasting Group Plc)
Sky Poker (Version: 1.128 - British Sky Broadcasting Group Plc) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Speccy (Version: 1.18 - Piriform)
Spybot - Search & Destroy (Version: 2.3.37 - Safer-Networking Ltd.)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TomTom HOME (Version: 2.9.0 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
User's Guide EPSON SX430 Series (Version:  - )
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - NVIDIA (nv) Display  (07/09/2010 6.14.12.5896) (Version: 07/09/2010 6.14.12.5896 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (06/21/2010 1.0.15.0) (Version: 06/21/2010 1.0.15.0 - NVIDIA Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Player 11 (Version:  - )

==================== Restore Points  =========================

05-12-2013 14:34:16 System Checkpoint
05-12-2013 21:19:32 Driver Booster : Mobile Intel® 965 Express Chipset Family
15-12-2013 15:11:06 Installed SpyHunter
15-12-2013 21:07:41 Removed SpyHunter
15-12-2013 22:05:24 C
15-12-2013 22:06:22 C
15-12-2013 22:07:31 C
16-12-2013 17:40:08 C
06-01-2014 22:14:41 System Checkpoint
07-01-2014 03:01:33 Software Distribution Service 3.0
08-01-2014 17:27:29 Software Distribution Service 3.0
11-01-2014 17:24:48 System Checkpoint
14-01-2014 21:56:46 Installed %1 %2.
14-01-2014 21:58:31 Installed %1 %2.
14-01-2014 22:03:49 Installed Windows XP KB2492386.
14-01-2014 22:07:12 Installed Windows XP KB2632503.
14-01-2014 22:23:44 Installed Windows XP KB2808679.
14-01-2014 22:27:06 Installed Windows XP KB2914368.
19-01-2014 13:19:22 Removed IObit Apps Toolbar v8.3.
19-01-2014 13:23:41 avast! antivirus system restore point
19-01-2014 17:55:05 Installed AVG 2014
19-01-2014 17:56:44 Installed AVG 2014
20-01-2014 21:50:47 avast! antivirus system restore point
20-01-2014 22:18:55 avast! antivirus system restore point
21-01-2014 18:18:03 avast! antivirus system restore point
21-01-2014 18:40:03 Removed AVG 2014
21-01-2014 18:45:32 Removed AVG 2014
21-01-2014 19:47:52 avast! antivirus system restore point
24-01-2014 16:04:59 System Checkpoint
25-01-2014 11:53:32 avast! antivirus system restore point
26-01-2014 08:20:23 Software Distribution Service 3.0

==================== Hosts content: ==========================

2003-03-31 12:00 - 2014-01-25 23:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2009-11-03 14:35 - 2009-11-03 14:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2014-01-26 08:30 - 2014-01-25 17:46 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012501\algo.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-26 20:01 - 2007-03-16 17:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-01-21 19:51 - 2014-01-21 19:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-03 14:35 - 2009-11-03 14:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 00:15 - 2010-12-21 00:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF} => ""="Volume shadow copy"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sharedaccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2014 09:09:26 AM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor) (User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (01/26/2014 09:06:49 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/26/2014 08:15:07 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/25/2014 11:07:14 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/25/2014 11:07:03 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/25/2014 11:07:03 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/25/2014 11:07:03 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/25/2014 11:07:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/24/2014 09:57:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/24/2014 03:49:09 PM) (Source: Application Error) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4256, faulting module unknown, version 0.0.0.0, fault address 0x00310030.
Processing media-specific event for [avgmfapx.exe!ws!]

System errors:
=============
Error: (01/26/2014 09:09:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2014 09:09:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2014 09:09:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (01/26/2014 09:09:06 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (01/26/2014 09:09:06 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (01/26/2014 09:09:06 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (01/26/2014 09:09:06 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (01/26/2014 09:09:06 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/26/2014 09:09:05 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Microsoft Office Sessions:
=========================
Error: (01/26/2014 09:09:26 AM) (Source: Broadcom ASF IP and SMBIOS Mailbox Monitor)(User: )
Description: !ERROR 53 Refreshing BMAPI data

Error: (01/26/2014 09:06:49 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (01/26/2014 08:15:07 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (01/25/2014 11:07:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (01/25/2014 11:07:03 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/25/2014 11:07:03 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/25/2014 11:07:03 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/25/2014 11:07:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (01/24/2014 09:57:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (01/24/2014 03:49:09 PM) (Source: Application Error)(User: )
Description: avgmfapx.exe14.0.0.4256unknown0.0.0.000310030

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2037.79 MB
Available physical RAM: 1191.8 MB
Total Pagefile: 3930.49 MB
Available Pagefile: 3262.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:10.14 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: C208B0CD)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 01
Ran by ian cartwright (administrator) on IAN-DELL-LAPTOP on 26-01-2014 09:32:40
Running from C:\Documents and Settings\ian cartwright\Local Settings\Temporary Internet Files\Content.IE5\NWH6OL1R
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Farbar) C:\Documents and Settings\ian cartwright\Local Settings\Temporary Internet Files\Content.IE5\NWH6OL1R\FRST[1].exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\System32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [EPSON Stylus D88 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
SearchScopes: HKCU - DefaultScope {1B481C4B-2A43-4F98-B16E-DC3E11B87D90} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {1B481C4B-2A43-4F98-B16E-DC3E11B87D90} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {C7B3BD19-620A-468E-8898-02EE11580551} URL = http://www.google.com/search?q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: linkscanner - No CLSID Value -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2013-08-21]
FF Extension: No Name - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\searchplugins [2013-09-21]
FF Extension: Torntv 3 - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF HKCU\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com

Chrome:
=======
CHR HomePage: https://www.google.co.uk/
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-01-19]
CHR Extension: (V-bates) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2013-12-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2012-07-16]
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx [2012-07-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarm.crx [2013-11-19]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\\ChromeExt\\avg.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2013-10-17]

========================== Services (Whitelisted) =================

S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-02] (Oracle Corporation)
S3 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [3575808 2008-12-11] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-20] (AVG Secure Search)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-01-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-25] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-21] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2014-01-20] (AVG Technologies)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 catchme; \??\C:\DOCUME~1\IANCAR~1\LOCALS~1\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;
S3 tosporte; System32\DRIVERS\tosporte.sys [x]
S1 Tosrfcom; System32\Drivers\tosrfcom.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-26 09:30 - 2014-01-26 09:30 - 00000000 ____D C:\FRST
2014-01-25 23:28 - 2014-01-25 23:28 - 00024667 _____ C:\ComboFix.txt
2014-01-25 22:52 - 2013-12-03 11:41 - 00000239 _____ C:\Boot.bak
2014-01-25 22:52 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-25 22:51 - 2014-01-25 22:52 - 00000000 _RSHD C:\cmdcons
2014-01-25 22:49 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-25 22:49 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-25 22:49 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-25 22:47 - 2014-01-25 23:28 - 00000000 ____D C:\Qoobox
2014-01-25 22:46 - 2014-01-25 23:14 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-25 00:29 - 2014-01-25 00:29 - 00070368 _____ C:\Documents and Settings\ian cartwright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-24 21:51 - 2014-01-24 21:51 - 00269392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-24 20:36 - 2014-01-26 09:32 - 00102716 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 17:28 - 2014-01-26 08:34 - 00003565 _____ C:\WINDOWS\setupapi.log
2014-01-21 22:30 - 2014-01-21 22:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CDB
2014-01-21 22:26 - 2014-01-21 22:47 - 00000163 _____ C:\WINDOWS\Reimage.ini
2014-01-21 19:55 - 2014-01-21 19:55 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:54 - 2014-01-25 12:00 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-21 19:53 - 2014-01-26 09:15 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-21 19:52 - 2014-01-25 11:58 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-21 19:52 - 2014-01-25 11:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-21 19:52 - 2014-01-21 19:52 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 19:52 - 2014-01-21 19:52 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-01-21 19:47 - 2014-01-21 19:47 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-20 21:46 - 2014-01-21 19:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-01-20 19:47 - 2014-01-21 17:38 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-20 19:47 - 2014-01-21 17:38 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-20 19:47 - 2014-01-21 17:38 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-20 19:46 - 2014-01-20 19:46 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:45 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-01-20 19:08 - 2014-01-20 19:08 - 11873098 _____ (PortableAppZ.blogspot.com) C:\Documents and Settings\ian cartwright\Desktop\SpybotSD_Portable_1.6.2.46_MultiLang.paf.exe
2014-01-20 18:25 - 2014-01-20 19:24 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 18:24 - 2014-01-24 15:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-01-20 18:22 - 2014-01-20 18:20 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-01-20 18:21 - 2014-01-20 18:22 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2014-01-20 18:20 - 2014-01-20 18:21 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 - 2014-01-19 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVG2014
2014-01-19 17:57 - 2014-01-21 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-19 17:57 - 2014-01-21 18:43 - 00000000 ____D C:\$AVG
2014-01-19 17:55 - 2014-01-19 17:55 - 00000000 ____D C:\Program Files\AVG
2014-01-19 17:53 - 2014-01-21 18:46 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-19 14:10 - 2014-01-19 14:10 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2014-01-16 19:22 - 2014-01-16 19:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-14 22:26 - 2014-01-14 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 22:23 - 2014-01-14 22:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2014-01-14 22:19 - 2013-03-26 22:53 - 00074752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cryptdlg.dll
2014-01-14 22:03 - 2014-01-14 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2014-01-14 22:00 - 2011-03-11 14:10 - 00225262 ____C C:\WINDOWS\system32\dllcache\msimain.sdb
2014-01-14 21:59 - 2014-01-14 21:59 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-14 21:58 - 2014-01-14 21:58 - 00000000 ____D C:\WINDOWS\system32\winrm
2014-01-14 21:57 - 2014-01-14 21:59 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2014-01-14 21:57 - 2014-01-14 21:57 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2014-01-14 21:56 - 2014-01-14 21:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2014-01-12 20:57 - 2014-01-12 20:58 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 - 2014-01-12 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2014-01-11 15:11 - 2014-01-12 12:49 - 00011518 _____ C:\Documents and Settings\ian cartwright\My Documents\dec 2013.xlsx
2014-01-11 15:11 - 2014-01-11 15:33 - 00011259 _____ C:\Documents and Settings\ian cartwright\My Documents\nov  2013.xlsx
2014-01-08 17:28 - 2014-01-08 17:28 - 00000000 __SHD C:\Documents and Settings\Default User\IETldCache
2014-01-07 03:25 - 2014-01-07 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-07 03:15 - 2014-01-07 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-28 20:44 - 2013-12-28 20:44 - 00010443 _____ C:\Documents and Settings\ian cartwright\My Documents\Book1.xlsx

==================== One Month Modified Files and Folders =======

2014-01-26 09:32 - 2014-01-24 20:36 - 00102716 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-26 09:30 - 2014-01-26 09:30 - 00000000 ____D C:\FRST
2014-01-26 09:17 - 2012-11-05 16:39 - 00000000 ____D C:\Documents and Settings\ian cartwright\My Documents\Outlook Files
2014-01-26 09:15 - 2014-01-21 19:53 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-26 09:08 - 2013-12-05 21:40 - 00000157 _____ C:\WINDOWS\wiadebug.log
2014-01-26 09:07 - 2013-12-05 21:40 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-26 09:06 - 2012-04-25 17:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-26 09:06 - 2003-03-31 12:00 - 00013760 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-26 08:53 - 2013-12-05 21:37 - 00030052 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-26 08:53 - 2012-04-30 17:55 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2014-01-26 08:53 - 2012-04-25 17:27 - 00000178 ___SH C:\Documents and Settings\ian cartwright\ntuser.ini
2014-01-26 08:40 - 2013-07-13 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-26 08:34 - 2014-01-24 17:28 - 00003565 _____ C:\WINDOWS\setupapi.log
2014-01-26 08:27 - 2012-04-27 06:48 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-25 23:44 - 2012-04-25 17:27 - 00000000 ____D C:\Documents and Settings\ian cartwright
2014-01-25 23:28 - 2014-01-25 23:28 - 00024667 _____ C:\ComboFix.txt
2014-01-25 23:28 - 2014-01-25 22:47 - 00000000 ____D C:\Qoobox
2014-01-25 23:26 - 2012-04-25 18:06 - 00000000 ____D C:\WINDOWS\repair
2014-01-25 23:14 - 2014-01-25 22:46 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-25 23:13 - 2003-03-31 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-25 22:52 - 2014-01-25 22:51 - 00000000 _RSHD C:\cmdcons
2014-01-25 22:52 - 2012-04-25 18:10 - 00000355 __RSH C:\boot.ini
2014-01-25 22:43 - 2013-12-02 22:42 - 00004268 _____ C:\Documents and Settings\ian cartwright\Desktop\Rkill.txt
2014-01-25 12:00 - 2014-01-21 19:54 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-25 11:58 - 2014-01-21 19:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-25 11:58 - 2014-01-21 19:52 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-25 00:29 - 2014-01-25 00:29 - 00070368 _____ C:\Documents and Settings\ian cartwright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-24 21:51 - 2014-01-24 21:51 - 00269392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-24 21:50 - 2012-04-30 17:50 - 00000000 ____D C:\WINDOWS\SHELLNEW
2014-01-24 17:14 - 2013-01-19 14:34 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-24 17:14 - 2013-01-19 14:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-24 15:49 - 2012-04-27 06:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-24 15:48 - 2014-01-20 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-01-24 15:46 - 2012-05-20 17:45 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-24 15:45 - 2012-05-20 17:45 - 00000000 ____D C:\Program Files\CCleaner
2014-01-21 22:47 - 2014-01-21 22:26 - 00000163 _____ C:\WINDOWS\Reimage.ini
2014-01-21 22:31 - 2014-01-21 22:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CDB
2014-01-21 19:55 - 2014-01-21 19:55 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:52 - 2014-01-21 19:52 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 19:52 - 2014-01-21 19:52 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-01-21 19:47 - 2014-01-21 19:47 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-21 19:46 - 2014-01-20 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-01-21 18:46 - 2014-01-19 17:53 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-21 18:44 - 2014-01-19 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-21 18:43 - 2014-01-19 17:57 - 00000000 ____D C:\$AVG
2014-01-21 17:38 - 2014-01-20 19:47 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-21 17:38 - 2014-01-20 19:47 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-21 17:38 - 2014-01-20 19:47 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-20 19:46 - 2014-01-20 19:46 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:46 - 2013-12-01 13:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-20 19:44 - 2012-09-28 14:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-20 19:29 - 2012-09-28 15:11 - 00010705 _____ C:\WINDOWS\wininit.ini
2014-01-20 19:24 - 2014-01-20 18:25 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 19:08 - 2014-01-20 19:08 - 11873098 _____ (PortableAppZ.blogspot.com) C:\Documents and Settings\ian cartwright\Desktop\SpybotSD_Portable_1.6.2.46_MultiLang.paf.exe
2014-01-20 18:22 - 2014-01-20 18:21 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2014-01-20 18:21 - 2014-01-20 18:20 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2014-01-20 18:20 - 2014-01-20 18:22 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-01-19 22:16 - 2012-09-28 14:51 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 - 2014-01-19 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVG2014
2014-01-19 17:55 - 2014-01-19 17:55 - 00000000 ____D C:\Program Files\AVG
2014-01-19 17:18 - 2012-04-29 10:43 - 00000000 ____D C:\WINDOWS\pss
2014-01-19 14:20 - 2013-11-30 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Grisoft
2014-01-19 14:10 - 2014-01-19 14:10 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2014-01-19 13:54 - 2012-05-20 17:42 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-19 13:21 - 2013-12-05 00:08 - 00000000 ____D C:\Program Files\a-squared Free
2014-01-19 09:07 - 2012-04-27 18:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-16 19:24 - 2012-04-28 07:05 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Adobe
2014-01-16 19:22 - 2014-01-16 19:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-16 19:21 - 2012-05-01 19:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-16 18:18 - 2012-05-01 19:35 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-16 18:18 - 2012-05-01 19:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-14 22:26 - 2014-01-14 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 22:23 - 2014-01-14 22:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2014-01-14 22:18 - 2012-04-25 18:12 - 00662964 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-14 22:06 - 2012-04-27 18:47 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-14 22:06 - 2012-04-25 18:06 - 00000000 ____D C:\WINDOWS\security
2014-01-14 22:04 - 2012-04-26 21:09 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-14 22:03 - 2014-01-14 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2014-01-14 21:59 - 2014-01-14 21:59 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-14 21:59 - 2014-01-14 21:57 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2014-01-14 21:59 - 2012-04-25 18:06 - 00000000 ____D C:\WINDOWS\Help
2014-01-14 21:58 - 2014-01-14 21:58 - 00000000 ____D C:\WINDOWS\system32\winrm
2014-01-14 21:57 - 2014-01-14 21:57 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2014-01-14 21:56 - 2014-01-14 21:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2014-01-12 20:58 - 2014-01-12 20:57 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 - 2014-01-12 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2014-01-12 12:49 - 2014-01-11 15:11 - 00011518 _____ C:\Documents and Settings\ian cartwright\My Documents\dec 2013.xlsx
2014-01-11 15:33 - 2014-01-11 15:11 - 00011259 _____ C:\Documents and Settings\ian cartwright\My Documents\nov  2013.xlsx
2014-01-11 15:10 - 2012-04-29 15:47 - 00017206 _____ C:\Documents and Settings\ian cartwright\My Documents\honda records.xlsx
2014-01-08 17:49 - 2012-04-30 17:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-08 17:28 - 2014-01-08 17:28 - 00000000 __SHD C:\Documents and Settings\Default User\IETldCache
2014-01-07 03:25 - 2014-01-07 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-07 03:15 - 2014-01-07 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-07 03:15 - 2012-04-27 02:02 - 00034338 _____ C:\WINDOWS\system32\TZLog.log
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-31 10:13 - 2012-04-29 15:47 - 00016598 _____ C:\Documents and Settings\ian cartwright\My Documents\ben & seb university money.xlsx
2013-12-28 20:44 - 2013-12-28 20:44 - 00010443 _____ C:\Documents and Settings\ian cartwright\My Documents\Book1.xlsx
2013-12-27 22:02 - 2013-11-03 17:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

ZeroAccess:
C:\RECYCLER\S-1-5-18_old\$c1a96ec036c4902bcfa85e13bb33561e

Files to move or delete:
====================
C:\Documents and Settings\ian cartwright\Application Data\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#4 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 26 January 2014 - 07:42 AM

AVAST is no longer showing alerts! Has FRST  removed the problem?



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 27 January 2014 - 08:56 AM

Hi,

no, a FRST scan is not invasive and therefor did not remove the problem.
But the Combofix scan that you have launched might have deleted the malware.
Please post up the Combofix logfile of this run (you find it at C:\ComboFix.txt) so we can see what exactly happend there.

#6 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 27 January 2014 - 12:35 PM

Hi

 

here are the results of combofix. The problem still has not re-appeared or AVAST at least is not detecting it!

 

 

ComboFix 14-01-23.02 - ian cartwright 25/01/2014  22:54:59.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2038.694 [GMT 0:00]
Running from: c:\documents and settings\ian cartwright\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\16F
c:\documents and settings\All Users\Application Data\16F\{E8EB87B2-5320-4F1F-BB45-7C4A1C0D754D}.swf
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\17d248bc12e5292d.fb
c:\windows\system32\Cache\1995693d925c9137.fb
c:\windows\system32\Cache\1baf5b4599ef2911.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\24074aba81a54b4c.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\29f5b89d853e690b.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\49570c2060c13615.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6ae0d8960d2a89a4.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\91e8eeda9c14a8fb.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\abe4c30a2f4e33dc.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d67e6337a2fdecbb.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\dc033921b67f6c7f.fb
c:\windows\system32\Cache\e8833ad6a26d6f24.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\X86
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-25 to 2014-01-25  )))))))))))))))))))))))))))))))
.
.
2014-01-24 17:14 . 2014-01-24 17:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-21 22:30 . 2014-01-21 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CDB
2014-01-21 19:55 . 2014-01-21 19:55 -------- d-----w- c:\documents and settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:52 . 2014-01-25 11:58 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-21 19:52 . 2014-01-25 11:58 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-21 19:52 . 2014-01-21 19:52 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-21 19:52 . 2014-01-25 11:58 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-21 19:52 . 2014-01-25 11:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-21 19:52 . 2014-01-21 19:52 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-21 19:52 . 2014-01-25 11:58 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-21 19:52 . 2014-01-25 11:58 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-21 19:52 . 2014-01-25 11:58 43152 ----a-w- c:\windows\avastSS.scr
2014-01-21 19:47 . 2014-01-21 19:47 -------- d-----w- c:\program files\AVAST Software
2014-01-20 21:46 . 2014-01-21 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-01-20 19:45 . 2013-09-20 09:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-01-20 18:25 . 2014-01-20 19:24 -------- d-----w- c:\documents and settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 18:24 . 2014-01-24 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2014-01-20 18:23 . 2014-01-20 18:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2014-01-20 18:22 . 2014-01-20 18:20 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-01-20 18:21 . 2014-01-20 18:22 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2014-01-20 18:20 . 2014-01-20 18:21 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2014-01-19 22:04 . 2014-01-19 22:04 -------- d-----w- c:\program files\Check Point Software Technologies LTD
2014-01-19 22:03 . 2014-01-19 22:03 -------- d-----w- c:\documents and settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 . 2014-01-19 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 . 2014-01-19 18:03 -------- d-----w- c:\documents and settings\ian cartwright\Application Data\AVG2014
2014-01-19 18:02 . 2014-01-19 18:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2014
2014-01-19 17:57 . 2014-01-21 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2014
2014-01-19 17:57 . 2014-01-21 18:43 -------- d-----w- C:\$AVG
2014-01-19 17:55 . 2014-01-19 17:55 -------- d-----w- c:\program files\AVG
2014-01-19 17:53 . 2014-01-21 18:46 -------- d-----w- c:\documents and settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-16 19:22 . 2014-01-16 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2014-01-14 22:19 . 2013-03-26 22:53 74752 -c----w- c:\windows\system32\dllcache\cryptdlg.dll
2014-01-14 21:58 . 2014-01-14 21:58 -------- d-----w- c:\windows\system32\winrm
2014-01-14 21:57 . 2014-01-14 21:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2014-01-12 20:57 . 2014-01-12 20:58 -------- d-----w- c:\documents and settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 . 2014-01-12 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2014-01-08 17:28 . 2014-01-08 17:28 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 18:18 . 2012-05-01 19:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-16 18:18 . 2012-05-01 19:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-05 21:20 . 2012-04-27 20:37 1002008 ----a-w- c:\windows\system32\igxpun.exe
2013-12-05 21:20 . 2012-04-27 20:37 57344 ----a-w- c:\windows\system32\igxprd32.dll
2013-12-05 21:20 . 2012-04-27 20:37 1730272 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2013-12-05 21:20 . 2012-04-27 20:37 185856 ----a-w- c:\windows\system32\igxpgd32.dll
2013-12-05 21:20 . 2012-04-27 20:37 3773952 ----a-w- c:\windows\system32\igxpdx32.dll
2013-12-05 21:20 . 2012-04-27 20:37 2685280 ----a-w- c:\windows\system32\igxpdv32.dll
2013-12-05 21:20 . 2013-12-05 21:20 155648 ----a-w- c:\windows\system32\igfxCoIn_v5218.dll
2013-12-05 21:19 . 2012-05-21 20:35 282624 ----a-w- c:\windows\system32\igfxrsve.lrc
2013-12-05 21:19 . 2012-05-21 20:35 279040 ----a-w- c:\windows\system32\igfxrtrk.lrc
2013-12-05 21:19 . 2012-05-21 20:35 262656 ----a-w- c:\windows\system32\igfxrtha.lrc
2013-12-05 21:19 . 2012-05-21 20:35 141336 ----a-w- c:\windows\system32\igfxtray.exe
2013-12-05 21:19 . 2012-04-27 20:37 51712 ----a-w- c:\windows\system32\igfxsrvc.dll
2013-12-05 21:19 . 2012-04-27 20:37 250392 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-12-05 21:19 . 2012-04-27 20:37 282624 ----a-w- c:\windows\system32\igfxrsky.lrc
2013-12-05 21:19 . 2012-04-27 20:37 277504 ----a-w- c:\windows\system32\igfxrslv.lrc
2013-12-05 21:19 . 2012-05-21 20:35 299008 ----a-w- c:\windows\system32\igfxrnld.lrc
2013-12-05 21:19 . 2012-05-21 20:35 294912 ----a-w- c:\windows\system32\igfxrptg.lrc
2013-12-05 21:19 . 2012-05-21 20:35 291328 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-12-05 21:19 . 2012-05-21 20:35 289280 ----a-w- c:\windows\system32\igfxrptb.lrc
2013-12-05 21:19 . 2012-05-21 20:35 287744 ----a-w- c:\windows\system32\igfxrplk.lrc
2013-12-05 21:19 . 2012-05-21 20:35 279552 ----a-w- c:\windows\system32\igfxrnor.lrc
2013-12-05 21:19 . 2012-05-21 20:35 304640 ----a-w- c:\windows\system32\igfxrita.lrc
2013-12-05 21:19 . 2012-05-21 20:35 303104 ----a-w- c:\windows\system32\igfxrfra.lrc
2013-12-05 21:19 . 2012-05-21 20:35 249856 ----a-w- c:\windows\system32\igfxrheb.lrc
2013-12-05 21:19 . 2012-05-21 20:35 206848 ----a-w- c:\windows\system32\igfxrjpn.lrc
2013-12-05 21:19 . 2012-05-21 20:35 205312 ----a-w- c:\windows\system32\igfxrkor.lrc
2013-12-05 21:19 . 2012-05-21 20:35 5702656 ----a-w- c:\windows\system32\igfxress.dll
2013-12-05 21:19 . 2012-05-21 20:35 288256 ----a-w- c:\windows\system32\igfxrhun.lrc
2013-12-05 21:19 . 2012-05-21 20:35 281088 ----a-w- c:\windows\system32\igfxrfin.lrc
2013-12-05 21:19 . 2012-05-21 20:35 280576 ----a-w- c:\windows\system32\igfxrdan.lrc
2013-12-05 21:19 . 2012-05-21 20:35 310784 ----a-w- c:\windows\system32\igfxrell.lrc
2013-12-05 21:19 . 2012-05-21 20:35 303616 ----a-w- c:\windows\system32\igfxrdeu.lrc
2013-12-05 21:19 . 2012-05-21 20:35 303104 ----a-w- c:\windows\system32\igfxresp.lrc
2013-12-05 21:19 . 2012-05-21 20:35 282624 ----a-w- c:\windows\system32\igfxrcsy.lrc
2013-12-05 21:19 . 2012-05-21 20:35 252416 ----a-w- c:\windows\system32\igfxrara.lrc
2013-12-05 21:19 . 2012-05-21 20:35 179712 ----a-w- c:\windows\system32\igfxrcht.lrc
2013-12-05 21:19 . 2012-05-21 20:35 178176 ----a-w- c:\windows\system32\igfxrchs.lrc
2013-12-05 21:19 . 2012-04-27 20:37 275968 ----a-w- c:\windows\system32\igfxrenu.lrc
2013-12-05 21:19 . 2012-05-21 20:35 172568 ----a-w- c:\windows\system32\igfxext.exe
2013-12-05 21:19 . 2012-05-21 20:35 199168 ----a-w- c:\windows\system32\igfxpph.dll
2013-12-05 21:19 . 2012-04-27 20:37 142360 ----a-w- c:\windows\system32\igfxpers.exe
2013-12-05 21:19 . 2012-05-21 20:35 23552 ----a-w- c:\windows\system32\igfxexps.dll
2013-12-05 21:19 . 2012-05-21 20:35 652312 ----a-w- c:\windows\system32\igfxcfg.exe
2013-12-05 21:19 . 2012-05-21 20:35 119296 ----a-w- c:\windows\system32\igfxcpl.cpl
2013-12-05 21:19 . 2012-04-27 20:37 4112384 ----a-w- c:\windows\system32\ig4icd32.dll
2013-12-05 21:19 . 2012-04-27 20:37 205824 ----a-w- c:\windows\system32\igfxdev.dll
2013-12-05 21:19 . 2012-04-27 20:37 130048 ----a-w- c:\windows\system32\igfxdo.dll
2013-12-05 21:19 . 2012-04-27 20:37 2600960 ----a-w- c:\windows\system32\ig4dev32.dll
2013-12-05 21:19 . 2012-04-27 20:37 93696 ----a-w- c:\windows\system32\hccutils.dll
2013-12-05 21:19 . 2012-04-27 20:37 173592 ----a-w- c:\windows\system32\hkcmd.exe
2013-12-05 21:19 . 2012-04-27 20:37 319456 ----a-w- c:\windows\system32\difxapi.dll
2013-12-05 20:16 . 2013-11-30 10:58 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-02 20:42 . 2013-12-02 20:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-02 20:42 . 2013-12-02 20:44 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-27 20:21 . 2003-03-31 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2003-03-31 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-12 18:11 . 2013-11-12 18:11 54016 ----a-w- c:\windows\system32\drivers\seojpsbe.sys
2013-11-07 05:38 . 2003-03-31 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2012-04-26 21:14 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2003-03-31 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2003-03-31 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2003-03-31 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2003-03-31 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2012-04-26 21:01 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-21 19:51 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"Broadcom Wireless Manager UI"="c:\windows\System32\WLTRAY.exe" [2007-03-16 1392640]
"EPSON Stylus D88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE" [2005-01-27 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-05 173592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-05 141336]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-05 142360]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-12-19 5580752]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-21 3764024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [21/01/2014 19:52 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [21/01/2014 19:52 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/01/2014 19:52 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/01/2014 19:52 410784]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [20/01/2014 18:22 37664]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DE06000.01B\ccsetx86.sys [17/10/2013 18:39 127064]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe -service --> c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe -service [?]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21/01/2014 19:52 67824]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [19/01/2013 14:34 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/01/2013 14:34 701512]
R2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe [17/10/2013 18:39 129424]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 06:08 3575808]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [20/01/2014 18:21 1772056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/01/2013 14:34 22856]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [20/01/2014 19:44 3666392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [20/01/2014 19:45 2729432]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [20/01/2014 19:45 171928]
S3 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 16:07 759048]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24/01/2014 17:14 40776]
S3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [13/07/2012 15:27 769432]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [21/06/2012 04:01 92632]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 22:42 1211344 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 19:21]
.
2013-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-01-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-21 11:57]
.
2014-01-21 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-01-20 14:37]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-28 07:02]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-28 07:02]
.
2014-01-21 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-01-20 14:33]
.
2014-01-21 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-01-20 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: ntlworld.com\mail
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
SafeBoot-IMFservice
AddRemove-809082474.portal.qtrax.com - c:\program files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
AddRemove-Torch - c:\documents and settings\ian cartwright\Local Settings\Application Data\Torch\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-25 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1988)
c:\windows\system32\netprovcredman.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2014-01-25  23:28:19
ComboFix-quarantined-files.txt  2014-01-25 23:28
.
Pre-Run: 8,887,861,248 bytes free
Post-Run: 9,110,978,560 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - CAD1C94AB36A3214F3A6339E6EBCAC9D
8F558EB6672622401DA993E1E865C861


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 28 January 2014 - 01:52 PM

Hello,
 
how is your computer running? Are there still messages from avast that is has blocked something?


Step 1

Please download this attached Attached File  fixlist.txt   1.08KB   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#8 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 29 January 2014 - 03:11 AM

Hi

 

AVAST is no longer detecting issues.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2014 03
Ran by ian cartwright at 2014-01-28 19:22:10 Run:1
Running from C:\Documents and Settings\ian cartwright\My Documents\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\RECYCLER\S-1-5-18_old\$c1a96ec036c4902bcfa85e13bb33561e
C:\Documents and Settings\ian cartwright\Application Data\cache.ini
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=198484&fr=spigot-yhp-ie
FF Extension: Torntv 3 - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
CHR HKLM\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files\TornTV.com\torntv10.crx [2012-07-16]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2013-10-17]
*****************
 
C:\RECYCLER\S-1-5-18_old\$c1a96ec036c4902bcfa85e13bb33561e => Moved successfully.
C:\Documents and Settings\ian cartwright\Application Data\cache.ini => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj => Key deleted successfully.
"C:\Program Files\TornTV.com\torntv10.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.2.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
"C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
 
==== End of Fixlog ====
 
 
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=07e14e8fda075b4fbce18a1095730129
# engine=16835
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-28 11:55:48
# local_time=2014-01-28 11:55:48 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 71 76 232682 305946 0 0
# compatibility_mode=3588 16777214 71 27 624104 15013718 0 0
# scanned=69167
# found=20
# cleaned=0
# scan_time=15756
sh=8AD77BAD589591171EB94A593C3814A3B742F79C ft=1 fh=b7c2cf7d50fb560b vn="Win32/InstalleRex.L application" ac=I fn="C:\Documents and Settings\All Users\Application Data\InstallMate\{9184E5D2-F9A7-4223-A0C8-B1854A67C724}\Custom.dll"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ application" ac=I fn="C:\Documents and Settings\ian cartwright\Application Data\PDF Reader Packages\uninstaller.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Documents and Settings\ian cartwright\My Documents\Downloads\ccsetup410.exe"
sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Documents and Settings\ian cartwright\My Documents\Downloads\ccsetup410pro.exe"
sh=929A68B6AA0BAF093E38105D6F36538AEE660D63 ft=1 fh=637873bc96a6ce35 vn="Win32/Toolbar.Babylon.T application" ac=I fn="C:\Documents and Settings\ian cartwright\My Documents\Downloads\ReimageRepair.exe"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\ldrtbVuze.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\Documents and Settings\NetworkService\Local Settings\Application Data\Vuze_Remote\tbVuze.dll"
sh=988DF8933F46321452DAA5A6116E8A88697B1A49 ft=1 fh=3a4a6d97559a1254 vn="Win32/Toolbar.SearchSuite.H application" ac=I fn="C:\Program Files\BearShare Applications\Mediabar\Datamngr\BrowserConnection.dll"
sh=94D2DAD13CD80981C7DDB4B8E364E6761FE5B990 ft=1 fh=d2d14b7fed7eb938 vn="a variant of Win32/Toolbar.SearchSuite.C application" ac=I fn="C:\Program Files\BearShare Applications\Mediabar\Datamngr\datamngr.dll"
sh=3C2BF8032BBD84713F02954ED77340C43ECFF3F9 ft=1 fh=5351b53080ad9229 vn="a variant of Win32/Toolbar.SearchSuite.A application" ac=I fn="C:\Program Files\BearShare Applications\Mediabar\Datamngr\datamngrUI.exe"
sh=BE3D0F502DAF643B87F3B4EF420E2AB6A70C4925 ft=1 fh=f406fdad6ac8db21 vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\Program Files\BearShare Applications\Mediabar\Datamngr\DnsBHO.dll"
sh=1163F52A58D1A5F4640E3A7B1C6480C5AE6D6CA9 ft=1 fh=cb507a2ec58e406c vn="a variant of Win32/Toolbar.SearchSuite application" ac=I fn="C:\Program Files\BearShare Applications\Mediabar\Datamngr\IEBHO.dll"
sh=572314528895123FAEC4948F7569776982589DED ft=1 fh=c71c00112572524e vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmApp.dll"
sh=9102A32937AB48CBB7B5C231DFB137544E6A7292 ft=1 fh=c71c001111686caf vn="probably a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmEng.dll"
sh=45EFACCD20D1336144DEE1F28327C680BA7A5013 ft=1 fh=68f55a713b39f592 vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmsrv.exe"
sh=26CAE8A11ECF58E7929C39DAA8546A5374F323DD ft=1 fh=1fddd98b1ebbaf1d vn="a variant of Win32/Toolbar.Escort.A application" ac=I fn="C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\bh\zonealarm.dll"
sh=F1D5FC2E6B496862630476C0040C74D6952FD042 ft=1 fh=c71c00116f2f2486 vn="probably a variant of Win32/Toolbar.CrossRider.H application" ac=I fn="C:\Program Files\Torntv 2\Torntv 2-buttonutil.dll"
sh=3AC0F467EABC89EDD0709B6698B8C3E73AE93F24 ft=1 fh=711bf31f462ed090 vn="a variant of Win64/Toolbar.Crossrider.A application" ac=I fn="C:\Program Files\Torntv 2\Torntv 2-buttonutil64.dll"
sh=A77DAB0CC1A063A0AC9B44E94E12FA6598810723 ft=0 fh=0000000000000000 vn="a variant of Win32/Bunndle application" ac=I fn="C:\Program Files\Vuze\bunndle.zip"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="a variant of Win32/Bundled.Toolbar.Ask.F application" ac=I fn="C:\WINDOWS\Installer\MSIAC.tmp"
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by ian cartwright (administrator) on IAN-DELL-LAPTOP on 29-01-2014 07:59:58
Running from C:\Documents and Settings\ian cartwright\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\System32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [EPSON Stylus D88 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKCU - DefaultScope {1B481C4B-2A43-4F98-B16E-DC3E11B87D90} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {1B481C4B-2A43-4F98-B16E-DC3E11B87D90} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {C7B3BD19-620A-468E-8898-02EE11580551} URL = http://www.google.com/search?q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: linkscanner - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2013-08-21]
FF Extension: No Name - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\searchplugins [2013-09-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF HKCU\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-01-19]
CHR Extension: (V-bates) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2013-12-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2012-07-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarm.crx [2013-11-19]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\\ChromeExt\\avg.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2013-10-17]
 
========================== Services (Whitelisted) =================
 
S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-26] (Oracle Corporation)
S3 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [3575808 2008-12-11] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-20] (AVG Secure Search)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-25] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-21] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2014-01-20] (AVG Technologies)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 catchme; \??\C:\DOCUME~1\IANCAR~1\LOCALS~1\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; 
S3 tosporte; System32\DRIVERS\tosporte.sys [x]
S1 Tosrfcom; System32\Drivers\tosrfcom.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-28 19:25 - 2014-01-28 19:25 - 00000000 ____D C:\Program Files\ESET
2014-01-27 08:10 - 2014-01-27 08:13 - 00003738 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-26 17:31 - 2014-01-26 17:29 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-26 17:31 - 2014-01-26 17:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-26 17:30 - 2014-01-26 17:29 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-26 17:30 - 2014-01-26 17:29 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-26 17:30 - 2014-01-26 17:29 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-26 09:30 - 2014-01-28 19:00 - 00000000 ____D C:\FRST
2014-01-25 23:28 - 2014-01-25 23:28 - 00024667 _____ C:\ComboFix.txt
2014-01-25 22:52 - 2013-12-03 11:41 - 00000239 _____ C:\Boot.bak
2014-01-25 22:52 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-25 22:51 - 2014-01-25 22:52 - 00000000 _RSHD C:\cmdcons
2014-01-25 22:49 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-25 22:49 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-25 22:49 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-25 22:49 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-25 22:47 - 2014-01-25 23:28 - 00000000 ____D C:\Qoobox
2014-01-25 22:46 - 2014-01-25 23:14 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-25 00:29 - 2014-01-25 00:29 - 00070368 _____ C:\Documents and Settings\ian cartwright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-24 21:51 - 2014-01-24 21:51 - 00269392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-24 20:36 - 2014-01-29 06:53 - 00363346 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 17:28 - 2014-01-29 08:00 - 00006198 _____ C:\WINDOWS\setupapi.log
2014-01-21 22:30 - 2014-01-21 22:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CDB
2014-01-21 22:26 - 2014-01-21 22:47 - 00000163 _____ C:\WINDOWS\Reimage.ini
2014-01-21 19:55 - 2014-01-21 19:55 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:54 - 2014-01-25 12:00 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-21 19:53 - 2014-01-29 00:00 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-21 19:52 - 2014-01-25 11:58 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-21 19:52 - 2014-01-25 11:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-21 19:52 - 2014-01-21 19:52 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 19:52 - 2014-01-21 19:52 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-01-21 19:47 - 2014-01-21 19:47 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-20 21:46 - 2014-01-21 19:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-01-20 19:47 - 2014-01-21 17:38 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-20 19:47 - 2014-01-21 17:38 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-20 19:47 - 2014-01-21 17:38 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-20 19:46 - 2014-01-20 19:46 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:45 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-01-20 19:08 - 2014-01-20 19:08 - 11873098 _____ (PortableAppZ.blogspot.com) C:\Documents and Settings\ian cartwright\Desktop\SpybotSD_Portable_1.6.2.46_MultiLang.paf.exe
2014-01-20 18:25 - 2014-01-20 19:24 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 18:24 - 2014-01-24 15:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-01-20 18:22 - 2014-01-20 18:20 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-01-20 18:21 - 2014-01-20 18:22 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2014-01-20 18:20 - 2014-01-20 18:21 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 - 2014-01-19 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVG2014
2014-01-19 17:57 - 2014-01-21 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-19 17:57 - 2014-01-21 18:43 - 00000000 ____D C:\$AVG
2014-01-19 17:55 - 2014-01-19 17:55 - 00000000 ____D C:\Program Files\AVG
2014-01-19 17:53 - 2014-01-21 18:46 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-19 14:10 - 2014-01-19 14:10 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2014-01-16 19:22 - 2014-01-16 19:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-14 22:26 - 2014-01-14 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 22:23 - 2014-01-14 22:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2014-01-14 22:19 - 2013-03-26 22:53 - 00074752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cryptdlg.dll
2014-01-14 22:03 - 2014-01-14 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2014-01-14 22:00 - 2011-03-11 14:10 - 00225262 ____C C:\WINDOWS\system32\dllcache\msimain.sdb
2014-01-14 21:59 - 2014-01-14 21:59 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-14 21:58 - 2014-01-14 21:58 - 00000000 ____D C:\WINDOWS\system32\winrm
2014-01-14 21:57 - 2014-01-14 21:59 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2014-01-14 21:57 - 2014-01-14 21:57 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2014-01-14 21:56 - 2014-01-14 21:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2014-01-12 20:57 - 2014-01-12 20:58 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 - 2014-01-12 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2014-01-11 15:11 - 2014-01-12 12:49 - 00011518 _____ C:\Documents and Settings\ian cartwright\My Documents\dec 2013.xlsx
2014-01-11 15:11 - 2014-01-11 15:33 - 00011259 _____ C:\Documents and Settings\ian cartwright\My Documents\nov  2013.xlsx
2014-01-08 17:28 - 2014-01-08 17:28 - 00000000 __SHD C:\Documents and Settings\Default User\IETldCache
2014-01-07 03:25 - 2014-01-07 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-07 03:15 - 2014-01-07 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
 
==================== One Month Modified Files and Folders =======
 
2014-01-29 08:00 - 2014-01-24 17:28 - 00006198 _____ C:\WINDOWS\setupapi.log
2014-01-29 06:53 - 2014-01-24 20:36 - 00363346 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-29 00:00 - 2014-01-21 19:53 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-28 19:34 - 2012-11-05 16:39 - 00000000 ____D C:\Documents and Settings\ian cartwright\My Documents\Outlook Files
2014-01-28 19:25 - 2014-01-28 19:25 - 00000000 ____D C:\Program Files\ESET
2014-01-28 19:00 - 2014-01-26 09:30 - 00000000 ____D C:\FRST
2014-01-28 17:14 - 2013-12-05 21:37 - 00032452 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-28 17:11 - 2013-12-05 21:40 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-28 17:11 - 2013-12-05 21:40 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-28 17:09 - 2012-04-25 17:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-28 17:09 - 2003-03-31 12:00 - 00013760 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-28 08:01 - 2012-04-25 17:27 - 00000178 ___SH C:\Documents and Settings\ian cartwright\ntuser.ini
2014-01-28 07:42 - 2012-04-30 17:55 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2014-01-27 08:13 - 2014-01-27 08:10 - 00003738 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-26 17:29 - 2014-01-26 17:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-26 17:29 - 2014-01-26 17:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-26 17:29 - 2014-01-26 17:30 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-26 17:29 - 2014-01-26 17:30 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-26 17:29 - 2014-01-26 17:30 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-26 17:20 - 2013-11-03 17:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-26 09:36 - 2012-04-28 07:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2014-01-26 08:40 - 2013-07-13 10:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-26 08:27 - 2012-04-27 06:48 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-25 23:44 - 2012-04-25 17:27 - 00000000 ____D C:\Documents and Settings\ian cartwright
2014-01-25 23:28 - 2014-01-25 23:28 - 00024667 _____ C:\ComboFix.txt
2014-01-25 23:28 - 2014-01-25 22:47 - 00000000 ____D C:\Qoobox
2014-01-25 23:26 - 2012-04-25 18:06 - 00000000 ____D C:\WINDOWS\repair
2014-01-25 23:14 - 2014-01-25 22:46 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-25 23:13 - 2003-03-31 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-25 22:52 - 2014-01-25 22:51 - 00000000 _RSHD C:\cmdcons
2014-01-25 22:52 - 2012-04-25 18:10 - 00000355 __RSH C:\boot.ini
2014-01-25 22:43 - 2013-12-02 22:42 - 00004268 _____ C:\Documents and Settings\ian cartwright\Desktop\Rkill.txt
2014-01-25 12:00 - 2014-01-21 19:54 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-25 11:58 - 2014-01-21 19:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-25 11:58 - 2014-01-21 19:52 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-25 00:29 - 2014-01-25 00:29 - 00070368 _____ C:\Documents and Settings\ian cartwright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-24 21:51 - 2014-01-24 21:51 - 00269392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-24 21:50 - 2012-04-30 17:50 - 00000000 ____D C:\WINDOWS\SHELLNEW
2014-01-24 17:14 - 2013-01-19 14:34 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-24 17:14 - 2013-01-19 14:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-24 15:49 - 2012-04-27 06:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-24 15:48 - 2014-01-20 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-01-24 15:46 - 2012-05-20 17:45 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-24 15:45 - 2012-05-20 17:45 - 00000000 ____D C:\Program Files\CCleaner
2014-01-21 22:47 - 2014-01-21 22:26 - 00000163 _____ C:\WINDOWS\Reimage.ini
2014-01-21 22:31 - 2014-01-21 22:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CDB
2014-01-21 19:55 - 2014-01-21 19:55 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:52 - 2014-01-21 19:52 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 19:52 - 2014-01-21 19:52 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-01-21 19:47 - 2014-01-21 19:47 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-21 19:46 - 2014-01-20 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-01-21 18:46 - 2014-01-19 17:53 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-21 18:44 - 2014-01-19 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-21 18:43 - 2014-01-19 17:57 - 00000000 ____D C:\$AVG
2014-01-21 17:38 - 2014-01-20 19:47 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-21 17:38 - 2014-01-20 19:47 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-21 17:38 - 2014-01-20 19:47 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-20 19:46 - 2014-01-20 19:46 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:46 - 2013-12-01 13:07 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-20 19:44 - 2012-09-28 14:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-20 19:29 - 2012-09-28 15:11 - 00010705 _____ C:\WINDOWS\wininit.ini
2014-01-20 19:24 - 2014-01-20 18:25 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 19:08 - 2014-01-20 19:08 - 11873098 _____ (PortableAppZ.blogspot.com) C:\Documents and Settings\ian cartwright\Desktop\SpybotSD_Portable_1.6.2.46_MultiLang.paf.exe
2014-01-20 18:22 - 2014-01-20 18:21 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2014-01-20 18:21 - 2014-01-20 18:20 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2014-01-20 18:20 - 2014-01-20 18:22 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-01-19 22:16 - 2012-09-28 14:51 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\Program Files\Check Point Software Technologies LTD
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 - 2014-01-19 22:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\AVG2014
2014-01-19 17:55 - 2014-01-19 17:55 - 00000000 ____D C:\Program Files\AVG
2014-01-19 17:18 - 2012-04-29 10:43 - 00000000 ____D C:\WINDOWS\pss
2014-01-19 14:20 - 2013-11-30 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Grisoft
2014-01-19 14:10 - 2014-01-19 14:10 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2014-01-19 13:54 - 2012-05-20 17:42 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-19 13:21 - 2013-12-05 00:08 - 00000000 ____D C:\Program Files\a-squared Free
2014-01-19 09:07 - 2012-04-27 18:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-16 19:24 - 2012-04-28 07:05 - 00000000 ____D C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Adobe
2014-01-16 19:22 - 2014-01-16 19:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-16 19:21 - 2012-05-01 19:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-16 18:18 - 2012-05-01 19:35 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-16 18:18 - 2012-05-01 19:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-14 22:26 - 2014-01-14 22:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 22:23 - 2014-01-14 22:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2014-01-14 22:18 - 2012-04-25 18:12 - 00662964 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-14 22:06 - 2012-04-27 18:47 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-14 22:06 - 2012-04-25 18:06 - 00000000 ____D C:\WINDOWS\security
2014-01-14 22:04 - 2012-04-26 21:09 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-14 22:03 - 2014-01-14 22:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2014-01-14 21:59 - 2014-01-14 21:59 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-14 21:59 - 2014-01-14 21:57 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2014-01-14 21:59 - 2012-04-25 18:06 - 00000000 ____D C:\WINDOWS\Help
2014-01-14 21:58 - 2014-01-14 21:58 - 00000000 ____D C:\WINDOWS\system32\winrm
2014-01-14 21:57 - 2014-01-14 21:57 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2014-01-14 21:56 - 2014-01-14 21:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2014-01-12 20:58 - 2014-01-12 20:57 - 00000000 ____D C:\Documents and Settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 - 2014-01-12 20:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MSN6
2014-01-12 12:49 - 2014-01-11 15:11 - 00011518 _____ C:\Documents and Settings\ian cartwright\My Documents\dec 2013.xlsx
2014-01-11 15:33 - 2014-01-11 15:11 - 00011259 _____ C:\Documents and Settings\ian cartwright\My Documents\nov  2013.xlsx
2014-01-11 15:10 - 2012-04-29 15:47 - 00017206 _____ C:\Documents and Settings\ian cartwright\My Documents\honda records.xlsx
2014-01-08 17:49 - 2012-04-30 17:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-08 17:28 - 2014-01-08 17:28 - 00000000 __SHD C:\Documents and Settings\Default User\IETldCache
2014-01-07 03:25 - 2014-01-07 03:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-07 03:15 - 2014-01-07 03:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-07 03:15 - 2012-04-27 02:02 - 00034338 _____ C:\WINDOWS\system32\TZLog.log
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-31 10:13 - 2012-04-29 15:47 - 00016598 _____ C:\Documents and Settings\ian cartwright\My Documents\ben & seb university money.xlsx
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 01 February 2014 - 02:08 PM

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.
If you want to support me fighting against malware or offer me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#10 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 February 2014 - 05:16 AM

Hi aharonov

 

I have just completed the steps above and then restarted my computer and unbelievably AVAST has started the problem again,

it has blocked explorer.exe 50 times in the last 3 minutes.

 

Did I do something wrong?



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 02 February 2014 - 09:28 AM

Can you list some of the blocked IP addresses that explorer.exe wanted to connect to?



#12 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 February 2014 - 09:41 AM

here is some of them they come up every few seconds or so!

 

http://summer-watr1.biz/b/opt/E36419DEE2CC69BF600C36...

 

http://presto-uniel.com/b/opt/0039D044617F18C5E3BF47...

 

http://summer-watr1.biz/b/opt/3BF6D40BF9F48DEB7B34D2...

 

http://uni-blue.net/b/opt/535108CD3A6C69C7B8AC36FF

 

http://summer-watr1.biz/b/opt/535108CD3A6C69C7B8AC36...

 

http://uni-blue.net/b/opt/8AB38FDC9808B4411AC8EB79

 

http://summer-watr1.biz/b/opt/E484CAF23C90D78FBE5088..

 

http://presto-uniel.com/b/opt/0B82C7537698208EF4587F..



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 02 February 2014 - 10:20 AM

Yes this is not good. Looks like there is still a Zbot running.
Let's start over:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#14 carters66

carters66
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 02 February 2014 - 10:47 AM

Here we go!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by ian cartwright (administrator) on IAN-DELL-LAPTOP on 02-02-2014 15:38:58
Running from C:\Documents and Settings\ian cartwright\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\nst.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-07-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\System32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [EPSON Stylus D88 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5580752 2013-12-19] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-25] (AVAST Software)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKCU - DefaultScope {1B481C4B-2A43-4F98-B16E-DC3E11B87D90} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {1B481C4B-2A43-4F98-B16E-DC3E11B87D90} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {C7B3BD19-620A-468E-8898-02EE11580551} URL = http://www.google.com/search?q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: linkscanner - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\extensions [2013-08-21]
FF Extension: No Name - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Firefox\profiles\extensions\searchplugins [2013-09-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ []
FF HKLM\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF HKCU\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Documents and Settings\ian cartwright\Application Data\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (ZoneAlarm Chrome Toolbar) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek [2014-01-19]
CHR Extension: (V-bates) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip [2013-12-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2012-07-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-21]
CHR HKLM\...\Chrome\Extension: [kgdcapepedmpopjkmdbjnmmmfgllnfek] - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarm.crx [2013-11-19]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\\ChromeExt\\avg.crx [2013-03-19]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2013-10-17]
 
========================== Services (Whitelisted) =================
 
S3 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-25] (AVAST Software)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-26] (Oracle Corporation)
S3 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [3575808 2008-12-11] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3666392 2013-12-19] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2729432 2013-12-19] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-12-19] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-01-20] (AVG Secure Search)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-25] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-25] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-21] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-25] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-25] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-21] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2014-01-20] (AVG Technologies)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4221952 2009-10-26] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 catchme; \??\C:\DOCUME~1\IANCAR~1\LOCALS~1\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr; 
S3 tosporte; System32\DRIVERS\tosporte.sys [x]
S1 Tosrfcom; System32\Drivers\tosrfcom.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-02 10:00 - 2014-02-02 10:00 - 00269392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-02 09:55 - 2014-02-02 09:57 - 00001102 _____ () C:\DelFix.txt
2014-02-02 09:55 - 2014-02-02 09:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-02 09:50 - 2014-02-02 09:51 - 00000000 ___SD () C:\uninstall
2014-02-02 09:44 - 2014-02-02 09:50 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-02 09:35 - 2014-02-02 09:36 - 00070368 _____ () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-01 16:12 - 2014-02-02 15:08 - 00005990 _____ () C:\WINDOWS\setupapi.log
2014-02-01 13:56 - 2014-02-01 17:26 - 00723456 _____ () C:\Documents and Settings\ian cartwright\My Documents\guides annual accounts 2013.xls
2014-02-01 13:29 - 2014-02-01 13:29 - 00000974 _____ () C:\Documents and Settings\ian cartwright\Desktop\Shortcut (2) to iexplore.lnk
2014-02-01 12:54 - 2014-02-02 10:58 - 00011288 _____ () C:\Documents and Settings\ian cartwright\My Documents\jan 2014.xlsx
2014-01-28 19:25 - 2014-01-28 19:25 - 00000000 ____D () C:\Program Files\ESET
2014-01-26 17:31 - 2014-01-26 17:29 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-26 17:31 - 2014-01-26 17:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-26 17:30 - 2014-01-26 17:29 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-26 17:30 - 2014-01-26 17:29 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-26 17:30 - 2014-01-26 17:29 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-26 09:30 - 2014-02-02 15:38 - 00000000 ____D () C:\FRST
2014-01-25 22:52 - 2013-12-03 11:41 - 00000239 _____ () C:\Boot.bak
2014-01-25 22:52 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-01-25 22:51 - 2014-01-25 22:52 - 00000000 _RSHD () C:\cmdcons
2014-01-25 22:46 - 2014-01-25 23:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-01-24 20:36 - 2014-02-02 15:16 - 00596048 _____ () C:\WINDOWS\WindowsUpdate.log
2014-01-21 22:30 - 2014-01-21 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CDB
2014-01-21 22:26 - 2014-01-21 22:47 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-01-21 19:55 - 2014-01-21 19:55 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:54 - 2014-01-25 12:00 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-21 19:53 - 2014-02-02 12:00 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-21 19:52 - 2014-01-25 11:58 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-21 19:52 - 2014-01-25 11:58 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-21 19:52 - 2014-01-25 11:58 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-21 19:52 - 2014-01-21 19:52 - 00180248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 19:52 - 2014-01-21 19:52 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-01-21 19:47 - 2014-01-21 19:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-20 21:46 - 2014-01-21 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-01-20 19:47 - 2014-01-21 17:38 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-20 19:47 - 2014-01-21 17:38 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-20 19:47 - 2014-01-21 17:38 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-20 19:46 - 2014-01-20 19:46 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:45 - 2013-09-20 09:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-01-20 19:08 - 2014-01-20 19:08 - 11873098 _____ (PortableAppZ.blogspot.com) C:\Documents and Settings\ian cartwright\Desktop\SpybotSD_Portable_1.6.2.46_MultiLang.paf.exe
2014-01-20 18:25 - 2014-01-20 19:24 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 18:24 - 2014-01-24 15:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-01-20 18:22 - 2014-01-20 18:20 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-01-20 18:21 - 2014-01-20 18:22 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-01-20 18:20 - 2014-01-20 18:21 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 - 2014-01-19 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\AVG2014
2014-01-19 17:57 - 2014-01-21 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-19 17:57 - 2014-01-21 18:43 - 00000000 ____D () C:\$AVG
2014-01-19 17:55 - 2014-01-19 17:55 - 00000000 ____D () C:\Program Files\AVG
2014-01-19 17:53 - 2014-01-21 18:46 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-19 14:10 - 2014-01-19 14:10 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-01-16 19:22 - 2014-01-16 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-14 22:26 - 2014-01-14 22:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 22:23 - 2014-01-14 22:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2014-01-14 22:19 - 2013-03-26 22:53 - 00074752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cryptdlg.dll
2014-01-14 22:03 - 2014-01-14 22:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2014-01-14 22:00 - 2011-03-11 14:10 - 00225262 ____C () C:\WINDOWS\system32\dllcache\msimain.sdb
2014-01-14 21:59 - 2014-01-14 21:59 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-14 21:58 - 2014-01-14 21:58 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-01-14 21:57 - 2014-01-14 21:59 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-01-14 21:57 - 2014-01-14 21:57 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-01-14 21:56 - 2014-01-14 21:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2014-01-12 20:57 - 2014-01-12 20:58 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 - 2014-01-12 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MSN6
2014-01-11 15:11 - 2014-01-12 12:49 - 00011518 _____ () C:\Documents and Settings\ian cartwright\My Documents\dec 2013.xlsx
2014-01-11 15:11 - 2014-01-11 15:33 - 00011259 _____ () C:\Documents and Settings\ian cartwright\My Documents\nov  2013.xlsx
2014-01-08 17:28 - 2014-01-08 17:28 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-01-07 03:25 - 2014-01-07 03:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-01-07 03:15 - 2014-01-07 03:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
 
==================== One Month Modified Files and Folders =======
 
2014-02-02 15:38 - 2014-01-26 09:30 - 00000000 ____D () C:\FRST
2014-02-02 15:36 - 2012-11-05 16:39 - 00000000 ____D () C:\Documents and Settings\ian cartwright\My Documents\Outlook Files
2014-02-02 15:16 - 2014-01-24 20:36 - 00596048 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-02 15:08 - 2014-02-01 16:12 - 00005990 _____ () C:\WINDOWS\setupapi.log
2014-02-02 12:00 - 2014-01-21 19:53 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-02-02 10:58 - 2014-02-01 12:54 - 00011288 _____ () C:\Documents and Settings\ian cartwright\My Documents\jan 2014.xlsx
2014-02-02 10:04 - 2003-03-31 12:00 - 00013760 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-02 10:02 - 2013-12-05 21:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-02 10:02 - 2013-12-05 21:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-02-02 10:01 - 2012-04-25 17:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-02 10:00 - 2014-02-02 10:00 - 00269392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-02 09:58 - 2013-12-05 21:37 - 00032452 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-02 09:58 - 2012-04-30 17:55 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-02-02 09:58 - 2012-04-25 17:27 - 00000178 ___SH () C:\Documents and Settings\ian cartwright\ntuser.ini
2014-02-02 09:58 - 2012-04-25 17:27 - 00000000 ____D () C:\Documents and Settings\ian cartwright
2014-02-02 09:57 - 2014-02-02 09:55 - 00001102 _____ () C:\DelFix.txt
2014-02-02 09:56 - 2012-04-25 17:16 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-02 09:55 - 2014-02-02 09:55 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-02 09:51 - 2014-02-02 09:50 - 00000000 ___SD () C:\uninstall
2014-02-02 09:50 - 2014-02-02 09:44 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-02 09:36 - 2014-02-02 09:35 - 00070368 _____ () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-01 17:26 - 2014-02-01 13:56 - 00723456 _____ () C:\Documents and Settings\ian cartwright\My Documents\guides annual accounts 2013.xls
2014-02-01 13:29 - 2014-02-01 13:29 - 00000974 _____ () C:\Documents and Settings\ian cartwright\Desktop\Shortcut (2) to iexplore.lnk
2014-01-28 19:25 - 2014-01-28 19:25 - 00000000 ____D () C:\Program Files\ESET
2014-01-26 17:29 - 2014-01-26 17:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-26 17:29 - 2014-01-26 17:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-26 17:29 - 2014-01-26 17:30 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-26 17:29 - 2014-01-26 17:30 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-26 17:29 - 2014-01-26 17:30 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-26 17:20 - 2013-11-03 17:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-01-26 09:36 - 2012-04-28 07:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-26 08:40 - 2013-07-13 10:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-26 08:27 - 2012-04-27 06:48 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-25 23:26 - 2012-04-25 18:06 - 00000000 ____D () C:\WINDOWS\repair
2014-01-25 23:14 - 2014-01-25 22:46 - 00000000 ____D () C:\WINDOWS\erdnt
2014-01-25 23:13 - 2003-03-31 12:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-01-25 22:52 - 2014-01-25 22:51 - 00000000 _RSHD () C:\cmdcons
2014-01-25 22:52 - 2012-04-25 18:10 - 00000355 __RSH () C:\boot.ini
2014-01-25 12:00 - 2014-01-21 19:54 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-25 11:58 - 2014-01-21 19:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-25 11:58 - 2014-01-21 19:52 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-25 11:58 - 2014-01-21 19:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-24 21:50 - 2012-04-30 17:50 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-01-24 17:14 - 2013-01-19 14:34 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-24 17:14 - 2013-01-19 14:34 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-24 15:49 - 2012-04-27 06:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-24 15:48 - 2014-01-20 18:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-01-24 15:46 - 2012-05-20 17:45 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-24 15:45 - 2012-05-20 17:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-21 22:47 - 2014-01-21 22:26 - 00000163 _____ () C:\WINDOWS\Reimage.ini
2014-01-21 22:31 - 2014-01-21 22:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CDB
2014-01-21 19:55 - 2014-01-21 19:55 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\AVAST Software
2014-01-21 19:52 - 2014-01-21 19:52 - 00180248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-21 19:52 - 2014-01-21 19:52 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-01-21 19:47 - 2014-01-21 19:47 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-21 19:46 - 2014-01-20 21:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-01-21 18:46 - 2014-01-19 17:53 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Avg2014
2014-01-21 18:44 - 2014-01-19 17:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-21 18:43 - 2014-01-19 17:57 - 00000000 ____D () C:\$AVG
2014-01-21 17:38 - 2014-01-20 19:47 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-21 17:38 - 2014-01-20 19:47 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-21 17:38 - 2014-01-20 19:47 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-20 19:46 - 2014-01-20 19:46 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:46 - 2013-12-01 13:07 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-01-20 19:44 - 2012-09-28 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-01-20 19:29 - 2012-09-28 15:11 - 00010705 _____ () C:\WINDOWS\wininit.ini
2014-01-20 19:24 - 2014-01-20 18:25 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\AVG SafeGuard toolbar
2014-01-20 19:08 - 2014-01-20 19:08 - 11873098 _____ (PortableAppZ.blogspot.com) C:\Documents and Settings\ian cartwright\Desktop\SpybotSD_Portable_1.6.2.46_MultiLang.paf.exe
2014-01-20 18:22 - 2014-01-20 18:21 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-01-20 18:21 - 2014-01-20 18:20 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-01-20 18:20 - 2014-01-20 18:22 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-01-19 22:16 - 2012-09-28 14:51 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D () C:\Program Files\Check Point Software Technologies LTD
2014-01-19 22:03 - 2014-01-19 22:03 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\Check Point Software Technologies LTD
2014-01-19 22:02 - 2014-01-19 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CheckPoint
2014-01-19 18:03 - 2014-01-19 18:03 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\AVG2014
2014-01-19 17:55 - 2014-01-19 17:55 - 00000000 ____D () C:\Program Files\AVG
2014-01-19 17:18 - 2012-04-29 10:43 - 00000000 ____D () C:\WINDOWS\pss
2014-01-19 14:20 - 2013-11-30 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Grisoft
2014-01-19 14:10 - 2014-01-19 14:10 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-01-19 13:54 - 2012-05-20 17:42 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-01-19 13:21 - 2013-12-05 00:08 - 00000000 ____D () C:\Program Files\a-squared Free
2014-01-19 09:07 - 2012-04-27 18:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-01-16 19:24 - 2012-04-28 07:05 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Local Settings\Application Data\Adobe
2014-01-16 19:22 - 2014-01-16 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-01-16 19:21 - 2012-05-01 19:35 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-16 18:18 - 2012-05-01 19:35 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-16 18:18 - 2012-05-01 19:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-14 22:26 - 2014-01-14 22:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-14 22:23 - 2014-01-14 22:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2014-01-14 22:18 - 2012-04-25 18:12 - 00662964 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-14 22:06 - 2012-04-27 18:47 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-01-14 22:06 - 2012-04-25 18:06 - 00000000 ____D () C:\WINDOWS\security
2014-01-14 22:04 - 2012-04-26 21:09 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-01-14 22:03 - 2014-01-14 22:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2014-01-14 21:59 - 2014-01-14 21:59 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-14 21:59 - 2014-01-14 21:57 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-01-14 21:59 - 2012-04-25 18:06 - 00000000 ____D () C:\WINDOWS\Help
2014-01-14 21:58 - 2014-01-14 21:58 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-01-14 21:57 - 2014-01-14 21:57 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-01-14 21:56 - 2014-01-14 21:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2014-01-12 20:58 - 2014-01-12 20:57 - 00000000 ____D () C:\Documents and Settings\ian cartwright\Application Data\MSN6
2014-01-12 20:57 - 2014-01-12 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MSN6
2014-01-12 12:49 - 2014-01-11 15:11 - 00011518 _____ () C:\Documents and Settings\ian cartwright\My Documents\dec 2013.xlsx
2014-01-11 15:33 - 2014-01-11 15:11 - 00011259 _____ () C:\Documents and Settings\ian cartwright\My Documents\nov  2013.xlsx
2014-01-11 15:10 - 2012-04-29 15:47 - 00017206 _____ () C:\Documents and Settings\ian cartwright\My Documents\honda records.xlsx
2014-01-08 17:49 - 2012-04-30 17:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-08 17:28 - 2014-01-08 17:28 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2014-01-07 03:25 - 2014-01-07 03:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-01-07 03:15 - 2014-01-07 03:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-07 03:15 - 2012-04-27 02:02 - 00034338 _____ () C:\WINDOWS\system32\TZLog.log
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-01-07 03:05 - 2014-01-07 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
 
Some content of TEMP:
====================
C:\Documents and Settings\ian cartwright\Local Settings\Temp\ERUNT.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03
Ran by ian cartwright at 2014-02-02 15:39:57
Running from C:\Documents and Settings\ian cartwright\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (Version: 9.0.2013 - Avast Software)
AVG 2013 (Version: 13.0.3162 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3272 - AVG Technologies) Hidden
Basic Operation Guide EPSON SX430 Series (Version:  - )
BearShare (Version: 10.0.0.131832 - Musiclab, LLC) Hidden
Betfair.com Poker (Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom ASF Management Applications (Version: 10.13.02 - Broadcom Corporation)
Broadcom Management Programs (Version: 10.15.01 - Broadcom Corporation)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CameraDrivers (Version: 9.0.0.155 - Hewlett-Packard) Hidden
CameraReadme (Version: 9.0.0 - Hewlett-Packard) Hidden
CCleaner (Version: 4.10 - Piriform)
Conexant HDA D330 MDC V.92 Modem (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Dell Touchpad (Version: 7.1.102.7 - Alps Electric)
Dell Wireless WLAN Card (Version: 4.100.15.8 - Dell Inc.)
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Line Detect (Version: 1.21 - BVRP Software, Inc)
Epson Easy Photo Print 2 (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Printer Software (Version:  - )
EPSON Scan (Version:  - Seiko Epson Corporation)
EPSON SX430 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Chrome (Version: 32.0.1700.41 - Google Inc.)
Google Earth (Version: 7.0.3.8542 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4601.54 - Google Inc.)
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
HP Imaging Device Functions 9.0 (Version: 9.0 - HP)
HP Photosmart Cameras 9.0 (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (Version: 9.0 - HP)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
hpicamDrvQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5218 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.0 (Version: 2.1.0 - Oracle Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Download Manager (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (Version: 2.2.28 - Motorola Mobility)
Motorola Device Software Update (Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
Nero Burning ROM (Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero BurningROM 12 (Version: 12.5.00900 - Nero AG)
Nero ControlCenter (Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
NetWaiting (Version: 2.5.44 - BVRP Software, Inc)
Network Guide EPSON SX430 Series (Version:  - )
Norton Identity Safe (Version: 2014.6.0.27 - Symantec Corporation)
NovaBench 3.0.4 (Version:  - Novawave Inc.)
NVIDIA Performance Drivers (Version: 1.0.0.2 - NVIDIA Corporation)
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PDF Reader Packages (HKCU Version:  - ) <==== ATTENTION
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
SigmaTel Audio (Version: 5.10.5210.0 - SigmaTel)
Sky Poker (Version: 1.128 - British Sky Broadcasting Group Plc)
Sky Poker (Version: 1.128 - British Sky Broadcasting Group Plc) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Speccy (Version: 1.18 - Piriform)
Spybot - Search & Destroy (Version: 2.3.37 - Safer-Networking Ltd.)
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TomTom HOME (Version: 2.9.0 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
User's Guide EPSON SX430 Series (Version:  - )
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Driver Package - NVIDIA (nv) Display  (07/09/2010 6.14.12.5896) (Version: 07/09/2010 6.14.12.5896 - NVIDIA)
Windows Driver Package - NVIDIA Corporation (NVHDA) MEDIA  (06/21/2010 1.0.15.0) (Version: 06/21/2010 1.0.15.0 - NVIDIA Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Player 11 (Version:  - )
 
==================== Restore Points  =========================
 
02-02-2014 09:56:51 System Checkpoint
 
==================== Hosts content: ==========================
 
2003-03-31 12:00 - 2014-01-25 23:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-11-03 14:35 - 2009-11-03 14:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2014-02-02 14:10 - 2014-02-02 09:38 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020200\algo.dll
2012-04-26 20:01 - 2007-03-16 17:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2009-11-03 14:35 - 2009-11-03 14:35 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-21 19:51 - 2014-01-21 19:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 00:15 - 2010-12-21 00:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2003-03-31 12:00 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2003-03-31 12:00 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-12-04 22:45 - 2013-12-04 03:54 - 04054992 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.41\pdf.dll
2013-12-04 22:46 - 2013-12-04 03:54 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.41\ppGoogleNaClPluginChrome.dll
2013-12-04 22:45 - 2013-12-04 03:53 - 01634256 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.41\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF} => ""="Volume shadow copy"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sharedaccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/02/2014 10:01:38 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (02/01/2014 01:30:01 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.5512, faulting module urlmon.dll, version 8.0.6001.23543, fault address 0x000405d0.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (01/31/2014 09:33:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (01/31/2014 06:00:58 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/28/2014 05:09:56 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (01/28/2014 07:46:05 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (01/26/2014 00:29:01 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (02/02/2014 10:01:38 AM) (Source: crypt32)(User: )
 
Error: (02/01/2014 01:30:01 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.5512urlmon.dll8.0.6001.23543000405d0
 
Error: (01/31/2014 09:33:39 PM) (Source: crypt32)(User: )
 
Error: (01/31/2014 06:00:58 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.9.22hungapp0.0.0.000000000
 
Error: (01/28/2014 05:09:56 PM) (Source: crypt32)(User: )
 
Error: (01/28/2014 07:46:05 AM) (Source: crypt32)(User: )
 
Error: (01/26/2014 00:29:01 PM) (Source: crypt32)(User: )
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 2037.79 MB
Available physical RAM: 732.36 MB
Total Pagefile: 3930.49 MB
Available Pagefile: 2711.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:15.68 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: C208B0CD)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 02 February 2014 - 11:22 AM

Ok. Let's give OTL a shot:


Please download OTL (by Oldtimer) and save it to your Desktop.
  • Start OTL with administrator privileges.
  • Check the option Scan all Users.
  • Click on Run Scan.
  • When finished OTL will produce two logs (OTL.txt and Extras.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users