Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spigot infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 witchetty

witchetty

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 May 2014 - 04:32 PM

 Hello,

 
I posted a topic in the "Am I infected? What do I do?" section, www.bleepingcomputer.com/forums/t/535680/chrome-redirects-from-google-to-yahoo
 
Chrome redirects from google to uk.search.yahoo.com/?type=937811&fr=spigot-yhp-ch
 
Here is the DDS.txt log:
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.16982
Run by Cal at 20:50:48 on 2014-05-28
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.44.1033.18.1014.104 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.175.578.0.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com/?type=937811&fr=spigot-yhp-ie
mDefault_Page_URL = hxxp://vaio-online.sony.com/
uProxyOverride = <-loopback>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [E-Flyer] "c:\program files\sony\e-flyer\SubFlyer.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3712CAC6-7755-4525-8119-37BA0015FE46} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs=  
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-24 107736]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-3-14 807424]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\sony\image converter 3\ICScsiSV.exe [2013-11-12 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\sony\image converter 3\IcVzMonLauncher.exe [2013-11-12 67760]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCExporter.exe"" %1"
.
=============== Created Last 30 ================
.
2014-05-28 19:46:05 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{eac6dfc5-f543-45b8-ba5c-169f9150140a}\mpengine.dll
2014-05-27 22:20:40 -------- d-----w- c:\program files\ESET
2014-05-27 22:10:08 -------- d-----w- c:\windows\ERUNT
2014-05-27 21:32:07 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-27 21:31:31 -------- d-----w- C:\AdwCleaner
2014-05-27 11:18:32 8073384 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68e747d6-3097-4a56-afa3-80103ed61cab}\mpengine.dll
2014-05-26 09:27:55 -------- d-----w- C:\852586d7bb51358dcf07043ce252
2014-05-22 10:10:25 -------- d-----w- C:\b9d899461af2f196a45c
2014-05-21 10:17:57 -------- d-----w- C:\a1003943f128c93f4b6d
2014-05-20 09:36:54 -------- d-----w- C:\c0e30a09b653f8ee6f
2014-05-20 09:28:31 8050496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-13 08:59:30 -------- d-----w- c:\programdata\7b5032a79c9b482b
2014-05-12 10:13:47 1409 ----a-w- c:\windows\QTFont.for
2014-05-12 10:13:31 86016 ----a-w- c:\windows\unvise32qt.exe
2014-05-12 10:12:58 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2014-05-12 10:12:58 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-05-12 10:12:57 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-05-12 10:12:56 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-05-12 10:12:55 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-05-12 10:12:55 98304 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2014-05-12 10:11:25 -------- d-----w- c:\windows\system32\QuickTime
2014-05-12 09:58:15 -------- d-----w- c:\program files\Britannica 2004
2014-05-10 16:30:26 -------- d-----w- c:\users\cal\appdata\roaming\Browser Extensions
2014-05-10 16:06:31 -------- d--h--w- c:\program files\Zero G Registry
.
==================== Find3M  ====================
.
2014-05-28 19:45:11 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 08:51:10 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 08:51:00 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 08:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:52:44.66 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,553 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 02 June 2014 - 07:00 AM

Hi witchetty, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Scan with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • A log will be opened automatically after the scan;
    • Copy and Paste the contents of this log in your reply.
    Do not click on Clean.
 
  • Step #3 Scan with OTL
    • Please download OldTimer's Listit by OldTimer from one of the following locations and save it to your Desktop.
      Download Link 1
      Download Link 2
      Downlaod LInk 3
    • Copy and Paste the following code inside the Custom Scans/Fixes box;
      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      dir "%systemdrive%\*" /S /A:L /C
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      rpcss.dll
      /md5stop
      CREATERESTOREPOINT
    • Click the Quick Scan button;
    • After the scan two logs will be produced;
    • Copy and paste the content of the logs in your next reply
 
  • Required Log(s):
    • Junkware Removal Tool Log
    • AdwCleaner Log
    • OldTimer's ListIt Log(s) --
      • OTL.txt
      • Extras.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 03 June 2014 - 07:26 AM

Hi Valinorum,

Thanks for your help.

I tried to run Junkware Fix Removal Tool but after creating a registry backup and checking startup it said "A bad module has been detected! A reboot is required to remove modules." Should I reboot? 

I was told to use Junkware Removal Tool when I asked for help in the "Am I infected? What do I do?" section so I already have a log called JRT.txt. Is that a problem?



#4 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 03 June 2014 - 07:48 AM

I have also already used AdwCleaner as advised in the "Am I infected? What do I do?" section but here are the results from the AdwCleaner this time: 

 
# AdwCleaner v3.211 - Report created 03/06/2014 at 13:28:11
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic  (32 bits)
# Username : Carl - CARL-PC
# Running from : C:\Users\Carl\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKLM\Software\Description
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.16982
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4188 octets] - [27/05/2014 22:31:36]
AdwCleaner[R1].txt - [753 octets] - [03/06/2014 13:28:11]
AdwCleaner[S0].txt - [4111 octets] - [27/05/2014 22:34:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [872 octets] ##########

Edited by witchetty, 03 June 2014 - 07:49 AM.


#5 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 03 June 2014 - 08:16 AM

Here are the OldTimer's ListIt logs:

 

 

The OTL.txt log:

 

OTL logfile created on: 03/06/2014 13:51:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Carl\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1013.56 Mb Total Physical Memory | 186.43 Mb Available Physical Memory | 18.39% Memory free
2.23 Gb Paging File | 1.21 Gb Available in Paging File | 54.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.64 Gb Total Space | 53.01 Gb Free Space | 61.18% Space Free | Partition Type: NTFS
 
Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/03 13:50:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
PRC - [2014/04/24 01:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/11/15 16:02:05 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/27 10:50:42 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/02/13 23:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/02/13 23:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/02/09 18:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/02/05 19:18:02 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/01/23 04:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/12 06:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/01/12 06:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/01/12 06:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/11/28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/11/28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/11/28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/11/02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2007/01/24 10:04:22 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/01/24 10:02:24 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/11/15 16:18:32 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/04/15 13:13:18 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2007/02/13 23:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/01/26 12:41:32 | 000,075,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\ICScsiSV.exe -- (ICScsiSV)
SRV - [2007/01/26 12:41:24 | 000,067,760 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\IcVzMonLauncher.exe -- (IcVzMonLauncher)
SRV - [2007/01/26 12:41:24 | 000,043,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 3\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2007/01/25 00:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/01/25 00:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/16 15:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 15:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/01/16 15:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/01/10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/10 11:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/01/08 18:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/01/08 18:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/08 18:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/12/14 10:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 10:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 09:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/11/28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/11/28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/06/03 13:41:13 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2007/02/08 04:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/02/06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/01/24 11:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/01/12 06:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/10 12:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/10/18 19:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {06E5A3B4-1C7D-4A1D-8F65-E8C078EEE3BE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{06E5A3B4-1C7D-4A1D-8F65-E8C078EEE3BE}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GUEA_enGB585
IE - HKCU\..\SearchScopes\{FC827471-AFCF-4C8B-A3BD-3584F47130AF}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [E-Flyer] C:\Program Files\Sony\E-Flyer\SubFlyer.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3712CAC6-7755-4525-8119-37BA0015FE46}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO Aqua Breeze Wallpaper 1280x800.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO Aqua Breeze Wallpaper 1280x800.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/03 13:50:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2014/06/03 11:45:34 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\Scans etc
[2014/05/28 09:56:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/05/28 09:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg7
[2014/05/27 23:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/05/27 23:10:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/27 22:32:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/27 22:31:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/26 10:27:55 | 000,000,000 | ---D | C] -- C:\852586d7bb51358dcf07043ce252
[2014/05/22 11:10:25 | 000,000,000 | ---D | C] -- C:\b9d899461af2f196a45c
[2014/05/21 11:17:57 | 000,000,000 | ---D | C] -- C:\a1003943f128c93f4b6d
[2014/05/20 10:36:54 | 000,000,000 | ---D | C] -- C:\c0e30a09b653f8ee6f
[2014/05/17 11:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 7.5
[2014/05/17 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2014/05/13 09:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\7b5032a79c9b482b
[2014/05/12 11:13:31 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
[2014/05/12 11:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/05/12 11:11:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2014/05/12 11:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/05/12 11:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2014/05/12 11:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Britannica 2004
[2014/05/12 10:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Britannica 2004
[2014/05/10 17:30:26 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Browser Extensions
[2014/05/10 17:06:31 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2014/05/04 16:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/03 13:50:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2014/06/03 13:41:13 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/03 13:09:37 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/03 13:09:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 13:09:31 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 13:09:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/03 13:09:15 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/03 13:07:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/03 12:25:23 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5529AA4-55BD-4087-B2D4-EACF79674314}.job
[2014/05/27 22:26:43 | 001,327,971 | ---- | M] () -- C:\Users\Carl\Desktop\AdwCleaner.exe
[2014/05/12 11:16:58 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2014/05/12 11:16:58 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2014/05/12 11:11:40 | 000,000,870 | ---- | M] () -- C:\Users\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2014/05/12 11:11:32 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/05/12 11:08:54 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Encyclopaedia Britannica 2004 Standard Edition.lnk
[2014/05/10 17:29:39 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/05/05 10:09:05 | 000,001,995 | ---- | M] () -- C:\Users\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/04 16:08:56 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2014/05/27 22:26:14 | 001,327,971 | ---- | C] () -- C:\Users\Carl\Desktop\AdwCleaner.exe
[2014/05/12 11:13:47 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2014/05/12 11:13:47 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2014/05/12 11:11:40 | 000,000,870 | ---- | C] () -- C:\Users\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2014/05/12 11:11:32 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/05/12 11:08:54 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Encyclopaedia Britannica 2004 Standard Edition.lnk
[2014/05/04 16:08:56 | 000,001,995 | ---- | C] () -- C:\Users\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/04 16:08:56 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/22 09:36:02 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/11/12 07:48:06 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/15 16:04:46 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/11/15 15:56:44 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/15 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Browser Extensions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2006/11/02 10:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2006/11/02 10:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2013/11/15 15:21:12 | 000,750,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2006/11/02 10:46:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/11/15 16:00:31 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2013/11/17 12:22:36 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2006/11/02 10:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2006/11/02 10:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2013/11/15 15:56:47 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2007/06/26 03:49:06 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2013/11/15 15:48:01 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2006/11/02 10:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 10:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2007/07/12 05:09:14 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2013/11/15 16:29:38 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
No service found with a name of NisSrv
SRV - [2006/11/02 10:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2006/11/02 10:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2006/11/02 10:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2006/11/02 10:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2006/11/02 10:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2006/11/02 10:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2013/11/15 15:58:05 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2006/11/02 10:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/11/15 16:00:31 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2006/11/02 13:33:51 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2006/11/02 10:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2006/11/02 10:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2013/11/15 15:56:47 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2006/11/02 10:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/11/15 16:00:31 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2006/11/02 13:34:25 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2006/11/02 10:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2006/11/02 10:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2013/11/15 15:52:34 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2013/11/15 15:58:03 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2006/11/02 10:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2006/11/02 10:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2006/11/02 10:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2006/11/02 10:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2006/11/02 10:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2006/11/02 10:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2006/11/02 13:35:01 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/11/15 16:18:32 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/02 10:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2013/11/15 16:07:56 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2006/11/02 13:33:57 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2006/11/02 10:45:26 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2006/11/02 10:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2006/11/02 10:46:16 | 001,568,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2006/11/02 10:46:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2013/11/15 16:23:48 | 000,502,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2013/11/15 16:12:16 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 1AF8-5BB1
 Directory of C:\
02/11/2006  13:59    <JUNCTION>     Documents and Settings [S:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
02/11/2006  13:59    <JUNCTION>     Application Data [S:\ProgramData]
02/11/2006  13:59    <JUNCTION>     Desktop [S:\Users\Public\Desktop]
02/11/2006  13:59    <JUNCTION>     Documents [S:\Users\Public\Documents]
02/11/2006  13:59    <JUNCTION>     Favorites [S:\Users\Public\Favorites]
02/11/2006  13:59    <JUNCTION>     Start Menu [S:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006  13:59    <JUNCTION>     Templates [S:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
02/11/2006  13:59    <SYMLINKD>     All Users [S:\ProgramData]
02/11/2006  13:59    <JUNCTION>     Default User [S:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Carl
12/11/2013  07:29    <JUNCTION>     Application Data [C:\Users\Carl\AppData\Roaming]
12/11/2013  07:29    <JUNCTION>     Cookies [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Cookies]
12/11/2013  07:29    <JUNCTION>     Local Settings [C:\Users\Carl\AppData\Local]
12/11/2013  07:29    <JUNCTION>     My Documents [C:\Users\Carl\Documents]
12/11/2013  07:29    <JUNCTION>     NetHood [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/11/2013  07:29    <JUNCTION>     PrintHood [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/11/2013  07:29    <JUNCTION>     Recent [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Recent]
12/11/2013  07:29    <JUNCTION>     SendTo [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\SendTo]
12/11/2013  07:29    <JUNCTION>     Start Menu [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Start Menu]
12/11/2013  07:29    <JUNCTION>     Templates [C:\Users\Carl\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Carl\AppData\Local
12/11/2013  07:29    <JUNCTION>     Application Data [C:\Users\Carl\AppData\Local]
12/11/2013  07:29    <JUNCTION>     History [C:\Users\Carl\AppData\Local\Microsoft\Windows\History]
12/11/2013  07:29    <JUNCTION>     Temporary Internet Files [C:\Users\Carl\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Carl\Documents
12/11/2013  07:29    <JUNCTION>     My Music [C:\Users\Carl\Music]
12/11/2013  07:29    <JUNCTION>     My Pictures [C:\Users\Carl\Pictures]
12/11/2013  07:29    <JUNCTION>     My Videos [C:\Users\Carl\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
02/11/2006  13:59    <JUNCTION>     Application Data [S:\Users\Default\AppData\Roaming]
02/11/2006  13:59    <JUNCTION>     Cookies [S:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006  13:59    <JUNCTION>     Local Settings [S:\Users\Default\AppData\Local]
02/11/2006  13:59    <JUNCTION>     My Documents [S:\Users\Default\Documents]
02/11/2006  13:59    <JUNCTION>     NetHood [S:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006  13:59    <JUNCTION>     PrintHood [S:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006  13:59    <JUNCTION>     Recent [S:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006  13:59    <JUNCTION>     SendTo [S:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006  13:59    <JUNCTION>     Start Menu [S:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006  13:59    <JUNCTION>     Templates [S:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
02/11/2006  13:59    <JUNCTION>     Application Data [S:\Users\Default\AppData\Local]
02/11/2006  13:59    <JUNCTION>     History [S:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006  13:59    <JUNCTION>     Temporary Internet Files [S:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
02/11/2006  13:59    <JUNCTION>     My Music [S:\Users\Default\Music]
02/11/2006  13:59    <JUNCTION>     My Pictures [S:\Users\Default\Pictures]
02/11/2006  13:59    <JUNCTION>     My Videos [S:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
02/11/2006  13:59    <JUNCTION>     My Music [S:\Users\Public\Music]
02/11/2006  13:59    <JUNCTION>     My Pictures [S:\Users\Public\Pictures]
02/11/2006  13:59    <JUNCTION>     My Videos [S:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              44 Dir(s)  56,867,889,152 bytes free
 
< MD5 for: EXPLORER.EXE  >
[2013/11/15 16:02:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2013/11/15 16:02:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2013/11/15 16:02:04 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2013/11/15 16:02:03 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2013/11/15 16:25:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2013/11/15 16:25:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2013/11/15 16:02:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
 
< MD5 for: RPCSS.DLL  >
[2013/11/15 15:56:43 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2013/11/15 15:56:43 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2013/11/15 15:56:47 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\System32\rpcss.dll
[2013/11/15 15:56:47 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2013/11/15 15:56:47 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
[2006/11/02 10:46:12 | 000,545,792 | ---- | M] (Microsoft Corporation) MD5=B46D8EA6DD30BAA49F674DACDC4C491F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16386_none_67941a0040f4ed68\rpcss.dll
 
< MD5 for: SERVICES  >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.DAT  >
[2014/04/06 05:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Cal\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\System32\services.exe
[2006/11/02 10:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 13:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2007/03/14 20:24:28 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=21B596A11450A1E0448B0CD2AD31CC3B -- C:\Windows\System32\zh-TW\services.exe.mui
[2007/03/14 20:24:28 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=21B596A11450A1E0448B0CD2AD31CC3B -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_cb492cdf0d9cd36f\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2006/11/02 13:50:49 | 000,001,688 | ---- | M] () MD5=F25CACAD28E057961AC5F696B32C2108 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 13:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2007/03/14 20:25:12 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\System32\zh-TW\services.msc
[2007/03/14 20:25:12 | 000,092,751 | ---- | M] () MD5=8CC6BE85C722E5A18F153919D0816E0A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_058afccae4066d62\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
 
< End of report >
 
 
 
the Extras.txt log:
 

OTL Extras logfile created on: 03/06/2014 13:51:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Carl\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1013.56 Mb Total Physical Memory | 186.43 Mb Available Physical Memory | 18.39% Memory free
2.23 Gb Paging File | 1.21 Gb Available in Paging File | 54.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.64 Gb Total Space | 53.01 Gb Free Space | 61.18% Space Free | Partition Type: NTFS
 
Computer Name: CARL-PC | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{0C082BF0-39C5-4C0F-8BEF-D91F7411B11E}" = 
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.8.1
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{304880B2-B3C2-4C61-8618-D04D96BEDF68}" = VAIO Tender Yellow Wallpaper
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3A5371B8-6BFD-4251-B339-6422A9987337}" = VAIO Media Registration Tool
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" = 
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0.2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" = 
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo  Suite
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0.2 Templates
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9C7C9B1C-A17A-4CB9-B752-1924C2DD3F41}" = VAIO Video & Photo  Suite
"{9DCFE532-7DBD-4B03-8A04-E8D37346E29A}" = VAIO Media
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFB6AFBA-88B1-48A7-AF52-BA59BA5F183B}" = Image Converter 3
"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.2
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C183A21C-395A-490F-99D4-CCAB35E32859}" = 
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6341FEB-75C0-4880-9335-904C8EA4B544}" = OEM
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FD836E74-7923-4174-A055-F97CD0F3BB46}" = 
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Encyclopaedia Britannica Standard Edition 2004 CD-ROM" = Encyclopaedia Britannica Standard Edition 2004 CD-ROM
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"PremElem30" = Adobe Premiere Elements 3.0.2
"QuickTime" = QuickTime
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
 
< End of report >
 


#6 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 03 June 2014 - 08:23 AM

Perhaps worth mentioning that I noticed before I did any scans today that the original problem of google redirecting and having popup adverts seems to have gone. I know this doesn't necessarily mean the computer is clean, just thought I should let you know.



#7 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,553 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 04 June 2014 - 03:04 AM

Post the old JRT.exe log and re-do the Junkware Removal Log step so that I can see the corrupted module. :)

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#8 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 04 June 2014 - 05:49 AM

Here is the old JRT log:

 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Carl on 27/05/2014 at 23:10:13.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/05/2014 at 23:13:34.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 04 June 2014 - 05:52 AM

I hope this is right? The newest JRT log:
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Carl on 04/06/2014 at 11:54:04.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/06/2014 at 11:57:16.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by witchetty, 04 June 2014 - 05:59 AM.


#10 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,553 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 04 June 2014 - 06:50 AM

Hi witchetty, :)

How is your system running?
  • Step #4 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #5 ESET Online Scanner
    Uninstall your current version of ESET Online Scanner.
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting --
      • Uncheck the box beside Remove Found Threats;
      • Check the box beside Scan archives
    • Click on Advanced Setting and check the following boxes--
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#11 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 05 June 2014 - 05:23 AM

Hi Valinorum,

 

I haven't noticed any popups and Chrome isn't being redirected. This is my neighbours laptop, he asked me to help so thank you from the both of us! Could you please advise what anti-virus, anti-malware etc I should install for him to use to help stop this happening again? 

 

 

 

The Malwarebytes Log: 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/06/2014
Scan Time: 23:06:45
Logfile: malwarebyteslog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.04.12
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista
CPU: x86
File System: NTFS
User: Carl
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 228097
Time Elapsed: 10 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Superfish.A, C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [872bbfb488f31e1808532479cc366799], 
PUP.Optional.Superfish.A, C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [d5dda8cbbdbe290dfb60c4d94bb7d22e], 
Trojan.Agent, C:\Users\Carl\AppData\Local\Temp\services.exe.mui, Quarantined, [d9d910630a7193a3207da526669d8b75], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
After using ESET Online Scanner, no threats were found.


#12 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,553 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 05 June 2014 - 05:45 AM

Hi witchetty, :)
 

Could you please advise what anti-virus, anti-malware etc I should install for him to use to help stop this happening again?

If you are looking for paid anti-virus, I will recommend KasperskyInternet Security 2014 or ESET Smart Security. If you are looking for a free alternative, I will recommend avast!.
You have already installed Malwarebytes' Anti-Malware for one of the previous steps which is an excellent anti-malware. Run a full scan with it once in every week.
Also, always keep your firewall enabled.
Summing up, an active updated anti-virus + updated anti-malware + Firewall will keep you away from most dangers. More elaborated in the prevention speech. Do note that anti-virus and anti-malware are two different things and never use more than one anti-virus.

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 
 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#13 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 05 June 2014 - 10:19 AM

Hi Valinorum,

 

Here's the log from DelFix:

 

# DelFix v10.7 - Logfile created 05/06/2014 at 15:59:31
# Updated 27/04/2014 by Xplode
# Username : Carl - CARL-PC
# Operating System : Windows Vista ™ Home Basic  (32 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.35_27.05.2014_21.58.03_log.txt
Deleted : C:\TDSSKiller.3.0.0.35_27.05.2014_22.05.08_log.txt
Deleted : C:\Users\Carl\Desktop\AdwCleaner.exe
Deleted : C:\Users\Carl\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Carl\Desktop\Extras.Txt
Deleted : C:\Users\Carl\Desktop\JRT.exe
Deleted : C:\Users\Carl\Desktop\JRT.txt
Deleted : C:\Users\Carl\Desktop\OTL.Txt
Deleted : C:\Users\Carl\Desktop\OTL.exe
Deleted : C:\Users\Carl\Downloads\JRT (1).exe
Deleted : C:\Users\Carl\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #209 [Windows Update | 05/02/2014 10:08:17]
Deleted : RP #210 [Windows Update | 05/04/2014 15:08:35]
Deleted : RP #211 [Windows Update | 05/07/2014 09:11:59]
Deleted : RP #212 [Windows Update | 05/09/2014 07:40:38]
Deleted : RP #213 [Windows Update | 05/10/2014 16:10:45]
Deleted : RP #214 [Windows Update | 05/12/2014 10:06:47]
Deleted : RP #215 [Windows Update | 05/16/2014 10:03:43]
Deleted : RP #216 [Installed AVG 7.5 | 05/17/2014 10:23:48]
Deleted : RP #217 [Windows Update | 05/17/2014 10:28:12]
Deleted : RP #218 [Windows Update | 05/20/2014 09:19:28]
Deleted : RP #219 [Windows Update | 05/21/2014 10:10:40]
Deleted : RP #220 [Windows Update | 05/22/2014 10:00:25]
Deleted : RP #221 [Windows Update | 05/26/2014 09:26:06]
Deleted : RP #222 [Windows Update | 05/27/2014 10:29:08]
Deleted : RP #223 [Removed Adobe Reader 8 | 05/28/2014 08:50:54]
Deleted : RP #224 [Removed AVG 7.5 | 05/28/2014 08:53:41]
Deleted : RP #225 [Installed AVG 7.5 | 05/28/2014 08:54:35]
Deleted : RP #226 [Removed Adobe Reader 8 | 05/28/2014 08:55:01]
Deleted : RP #227 [Windows Update | 05/28/2014 19:44:52]
Deleted : RP #228 [Windows Update | 06/03/2014 11:37:04]
Deleted : RP #229 [OTL Restore Point - 03/06/2014 13:53:27 | 06/03/2014 12:53:27]
Deleted : RP #230 [Windows Update | 06/04/2014 21:41:40]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
 
Thanks very much for your speedy response, I appreciate it!
 
Just one last question! My neighbour has Microsoft Security Essentials already installed and also CCleaner. Should I uninstall both of these if I install avast! and Filehippo update checker? 
 
Thanks again for all your help  :)


#14 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,553 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:52 AM

Posted 05 June 2014 - 10:28 AM

If you are running free, avast! is better than MSE. CCleaner is good for removing temporary files and cleaning system. Please tell you neighbor not to use the registry cleaning feature of the said tool. Install Filehippo update checker although the current version of avast! has an update checker built-in.

Any questions? :)

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#15 witchetty

witchetty
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 05 June 2014 - 11:11 AM

Fantastic! thank you for answering my questions and sorting out the problems! :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users