Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix detects zero access root kit but doesn't remove it


  • This topic is locked This topic is locked
9 replies to this topic

#1 Wanton

Wanton

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 12 August 2014 - 12:16 PM

Hi 

 

Doing a clean up on an XP computer with Malwarebytes and combofix

Scanned and removed any infected items with Malwarebytes

 

Combofix reported zero access rootkit was found , rebooted and finished scanning

- when i run combofix again it finds it again and does the same thing

 

When i run malwarebytes again, it doesn't find anything

Also ran TDssKiller it found one item,but still combofix comes up with the same message

Any help would be appreciated

 

Thanks

Rich

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 12 August 2014 - 01:24 PM

Hi Rich,

can you please post up the log file that Combofix has produced? (You can find it at c:\combofix.txt).
And in addition run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Wanton

Wanton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 12 August 2014 - 04:52 PM

Thanks for your help aharonov

 

COMBOFIX

 

ComboFix 14-08-12.01 - Martin Lanigan 12/08/2014  22:10:43.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.353.1033.18.2046.1471 [GMT 1:00]
Running from: c:\documents and settings\Martin Lanigan\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-12 to 2014-08-12  )))))))))))))))))))))))))))))))
.
.
2014-08-10 00:58 . 2014-07-02 03:11 8217224 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{15494251-FA94-4D76-82DA-1C06EEF36862}\mpengine.dll
2014-08-09 20:10 . 2006-02-28 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2014-08-09 20:10 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2014-08-09 09:10 . 2014-08-09 09:10 -------- d-----w- C:\TDSSKiller_Quarantine
2014-08-06 18:44 . 2014-08-09 20:40 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-06 18:43 . 2014-08-06 18:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-06 18:43 . 2014-08-06 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-06 18:43 . 2014-05-12 06:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-06 18:43 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-06 18:41 . 2014-08-06 18:41 -------- d-----w- c:\program files\CCleaner
2014-08-06 18:35 . 2014-08-06 18:35 -------- d-----w- c:\program files\RiaNdomPReICe
2014-08-06 18:34 . 2014-08-06 18:34 -------- d-----w- c:\program files\SaaVierExtaEnosiOn
2014-08-06 18:34 . 2014-08-06 18:34 -------- d-----w- c:\program files\ShoOOpDrop
2014-08-06 18:33 . 2011-06-15 12:38 161760 ----a-w- c:\program files\64res.dll
2014-08-06 18:33 . 2014-08-06 18:33 -------- d-----w- c:\program files\UTubearAdBLocker
2014-08-06 18:31 . 2014-08-06 18:31 -------- d-----w- c:\program files\DiasCCoouunuttExtEnsi
2014-08-06 18:30 . 2014-08-06 18:30 -------- d-----w- c:\program files\ALlChEEAApPRice
2014-08-06 18:30 . 2014-08-06 18:30 -------- d-----w- c:\program files\AelLSSavera
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-02 03:11 . 2007-04-10 08:22 8217224 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2004-08-04 10:00 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NDAS Device Management.lnk
backup=c:\windows\pss\NDAS Device Management.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Autodesk Sync]
2012-02-05 23:01 383424 ----a-w- c:\program files\Autodesk\Autodesk Sync\AdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2006-02-28 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-28 19:09 700416 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]
2006-05-30 21:24 61440 ----a-w- c:\windows\emMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 17:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-02-10 15:40 20480 ----a-w- c:\windows\FixCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-23 15:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06ZXLRD_15716375]
2005-06-04 16:04 301776 ----a-w- c:\program files\Microsoft Student\Microsoft Student DVD 2006\EDICT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-01-23 15:44 101136 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-01-12 03:09 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-01-12 03:12 244512 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maple_S2P]
2007-01-16 03:00 253952 ----a-w- c:\program files\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-21 11:12 7204864 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-19 20:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
2007-03-20 14:10 520192 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-20 16:00 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 09:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates]
2009-07-29 12:34 7320872 ----a-w- c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-03 15:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2006-02-28 12:00 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-30 19:43 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-10 14:43 270336 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"RichVideo"=2 (0x2)
"Remote Solver for COSMOSFloWorks 2006"=2 (0x2)
"PCToolsSSDMonitorSvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"ndassvc"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"CoordinatorServiceHost"=3 (0x3)
"btwdins"=2 (0x2)
"Autodesk Content Service"=2 (0x2)
"035d80ae"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Real\\RealUpgrade\\realupgrade.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50248:TCP"= 50248:TCP:Autodesk Content Service
.
R1 ndasfat;NDAS FAT;c:\windows\system32\drivers\ndasfat.sys [15/01/2011 00:55 372584]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [31/01/2012 11:46 19232]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [26/02/2012 16:23 793048]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [08/01/2012 16:08 14976]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S2 035d80ae;Performance Optimizer;c:\windows\system32\rundll32.exe [28/02/2006 13:00 33280]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks\swScheduler\DTSCoordinatorService.exe [31/01/2009 06:01 83240]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [28/12/2012 01:34 136704]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 07:01 2799808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 17:53 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
2014-06-20 c:\windows\Tasks\bach up.job
- c:\windows\system32\ntbackup.exe [2006-02-28 12:00]
.
2011-02-02 c:\windows\Tasks\disketchShakeIcon.job
- c:\program files\NCH Software\Disketch\disketch.exe [2010-12-28 16:33]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:15]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:15]
.
2014-08-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2013-09-22 c:\windows\Tasks\pixillionDowngrade.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-05-24 21:35]
.
2013-09-22 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-05-24 21:35]
.
2011-12-25 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2011-07-02 06:59]
.
2012-01-15 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-07-02 06:59]
.
2014-08-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2014-08-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14]
.
2014-08-12 c:\windows\Tasks\RMSchedule.job
- c:\program files\PC Tools Registry Mechanic\RegMech.exe [2012-02-26 13:34]
.
2014-08-12 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\PC Tools Registry Mechanic\Update.exe [2012-02-26 13:34]
.
2014-08-12 c:\windows\Tasks\User_Feed_Synchronization-{E6130D87-6EBF-4116-8469-7999BA11BBBA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchboxes.info/?pid=1182&r=2013/07/21&hid=742379092&lg=EN&cc=IE&unqvl=28&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - www.google.ie
FF - prefs.js: keyword.URL - hxxp://websearch.searchboxes.info/?pid=1182&r=2013/07/21&hid=742379092&lg=EN&cc=IE&unqvl=28&l=1&q=
FF - ExtSQL: !HIDDEN! 2009-09-01 18:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-10-13 00:00; 64ffxtbr@TelevisionFanatic.com; c:\program files\TelevisionFanatic\bar\1.bin
FF - ExtSQL: !HIDDEN! 2013-10-08 17:30; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files\VideoDownloadConverter_4z\bar\1.bin
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-12 22:19
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ìê*•‘|\comctl32.dll]
"MUIVer"=hex(B):84,08,54,0b,00,00,06,00
"000600000b540ba6"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\L3CODECA.ACM
c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
c:\windows\system32\IEFRAME.dll
.
Completion time: 2014-08-12  22:21:37
ComboFix-quarantined-files.txt  2014-08-12 21:21
ComboFix2.txt  2014-08-10 07:25
ComboFix3.txt  2014-08-09 20:29
.
Pre-Run: 31,282,294,784 bytes free
Post-Run: 31,312,617,472 bytes free
.
- - End Of File - - F96E3F31AF3E3B00A1E9171DA65C7E12
8F558EB6672622401DA993E1E865C861
 
 
 
FRST
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-08-2014 01
Ran by Martin Lanigan (administrator) on T4-EEAD4DA0AA19 on 12-08-2014 22:29:10
Running from C:\Documents and Settings\Martin Lanigan\Desktop
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-3672253965-2410965747-1003979527-1018\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - {1DD83FA5-9D5B-4469-B38C-6D17968ED5D8} URL = http://search.live.com/results.aspx?q={searchTerms}&form=MSNIE8&pc=MSNIE8&src=IE-SearchBox
SearchScopes: HKCU - {9C476D3C-ABF6-416E-9BF6-7CA0B4BC8489} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = 
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = 
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: www.google.ie
FF Keyword.URL: hxxp://websearch.searchboxes.info/?pid=1182&r=2013/07/21&hid=742379092&lg=EN&cc=IE&unqvl=28&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @VideoDownloadConverter_ScriptHelper.com/Plugin -> C:\Program Files\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF SearchPlugin: C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default\searchplugins\yahoo-zugo.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: Freemake Video Downloader - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2011-03-17]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: FreemakeConverter - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2011-03-17]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-30]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2012-12-28]
 
Chrome: 
=======
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-10-12]
CHR HKLM\...\Chrome\Extension: [adjbjkfacpgpolnpnhhckpbfhokppdng] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-03-17]
CHR HKLM\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-03-17]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-11-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [273256 2011-10-23] (Broadcom Corporation.) [File not signed]
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [83240 2009-01-31] (Dassault Systèmes SolidWorks Corp.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-03-12] (Flexera Software, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-10-16] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE [2045632 2006-02-23] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [339968 2011-10-23] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [236520 2011-10-23] (XIMETA, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-05-09] (Hewlett-Packard) [File not signed]
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [143427 2011-10-23] (NVIDIA Corporation) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [52736 2006-05-09] (Hewlett-Packard) [File not signed]
R2 Remote Solver for COSMOSFloWorks 2006; C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [630784 2011-10-23] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2011-10-23] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [651776 2009-08-31] (Nokia) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [81408 2011-10-23] (SolidWorks) [File not signed]
R2 SQLWriter; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [87904 2011-10-23] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2011-10-23] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [302080 2011-10-24] (Microsoft Corporation) [File not signed]
S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2007-01-17] (Samsung Electronics Co., Ltd.) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [22912 2007-01-12] (eMPIA Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [68954 2007-01-26] (Windows ® 2000 DDK provider) [File not signed]
R0 lfsfilt; C:\WINDOWS\System32\DRIVERS\lfsfilt.sys [254440 2007-06-29] (XIMETA, Inc.)
R0 lpx; C:\WINDOWS\System32\DRIVERS\lpx.sys [62056 2007-06-29] (XIMETA, Inc.)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28176 2007-01-23] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15360 2004-08-04] (Microsoft Corporation)
R3 ndasbus; C:\WINDOWS\System32\DRIVERS\ndasbus.sys [75880 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\WINDOWS\system32\DRIVERS\ndasfat.sys [372584 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\WINDOWS\System32\DRIVERS\ndasscsi.sys [187368 2007-06-29] (XIMETA, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20176 2005-04-15] (Sonic Solutions) [File not signed]
R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-26] (Sonix Co. Ltd.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156808 2006-05-25] (SigmaTel, Inc.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [292864 2006-09-12] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [7168 2006-08-22] (eMPIA Technology, Inc.)
R3 catchme; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\catchme.sys [X]
S3 DCamUSBEMPIA; system32\DRIVERS\emDevice.sys [X]
S3 FiltUSBEMPIA; system32\DRIVERS\emFilter.sys [X]
S4 IntelIde; No ImagePath
S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 ScanUSBEMPIA; system32\DRIVERS\emScan.sys [X]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
U3 mbr; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 22:29 - 2014-08-12 22:29 - 00022093 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\FRST.txt
2014-08-12 22:28 - 2014-08-12 22:29 - 00000000 ____D () C:\FRST
2014-08-12 22:28 - 2014-08-12 22:07 - 01091584 _____ (Farbar) C:\Documents and Settings\Martin Lanigan\Desktop\FRST.exe
2014-08-12 22:21 - 2014-08-12 22:29 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00018402 _____ () C:\ComboFix.txt
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student3\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student2\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student2.T4\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student1\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student1.T4\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\lcm\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\Administrator.T4-E6F820B25018\Local Settings\temp
2014-08-12 22:01 - 2014-08-12 22:00 - 05569662 ____R (Swearware) C:\Documents and Settings\Martin Lanigan\Desktop\ComboFix.exe
2014-08-12 13:51 - 2014-08-12 22:27 - 00006197 _____ () C:\WINDOWS\setupapi.log
2014-08-09 21:10 - 2006-02-28 13:00 - 00162816 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\netbt.sys
2014-08-09 21:10 - 2006-02-28 13:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2014-08-09 20:55 - 2014-08-12 22:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-09 20:55 - 2014-08-12 22:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-09 20:54 - 2014-08-12 22:09 - 00023516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-09 19:02 - 2014-08-09 19:02 - 00027523 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\attach.txt
2014-08-09 19:02 - 2014-08-09 19:02 - 00011892 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\dds.txt
2014-08-09 18:55 - 2014-08-12 22:09 - 00213706 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-09 18:55 - 2014-08-09 18:55 - 01931088 _____ (Symantec Corporation) C:\Documents and Settings\Martin Lanigan\Desktop\FixTDSS.exe
2014-08-09 18:50 - 2014-08-09 18:50 - 00334662 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\cc_20140809_185041.reg
2014-08-09 12:14 - 2014-08-09 12:14 - 00783120 _____ (McAfee, Inc.) C:\Documents and Settings\Martin Lanigan\My Documents\iexplore.exe
2014-08-09 12:14 - 2014-08-09 12:14 - 00000404 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\RootkitRemover_20140809_121458.log
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-06 20:33 - 2014-08-06 20:33 - 00000000 _RSHD () C:\cmdcons
2014-08-06 20:33 - 2009-01-25 16:27 - 00000211 _____ () C:\Boot.bak
2014-08-06 20:33 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-06 20:28 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-06 20:28 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-06 20:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-06 20:27 - 2014-08-12 22:21 - 00000000 ____D () C:\Qoobox
2014-08-06 20:27 - 2014-08-09 21:27 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-06 20:22 - 2014-08-06 20:22 - 00001067 _____ () C:\mbytes.txt
2014-08-06 20:18 - 2014-08-06 20:17 - 04755832 _____ (AVG Technologies) C:\Documents and Settings\Martin Lanigan\Desktop\avg_free_stb_all_2014_4744_cnet.exe
2014-08-06 19:44 - 2014-08-09 21:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 19:43 - 2014-08-06 19:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-06 19:43 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-06 19:43 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-06 19:41 - 2014-08-06 19:41 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-06 19:35 - 2014-08-06 19:35 - 00000000 ____D () C:\Program Files\RiaNdomPReICe
2014-08-06 19:34 - 2014-08-06 19:34 - 00000000 ____D () C:\Program Files\ShoOOpDrop
2014-08-06 19:34 - 2014-08-06 19:34 - 00000000 ____D () C:\Program Files\SaaVierExtaEnosiOn
2014-08-06 19:33 - 2014-08-06 19:33 - 00000000 ____D () C:\Program Files\UTubearAdBLocker
2014-08-06 19:33 - 2011-06-15 13:38 - 00161760 _____ () C:\Program Files\64res.dll
2014-08-06 19:31 - 2014-08-06 19:31 - 00000000 ____D () C:\Program Files\DiasCCoouunuttExtEnsi
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\ALlChEEAApPRice
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\AelLSSavera
2014-08-05 19:15 - 2014-08-05 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 14:18 - 2014-07-26 14:23 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\hurling u12 photos 26.07.14
2014-07-14 21:17 - 2014-07-14 21:36 - 00036843 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\boot.dwg
2014-07-14 21:17 - 2014-07-14 21:34 - 00036671 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\boot.bak
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-12 22:29 - 2014-08-12 22:29 - 00022093 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\FRST.txt
2014-08-12 22:29 - 2014-08-12 22:28 - 00000000 ____D () C:\FRST
2014-08-12 22:29 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Local Settings\temp
2014-08-12 22:27 - 2014-08-12 13:51 - 00006197 _____ () C:\WINDOWS\setupapi.log
2014-08-12 22:27 - 2007-03-21 09:58 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-12 22:22 - 2008-10-22 18:22 - 00000440 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E6130D87-6EBF-4116-8469-7999BA11BBBA}.job
2014-08-12 22:21 - 2014-08-12 22:21 - 00018402 _____ () C:\ComboFix.txt
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student3\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student2\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student2.T4\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student1\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\student1.T4\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\lcm\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\temp
2014-08-12 22:21 - 2014-08-12 22:21 - 00000000 ____D () C:\Documents and Settings\Administrator.T4-E6F820B25018\Local Settings\temp
2014-08-12 22:21 - 2014-08-06 20:27 - 00000000 ____D () C:\Qoobox
2014-08-12 22:21 - 2014-06-11 15:56 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-08-12 22:21 - 2007-03-21 09:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-12 22:21 - 2007-03-21 09:58 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-12 22:19 - 2004-08-04 11:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-12 22:09 - 2014-08-09 20:54 - 00023516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-12 22:09 - 2014-08-09 18:55 - 00213706 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-12 22:09 - 2011-10-12 14:43 - 00000304 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job
2014-08-12 22:09 - 2011-10-12 14:43 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job
2014-08-12 22:08 - 2010-02-01 20:15 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 22:08 - 2004-08-04 11:00 - 00002262 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-12 22:07 - 2014-08-12 22:28 - 01091584 _____ (Farbar) C:\Documents and Settings\Martin Lanigan\Desktop\FRST.exe
2014-08-12 22:07 - 2014-08-09 20:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-12 22:07 - 2014-08-09 20:55 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-12 22:06 - 2007-12-07 19:25 - 00000178 ___SH () C:\Documents and Settings\Martin Lanigan\ntuser.ini
2014-08-12 22:00 - 2014-08-12 22:01 - 05569662 ____R (Swearware) C:\Documents and Settings\Martin Lanigan\Desktop\ComboFix.exe
2014-08-12 21:58 - 2007-03-21 10:29 - 00062375 _____ () C:\WINDOWS\system32\nvwsapps.xml
2014-08-12 21:53 - 2010-02-01 20:15 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 20:23 - 2012-02-26 16:23 - 00000506 _____ () C:\WINDOWS\Tasks\RMSmartUpdate.job
2014-08-12 19:00 - 2012-02-26 16:23 - 00000292 _____ () C:\WINDOWS\Tasks\RMSchedule.job
2014-08-10 07:47 - 2007-12-07 19:25 - 00000000 __SHD () C:\Documents and Settings\Martin Lanigan\UserData
2014-08-10 07:47 - 2007-12-07 19:25 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan
2014-08-09 21:40 - 2014-08-06 19:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:27 - 2014-08-06 20:27 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-09 19:07 - 2008-06-07 09:33 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Application Data\AVGTOOLBAR
2014-08-09 19:02 - 2014-08-09 19:02 - 00027523 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\attach.txt
2014-08-09 19:02 - 2014-08-09 19:02 - 00011892 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\dds.txt
2014-08-09 18:55 - 2014-08-09 18:55 - 01931088 _____ (Symantec Corporation) C:\Documents and Settings\Martin Lanigan\Desktop\FixTDSS.exe
2014-08-09 18:50 - 2014-08-09 18:50 - 00334662 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\cc_20140809_185041.reg
2014-08-09 14:20 - 2007-04-17 12:09 - 00000000 ____D () C:\WINDOWS\pss
2014-08-09 14:20 - 2007-03-20 18:39 - 00000327 __RSH () C:\boot.ini
2014-08-09 14:20 - 2004-08-04 11:00 - 00001161 _____ () C:\WINDOWS\win.ini
2014-08-09 12:14 - 2014-08-09 12:14 - 00783120 _____ (McAfee, Inc.) C:\Documents and Settings\Martin Lanigan\My Documents\iexplore.exe
2014-08-09 12:14 - 2014-08-09 12:14 - 00000404 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\RootkitRemover_20140809_121458.log
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-06 20:33 - 2014-08-06 20:33 - 00000000 _RSHD () C:\cmdcons
2014-08-06 20:26 - 2009-05-28 17:46 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Application Data\IM
2014-08-06 20:23 - 2014-06-11 16:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ShoOOpDrop
2014-08-06 20:23 - 2013-12-27 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Performance Optimizer
2014-08-06 20:23 - 2013-05-18 18:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-06 20:23 - 2007-04-06 15:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB911927$
2014-08-06 20:22 - 2014-08-06 20:22 - 00001067 _____ () C:\mbytes.txt
2014-08-06 20:22 - 2014-07-06 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RiaNdomPReICe
2014-08-06 20:22 - 2014-07-03 10:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DiasCCoouunuttExtEnsi
2014-08-06 20:22 - 2014-06-12 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AelLSSavera
2014-08-06 20:22 - 2014-05-22 07:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RRoboSeaver
2014-08-06 20:22 - 2014-03-10 22:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SaaVierExtaEnosiOn
2014-08-06 20:22 - 2014-03-06 23:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RoboSaver
2014-08-06 20:22 - 2013-12-31 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SeaveroExuteNsion
2014-08-06 20:22 - 2013-12-31 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ALlChEEAApPRice
2014-08-06 20:22 - 2013-07-21 10:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BetterSoft
2014-08-06 20:17 - 2014-08-06 20:18 - 04755832 _____ (AVG Technologies) C:\Documents and Settings\Martin Lanigan\Desktop\avg_free_stb_all_2014_4744_cnet.exe
2014-08-06 20:05 - 2007-04-17 14:04 - 00000000 ____D () C:\Program Files\Symantec AntiVirus
2014-08-06 20:05 - 2007-03-26 10:33 - 00000000 ____D () C:\Program Files\Symantec
2014-08-06 20:05 - 2007-03-26 10:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-06 20:05 - 2007-03-26 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-08-06 19:46 - 2011-11-28 08:34 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Application Data\Media Player Classic
2014-08-06 19:46 - 2007-12-27 17:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-06 19:43 - 2014-08-06 19:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-06 19:41 - 2014-08-06 19:41 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-06 19:35 - 2014-08-06 19:35 - 00000000 ____D () C:\Program Files\RiaNdomPReICe
2014-08-06 19:35 - 2013-12-31 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\f8ee453040752db
2014-08-06 19:34 - 2014-08-06 19:34 - 00000000 ____D () C:\Program Files\ShoOOpDrop
2014-08-06 19:34 - 2014-08-06 19:34 - 00000000 ____D () C:\Program Files\SaaVierExtaEnosiOn
2014-08-06 19:33 - 2014-08-06 19:33 - 00000000 ____D () C:\Program Files\UTubearAdBLocker
2014-08-06 19:33 - 2014-02-01 18:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\UTubearAdBLocker
2014-08-06 19:32 - 2010-12-28 17:35 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\Conduit
2014-08-06 19:31 - 2014-08-06 19:31 - 00000000 ____D () C:\Program Files\DiasCCoouunuttExtEnsi
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\ALlChEEAApPRice
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\AelLSSavera
2014-08-05 19:15 - 2014-08-05 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-05 19:00 - 2012-02-26 20:00 - 00000402 _____ () C:\WINDOWS\system32\AppLog.log
2014-08-05 18:57 - 2009-01-09 19:27 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-05 17:11 - 2007-04-17 13:28 - 00002515 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Office Word 2007.lnk
2014-08-02 14:46 - 2007-12-24 17:30 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\Caoimhe!!
2014-07-26 14:23 - 2014-07-26 14:18 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\hurling u12 photos 26.07.14
2014-07-20 16:40 - 2007-12-24 17:30 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\josephine
2014-07-20 15:31 - 2014-06-27 09:33 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\toilet
2014-07-14 21:36 - 2014-07-14 21:17 - 00036843 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\boot.dwg
2014-07-14 21:34 - 2014-07-14 21:17 - 00036671 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\boot.bak
2014-07-14 21:34 - 2008-04-19 17:11 - 00000000 ____D () C:\Program Files\AutoCAD R14
 
ZeroAccess:
C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\de935ba9
C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\de935ba9\@
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-08-2014 01
Ran by Martin Lanigan at 2014-08-12 22:29:51
Running from C:\Documents and Settings\Martin Lanigan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3-D_Dancing_Elf_Demo Screen Saver (HKLM\...\3-D_Dancing_Elf_Demo) (Version:  - )
5700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.11 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
AnneFrankHouse (HKLM\...\AnneFrankHouse) (Version:  - )
Apple Software Update (HKLM\...\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}) (Version: 2.0.2.92 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
ArcSoft ShowBiz DVD 2 (HKLM\...\{A9FC434F-9950-487C-82F1-E1515FA70DA4}) (Version:  - ArcSoft)
AudibleManager (HKLM\...\AudibleManager) (Version: 2147344384.2147340288.1344016.1244472 - Audible, Inc.)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD R14.0 (HKLM\...\AutoCAD R14.0 Uninstall) (Version:  - )
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Become a World Explorer (HKLM\...\{6015E3E1-50DE-4EB6-BC91-6EDA7758AF4F}) (Version: 2.2 - )
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPD_Scan (Version: 2.00.0000 - Hewlett-Packard) Hidden
BPDfax (Version: 70.0.184.000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.27.10 - Broadcom Corporation)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Buzz Lightyear of Star Command (HKLM\...\Buzz Lightyear of Star Command) (Version:  - )
Camtasia Studio 6 (HKLM\...\{A589DA26-51BD-475D-8C32-E19E34145842}) (Version: 6.0.3 - TechSmith Corporation)
Canon CanoScan Toolbox 5.0 (HKLM\...\CanoScan Toolbox 5.0) (Version:  - )
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDDRV_Installer (Version: 1.00.0000 - Logitech Inc.) Hidden
COSMOSFloWorks (HKLM\...\{9944827A-6E24-429C-B232-406E58E19492}) (Version: 14.40.61 - SolidWorks Corporation)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Removable Disk Manager (HKLM\...\Creative Removable Disk Manager) (Version:  - )
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Creative ZEN V Series (R2) (HKLM\...\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}) (Version: 1.0 - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Photo Navigator 1.5 (HKLM\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version:  - )
Dinosaur Activity Center Update (HKLM\...\{29dafe19-5da9-4250-9984-a255088341f2}.sdb) (Version:  - )
Dinosaur Activity Centre (HKLM\...\{210BFFB1-D95E-48DD-8FDC-4C82FC4AA04B}) (Version: 1.0 - )
Disketch CD Label Software (HKLM\...\Disketch) (Version:  - NCH Software)
Disney's Extremely Goofy Skateboarding (HKLM\...\Disney's Extremely Goofy Skateboarding) (Version:  - )
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
doPDF 7.1 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2002 - CyberLink Corporation)
DWGeditor (Version: 17.21.1 - SolidWorks) Hidden
DWGgateway (HKLM\...\{F3862C8A-B25F-4DB2-AF00-B634FAAF867C}) (Version: 3.0.124 - SolidWorks)
eDrawings 2006 (HKLM\...\{E44895E5-15CA-48CB-B136-707E5183BEF3}) (Version: 6.4.197 - SolidWorks)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Family Tree Maker 2005 (HKLM\...\{C13B9ACB-201F-4DED-86FD-F6CF2844C1A9}) (Version:  - )
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Finding Nemo: Nemo's Underwater World of Fun Special Edition (Version: 1.00.0000 - THQ) Hidden
Freemake Video Converter version 2.1.0 (HKLM\...\Freemake Video Converter_is1) (Version: 2.1.0 - Ellora Assets Corporation)
Freemake Video Downloader version 2.1.1 (HKLM\...\Freemake Video Downloader_is1) (Version: 2.1.1 - Ellora Assets Corporation)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892) (HKLM\...\KB970892_SQLTools9) (Version: 9.3.4053 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Officejet All-In-One Series (HKLM\...\HP Officejet All-In-One Series) (Version: 1.0 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Software Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 3.0.7.014 - HEWLET~1|Hewlett-Packard)
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
J5700 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junior Scrabble® (HKLM\...\Junior Scrabble®) (Version:  - )
KhalSetup (Version: 3.30.165 - Logitech) Hidden
K-Lite Codec Pack 7.9.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version:  - )
Learning Essentials for Microsoft Office (HKLM\...\{F772C44F-C840-4054-B00C-727C6B8D879B}) (Version: 1.5 - Microsoft)
LiveUpdate 3.0 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.0.0.160 - Symantec Corporation)
Lizardtech DjVu Control (autoinstall) (HKLM\...\DjVu) (Version:  - )
Logitech Communications Manager (Version: 10.45.1121 - Logitech, Inc.) Hidden
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech SetPoint (HKLM\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 3.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Compact Framework 1.0 SP3 Developer (HKLM\...\{6C531060-84FB-4F96-8F33-29DF020632EB}) (Version: 1.0.4292 - Microsoft Corporation)
Microsoft .NET Compact Framework 2.0 (HKLM\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5238 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Device Emulator version 1.0 - ENU (HKLM\...\{78B75C6D-E53C-424C-BF83-4B63BD4A6682}) (Version: 1.0.50727.42 - Microsoft Corporation)
Microsoft Digital Image 2006 Suite Edition Editor (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Digital Image 2006 Suite Edition Library (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Suite 2006 (HKLM\...\PictureItSuite_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Document Explorer 2005 (HKLM\...\Microsoft Document Explorer 2005) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2005 (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Expression Web (HKLM\...\WebDesigner) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Expression Web (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Expression Web MUI (English) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Expression Web Service Pack 1 (SP1) (HKLM\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}) (Version:  - Microsoft)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Producer for Microsoft Office PowerPoint 2003 (HKLM\...\{155FBB0D-0EE9-42D1-9E41-15E08F691033}) (Version: 2.0.1389.0 - Microsoft Corporation)
Microsoft Reader (HKLM\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (HKLM\...\{1389C6A4-4965-4AEC-9175-08B54A10FA48}) (Version: 3.0.0.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Student 2006 DVD (HKLM\...\{06681881-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Student Graphical Calculator (HKLM\...\{06683840-7A70-4AC6-9340-2EB7E1486914}) (Version: 2006 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2005 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
NDAS Software 3.20.1523 (HKLM\...\{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}) (Version: 3.20.1523 - XIMETA, Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{1597D0AE-34A7-4A8B-A395-2E30EB745470}) (Version: 7.1.20.0 - Nokia)
Nokia Ovi Suite Software Updater (HKLM\...\{91CBABA8-2E52-4EFF-A4A6-26BE8C63CEB7}) (Version: 01.08.000.39420 - Nokia Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
O2 Broadband USB Modem (HKLM\...\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}) (Version: 1.00.0000 - O2)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Ovi Desktop Sync Engine (Version: 1.1.287.0 - Nokia) Hidden
OviMPlatform (Version: 2.5.27.3 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{499B65FF-C8A9-478C-BD83-3E25714D72C9}) (Version: 9.38.0.0 - Nokia)
PC Tools Registry Mechanic 11.0 (HKLM\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
PhotoNow! 1.0 (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 3.0.4310 - CyberLink Corporation)
PhotoView 360 (Version: 17.21.1 - SolidWorks Corporation) Hidden
Pixillion Image Converter (HKLM\...\Pixillion) (Version:  - NCH Software)
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PowerCinema NE for Everio (HKLM\...\{39CEE1F2-12B6-4C50-9131-04BFCA110578}) (Version:  - )
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.00.0000 - CyberLink Corp.)
PowerDirector (Version: 6.00.0000 - CyberLink Corp.) Hidden
PowerDirector Express (HKLM\...\{EDE721EC-870A-11D8-9D75-000129760D75}) (Version:  - )
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074511a(3.7)_Vista_JVC - CyberLink Corp.)
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{5B09BD67-4C99-46A1-8161-B7208CE18121}) (Version: 7.3.0.70 - Apple Inc.)
Readiris Pro 10 (HKLM\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Route Planner UK and Ireland (HKLM\...\Route Planner UK and Ireland) (Version:  - )
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Samsung CLX-216x Series (HKLM\...\Samsung CLX-216x Series) (Version:  - Samsung Electronics CO.,LTD)
Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
SmarThru 4 (HKLM\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version:  - )
SolidProfessor LMS (HKLM\...\{51684C02-B53F-468F-AD87-E3381F3693A8}) (Version: 1.0.1 - SolidProfessor)
SolidWorks 2009 SP02.1 (HKLM\...\SolidWorks Installation Manager 20090-40201-1100-200) (Version: 17.2.1.1 - SolidWorks Corporation)
SolidWorks 2009 SP02.1 (Version: 17.1.0213 - SolidWorks) Hidden
SolidWorks Curriculum and Courseware (2006-2007) (HKLM\...\{E9B491CB-A194-4E2B-8F3B-692423A7BC54}) (Version: 2.00.0000 - SolidWorks)
SolidWorks eDrawings 2009 (Version: 9.2.128 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2009 sp02.1 (Version: 17.21.1 - SolidWorks Corporation) Hidden
SolidWorks Motion 2009 SP02.1 (Version: 17.21.2 - SolidWorks Corporation) Hidden
SolidWorks Simulation 2009 SP02.1 (Version: 17.21.2 - SolidWorks Corporation) Hidden
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Technology in the Class for Learning Essentials (HKLM\...\{Technology in the Class_E7C5D471-7168-42D7-8905-7FE74E6AC660}) (Version:  - )
The Print Shop CD Label Creator (HKLM\...\{8AF872EF-E6C5-41C8-BCA2-1990396D21DE}) (Version:  - Broderbund LLC)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Trust Webcam 15082-02 (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.18.0.108 - Trust)
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB2284654) (HKLM\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B5B7C5DB-74C3-43E0-8413-0C6C1CA4DED0}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB971180) (HKLM\...\KB971180-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB900485) (HKLM\...\KB900485) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB910437) (HKLM\...\KB910437) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB916595) (HKLM\...\KB916595) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB920872) (HKLM\...\KB920872) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB922582) (HKLM\...\KB922582) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB925720) (HKLM\...\KB925720) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (HKLM\...\KB927891) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB929338) (HKLM\...\KB929338) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB930916) (HKLM\...\KB930916) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB931836) (HKLM\...\KB931836) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
Update for Windows XP (KB936357) (HKLM\...\KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB938828) (HKLM\...\KB938828) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB942763) (HKLM\...\KB942763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB942840) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB Audio/Video (HKLM\...\InstallShield_{D7010312-5B14-4FA4-909A-28FDD9072CCB}) (Version: 1.00.0000 - Your Company Name)
USB Audio/Video (Version: 1.00.0000 - Your Company Name) Hidden
Video Journal Version 1.4 (HKLM\...\Video Journal_is1) (Version:  - GirlTech)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.14 - Microsoft Corporation)
Windows Desktop Search 3.01 (HKLM\...\KB917013) (Version: 03.01.6000.72 - Microsoft Corporation)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version: 3.1 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 Hotfix - KB895316 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
ZENcast Organizer (HKLM\...\ZENcast Organizer) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3672253965-2410965747-1003979527-1018_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
17-05-2014 18:52:15 System Checkpoint
17-05-2014 19:00:41 Software Distribution Service 3.0
21-05-2014 20:15:59 Software Distribution Service 3.0
23-05-2014 15:23:30 System Checkpoint
25-05-2014 20:32:18 Software Distribution Service 3.0
27-05-2014 19:12:22 System Checkpoint
30-05-2014 20:03:14 Software Distribution Service 3.0
01-06-2014 12:17:00 System Checkpoint
02-06-2014 16:20:40 System Checkpoint
03-06-2014 14:15:45 Software Distribution Service 3.0
04-06-2014 19:59:30 System Checkpoint
09-06-2014 14:02:00 System Checkpoint
09-06-2014 14:05:47 Software Distribution Service 3.0
10-06-2014 17:25:44 Installed AVG 2014
10-06-2014 17:26:13 Installed AVG 2014
11-06-2014 15:19:56 Software Distribution Service 3.0
12-06-2014 15:52:55 System Checkpoint
13-06-2014 16:19:35 Software Distribution Service 3.0
14-06-2014 16:58:42 System Checkpoint
15-06-2014 18:31:01 System Checkpoint
17-06-2014 09:53:07 System Checkpoint
18-06-2014 06:40:00 Software Distribution Service 3.0
19-06-2014 08:20:54 System Checkpoint
20-06-2014 09:01:40 System Checkpoint
20-06-2014 15:57:11 Software Distribution Service 3.0
22-06-2014 16:45:21 System Checkpoint
23-06-2014 18:40:37 System Checkpoint
25-06-2014 10:24:10 Software Distribution Service 3.0
28-06-2014 11:30:49 System Checkpoint
29-06-2014 16:43:54 System Checkpoint
30-06-2014 15:22:13 Software Distribution Service 3.0
01-07-2014 16:49:47 System Checkpoint
02-07-2014 18:48:17 System Checkpoint
03-07-2014 10:02:03 Software Distribution Service 3.0
04-07-2014 10:12:54 System Checkpoint
05-07-2014 15:21:17 System Checkpoint
09-07-2014 16:21:16 System Checkpoint
09-07-2014 16:24:19 Software Distribution Service 3.0
10-07-2014 20:37:44 System Checkpoint
12-07-2014 19:51:14 Software Distribution Service 3.0
14-07-2014 17:03:47 System Checkpoint
16-07-2014 15:47:33 System Checkpoint
17-07-2014 09:54:49 Software Distribution Service 3.0
19-07-2014 15:03:30 Software Distribution Service 3.0
21-07-2014 15:48:21 System Checkpoint
22-07-2014 10:15:22 Software Distribution Service 3.0
23-07-2014 13:45:53 System Checkpoint
25-07-2014 08:39:03 System Checkpoint
25-07-2014 08:43:40 Software Distribution Service 3.0
26-07-2014 13:39:46 System Checkpoint
28-07-2014 13:57:05 System Checkpoint
29-07-2014 15:56:10 System Checkpoint
30-07-2014 14:20:07 Software Distribution Service 3.0
01-08-2014 14:18:11 System Checkpoint
02-08-2014 13:46:19 Software Distribution Service 3.0
05-08-2014 16:28:55 Software Distribution Service 3.0
06-08-2014 19:04:39 Removed Symantec AntiVirus
09-08-2014 21:08:58 System Checkpoint
10-08-2014 00:58:07 Software Distribution Service 3.0
12-08-2014 13:04:39 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 11:00 - 2014-08-09 21:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\bach up.job => C:\WINDOWS\system32\ntbackup.exe
Task: C:\WINDOWS\Tasks\disketchShakeIcon.job => C:\Program Files\NCH Software\Disketch\disketch.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\pixillionDowngrade.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe
Task: C:\WINDOWS\Tasks\pixillionShakeIcon.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe
Task: C:\WINDOWS\Tasks\prismDowngrade.job => C:\Program Files\NCH Software\Prism\prism.exe
Task: C:\WINDOWS\Tasks\prismShakeIcon.job => C:\Program Files\NCH Software\Prism\prism.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RMSchedule.job => C:\Program Files\PC Tools Registry Mechanic\RegMech.exe
Task: C:\WINDOWS\Tasks\RMSmartUpdate.job => C:\Program Files\PC Tools Registry Mechanic\Update.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{E6130D87-6EBF-4116-8469-7999BA11BBBA}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-02-28 13:00 - 2006-02-28 13:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2010-02-04 20:45 - 2007-01-26 09:03 - 00022723 _____ () C:\WINDOWS\system32\cx21sl3.dll
2006-03-10 18:04 - 2011-10-23 17:24 - 00630784 _____ () C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
2007-12-27 15:38 - 2011-10-23 17:24 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB31429$:SummaryInformation
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NDAS Device Management.lnk => C:\WINDOWS\pss\NDAS Device Management.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: DLA => C:\WINDOWS\System32\DLA\DLACTRLW.EXE
MSCONFIG\startupreg: emMON => emMON.exe
MSCONFIG\startupreg: EverioService => "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
MSCONFIG\startupreg: FixCamera => C:\WINDOWS\FixCamera.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: L06ZXLRD_15716375 => "C:\Program Files\Microsoft Student\Microsoft Student DVD 2006\EDICT.EXE" -m
MSCONFIG\startupreg: Logitech Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LogitechCommunicationsManager => "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
MSCONFIG\startupreg: LVCOMSX => "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
MSCONFIG\startupreg: Maple_S2P => C:\Program Files\Samsung\Samsung CLX-216x Series\SPanel\PSU\Scan2pc.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MSCONFIG\startupreg: Power2GoExpress => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Samsung PanelMgr => C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: snpstd3 => C:\WINDOWS\vsnpstd3.exe
MSCONFIG\startupreg: SolidWorks_CheckForUpdates => "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Synchronization Manager => %SystemRoot%\system32\mobsync.exe /logon
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: tsnpstd3 => C:\WINDOWS\tsnpstd3.exe
MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/12/2014 10:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.exe!ws!]
 
Error: (08/12/2014 10:07:57 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (08/12/2014 01:49:56 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (08/10/2014 08:15:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.exe!ws!]
 
Error: (08/10/2014 08:12:14 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (08/10/2014 07:55:56 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (08/10/2014 07:47:56 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context: Windows Application, SystemIndex Catalog
 
Error: (08/10/2014 07:45:06 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (08/09/2014 09:36:58 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 15466) (User: )
Description: An error occurred during decryption.
 
Error: (08/09/2014 09:34:50 PM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context: Windows Application, SystemIndex Catalog
 
 
System errors:
=============
Error: (08/12/2014 10:09:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (08/12/2014 10:07:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (08/12/2014 10:07:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Performance Optimizer service to connect.
 
Error: (08/12/2014 01:51:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (08/12/2014 01:51:01 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
Error: (08/12/2014 01:49:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (08/12/2014 01:49:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Performance Optimizer service to connect.
 
Error: (08/10/2014 08:13:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ohci1394
 
Error: (08/10/2014 08:13:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (08/10/2014 08:12:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/28/2009 00:28:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 383 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (10/19/2008 04:24:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1869 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error: (10/19/2008 03:51:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 130 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (10/19/2008 03:49:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/19/2008 03:48:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6630 seconds with 2700 seconds of active time.  This session ended with a crash.
 
Error: (10/19/2008 01:57:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 582 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (10/03/2008 05:43:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 83 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (02/07/2008 10:29:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/07/2008 10:28:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13694 seconds with 7140 seconds of active time.  This session ended with a crash.
 
Error: (12/10/2007 09:23:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 96 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 31%
Total physical RAM: 2045.58 MB
Available physical RAM: 1404.31 MB
Total Pagefile: 3937.24 MB
Available Pagefile: 3512.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.36 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.89 GB) (Free:29.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (USB 2GB) (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 8CDD8CDD)
Partition 1: (Not Active) - (Size=125 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 029D34A6)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
 
==================== End Of Log ============================
 
 
 
 


#4 Wanton

Wanton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 August 2014 - 04:26 AM

HI aharonov

 

Can you assist with this ?

 

THanks

 

Rich



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 15 August 2014 - 07:26 AM

Sorry for the delay.


Step 1

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#6 Wanton

Wanton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 August 2014 - 08:53 AM

HI aharonov
 
Here are the updated logs
 
 
# AdwCleaner v3.305 - Report created 15/08/2014 at 14:41:22
# Updated 14/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Martin Lanigan - T4-EEAD4DA0AA19
# Running from : C:\Documents and Settings\Martin Lanigan\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BetterSoft
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ALlChEEAApPRice
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DiasCCoouunuttExtEnsi
Folder Deleted : C:\Documents and Settings\All Users\Application Data\RiaNdomPReICe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SaaVierExtaEnosiOn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\sAfee ssavee
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SeaveroExuteNsion
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ShoOOpDrop
Folder Deleted : C:\Documents and Settings\All Users\Application Data\UTubearAdBLocker
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\ALlChEEAApPRice
Folder Deleted : C:\Program Files\DiasCCoouunuttExtEnsi
Folder Deleted : C:\Program Files\RiaNdomPReICe
Folder Deleted : C:\Program Files\SaaVierExtaEnosiOn
Folder Deleted : C:\Program Files\ShoOOpDrop
Folder Deleted : C:\Program Files\UTubearAdBLocker
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\EZDownloader
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\registry mechanic
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\Uniblue
Folder Deleted : C:\Documents and Settings\Martin Lanigan\My Documents\Video Converter
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default\Conduit
Folder Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default\ConduitEngine
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol
File Deleted : C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default\searchplugins\yahoo-zugo.xml
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Upd Inst
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OptimizerPro
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default\prefs.js ]
 
Line Deleted : user_pref("CT2801948..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2801948.CTID", "CT2801948");
Line Deleted : user_pref("CT2801948.CurrentServerDate", "18-5-2013");
Line Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Sat May 18 2013 18:32:11 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.FirstServerDate", "16-1-2011");
Line Deleted : user_pref("CT2801948.FirstTime", true);
Line Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Line Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2801948.Initialize", true);
Line Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2801948.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2801948.InstalledDate", "Sun Jan 16 2011 15:48:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2801948.InvalidateCache", false);
Line Deleted : user_pref("CT2801948.IsGrouping", false);
Line Deleted : user_pref("CT2801948.IsMulticommunity", false);
Line Deleted : user_pref("CT2801948.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Sat May 18 2013 18:22:13 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2801948.LastLogin_3.2.5.2", "Sat May 18 2013 18:22:08 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.LatestVersion", "3.18.0.7");
Line Deleted : user_pref("CT2801948.Locale", "en-us");
Line Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Line Deleted : user_pref("CT2801948.RadioLastCheckTime", "Sat May 18 2013 18:22:07 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
Line Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Line Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Line Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Line Deleted : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Line Deleted : user_pref("CT2801948.SavedHomepage", "resource:/browserconfig.properties");
Line Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Sat May 18 2013 18:22:06 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Sat May 18 2013 18:22:07 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Sat May 18 2013 18:22:06 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.SettingsLastUpdate", "1368864719");
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Sun May 12 2013 11:56:44 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2801948.UserID", "UN52110311368598185");
Line Deleted : user_pref("CT2801948.ValidationData_Search", 2);
Line Deleted : user_pref("CT2801948.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2801948.WeatherNetwork", "");
Line Deleted : user_pref("CT2801948.WeatherPollDate", "Sat May 18 2013 18:22:08 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.WeatherUnit", "C");
Line Deleted : user_pref("CT2801948.alertChannelId", "1194029");
Line Deleted : user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.isenabled", "59");
Line Deleted : user_pref("CT2801948.backendstorage.searchappstate", "32");
Line Deleted : user_pref("CT2801948.backendstorage.searchapptracking", "73656E74");
Line Deleted : user_pref("CT2801948.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
Line Deleted : user_pref("CT2801948.components.129306881624250628", false);
Line Deleted : user_pref("CT2801948.myStuffEnabled", true);
Line Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2801948.testingCtid", "");
Line Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Sat May 18 2013 18:22:08 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Sun May 12 2013 11:56:50 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CT2801948.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"b81721623abf092f1b6c44b0bc2f8e793\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/IE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"1337033611\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT2801948", "G9mW7heT/8xIX1frcduu0A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT2801948", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT2801948", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT2801948", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"6341c50648fd59897cde84cfa3927631\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634339976460000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"1321973107\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"1312118228\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"3000549f1517f7be153d6922570e88ae\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2801948");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "nch_en");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2801948");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "nch_en");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2801948,ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat May 18 2013 18:22:06 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat May 18 2013 18:22:06 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "88b63368-c78b-4ccc-a6c5-ff903e1b3424");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "01/16/2011 18");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Jan 16 2011 15:48:50 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat May 18 2013 18:22:09 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat May 18 2013 18:22:08 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat May 18 2013 18:22:08 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN50467823602326830");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-GB");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat May 18 2013 18:22:13 GMT+0100 (GMT Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchboxes.info/?pid=1182&r=2013/07/21&hid=742379092&lg=EN&cc=IE&unqvl=28&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.49oXnbb53.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Deleted : user_pref("extensions.51eba50b37f3f.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.getElementById('shk85shs[...]
Line Deleted : user_pref("extensions.51eba58791204.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5[...]
Line Deleted : user_pref("extensions.5FMbyDPZaxl.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]
Line Deleted : user_pref("extensions.66rZ5ufsqJdS.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.81_ehBDmPqrt.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
Line Deleted : user_pref("extensions.JrrP7lg5RH.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.KOQL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]
Line Deleted : user_pref("extensions.dz1HUvP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]
Line Deleted : user_pref("extensions.enabledItems", "engine@conduit.com:3.2.5.2,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2,{5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.4.0,[...]
Line Deleted : user_pref("extensions.hn62MKRA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchboxes.info/?pid=1182&r=2013/07/21&hid=742379092&lg=EN&cc=IE&unqvl=28&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v31.0.1650.63
 
*************************
 
AdwCleaner[R0].txt - [23498 octets] - [15/08/2014 14:36:00]
AdwCleaner[S0].txt - [23805 octets] - [15/08/2014 14:41:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23866 octets] ##########
 
 
 
 
 
 
 
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-08-2014
Ran by Martin Lanigan (administrator) on T4-EEAD4DA0AA19 on 15-08-2014 14:48:04
Running from C:\Documents and Settings\Martin Lanigan\Desktop
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(XIMETA, Inc.) C:\Program Files\NDAS\System\ndassvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-3672253965-2410965747-1003979527-1018\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKCU - {1DD83FA5-9D5B-4469-B38C-6D17968ED5D8} URL = http://search.live.com/results.aspx?q={searchTerms}&form=MSNIE8&pc=MSNIE8&src=IE-SearchBox
SearchScopes: HKCU - {9C476D3C-ABF6-416E-9BF6-7CA0B4BC8489} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Martin Lanigan\Application Data\Mozilla\Firefox\Profiles\ol4nbsyg.default
FF Homepage: www.google.ie
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-10]
FF HKLM\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: Freemake Video Downloader - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2011-03-17]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: FreemakeConverter - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2011-03-17]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-11-30]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2012-12-28]
 
Chrome: 
=======
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-10-12]
CHR HKLM\...\Chrome\Extension: [adjbjkfacpgpolnpnhhckpbfhokppdng] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-03-17]
CHR HKLM\...\Chrome\Extension: [dbgalemaidlifaeappogmgmgifhkfkee] - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2011-03-17]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-11-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [273256 2011-10-23] (Broadcom Corporation.) [File not signed]
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [83240 2009-01-31] (Dassault Systèmes SolidWorks Corp.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-03-12] (Flexera Software, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-10-16] (Oracle Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE [2045632 2006-02-23] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [339968 2011-10-23] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-24] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 ndassvc; C:\Program Files\NDAS\System\ndassvc.exe [236520 2011-10-23] (XIMETA, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-05-09] (Hewlett-Packard) [File not signed]
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [143427 2011-10-23] (NVIDIA Corporation) [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [52736 2006-05-09] (Hewlett-Packard) [File not signed]
R2 Remote Solver for COSMOSFloWorks 2006; C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [630784 2011-10-23] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2011-10-23] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [651776 2009-08-31] (Nokia) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [81408 2011-10-23] (SolidWorks) [File not signed]
R2 SQLWriter; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [87904 2011-10-23] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2011-10-23] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [302080 2011-10-24] (Microsoft Corporation) [File not signed]
S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R2 DgiVecp; C:\WINDOWS\system32\Drivers\DgiVecp.sys [41984 2007-01-17] (Samsung Electronics Co., Ltd.) [File not signed]
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [22912 2007-01-12] (eMPIA Technology, Inc.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [68954 2007-01-26] (Windows ® 2000 DDK provider) [File not signed]
R0 lfsfilt; C:\WINDOWS\System32\DRIVERS\lfsfilt.sys [254440 2007-06-29] (XIMETA, Inc.)
R0 lpx; C:\WINDOWS\System32\DRIVERS\lpx.sys [62056 2007-06-29] (XIMETA, Inc.)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28176 2007-01-23] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15360 2004-08-04] (Microsoft Corporation)
R3 ndasbus; C:\WINDOWS\System32\DRIVERS\ndasbus.sys [75880 2007-06-29] (XIMETA, Inc.)
R1 ndasfat; C:\WINDOWS\system32\DRIVERS\ndasfat.sys [372584 2007-06-29] (XIMETA, Inc.)
S3 ndasscsi; C:\WINDOWS\System32\DRIVERS\ndasscsi.sys [187368 2007-06-29] (XIMETA, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20176 2005-04-15] (Sonic Solutions) [File not signed]
R2 SBKUPNT; C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] () [File not signed]
S3 SNPSTD3; C:\WINDOWS\System32\DRIVERS\snpstd3.sys [10252544 2007-03-26] (Sonix Co. Ltd.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156808 2006-05-25] (SigmaTel, Inc.)
S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [292864 2006-09-12] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [7168 2006-08-22] (eMPIA Technology, Inc.)
S3 catchme; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\catchme.sys [X]
S3 DCamUSBEMPIA; system32\DRIVERS\emDevice.sys [X]
S3 FiltUSBEMPIA; system32\DRIVERS\emFilter.sys [X]
S4 IntelIde; No ImagePath
S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X]
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 ScanUSBEMPIA; system32\DRIVERS\emScan.sys [X]
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 14:47 - 2014-08-15 14:47 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\FRST-OlderVersion
2014-08-15 14:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-15 14:35 - 2014-08-15 14:41 - 00000000 ____D () C:\AdwCleaner
2014-08-15 14:35 - 2014-08-15 14:35 - 01356107 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\AdwCleaner.exe
2014-08-15 11:23 - 2014-08-15 11:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-15 00:12 - 2014-08-15 14:48 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00018389 _____ () C:\ComboFix.txt
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student3\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student2\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student2.T4\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student1\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student1.T4\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\lcm\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\Administrator.T4-E6F820B25018\Local Settings\temp
2014-08-14 14:37 - 2014-08-14 14:37 - 00001145 _____ () C:\WINDOWS\setupact.log
2014-08-14 14:37 - 2014-08-14 14:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-12 22:29 - 2014-08-15 14:48 - 00019920 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\FRST.txt
2014-08-12 22:29 - 2014-08-12 22:30 - 00051791 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\Addition.txt
2014-08-12 22:28 - 2014-08-15 14:48 - 00000000 ____D () C:\FRST
2014-08-12 22:28 - 2014-08-15 14:47 - 01092096 _____ (Farbar) C:\Documents and Settings\Martin Lanigan\Desktop\FRST.exe
2014-08-12 22:01 - 2014-08-14 23:52 - 05571320 ____R (Swearware) C:\Documents and Settings\Martin Lanigan\Desktop\ComboFix.exe
2014-08-12 13:51 - 2014-08-14 14:43 - 00018810 _____ () C:\WINDOWS\setupapi.log
2014-08-09 21:10 - 2006-02-28 13:00 - 00162816 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\netbt.sys
2014-08-09 21:10 - 2006-02-28 13:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2014-08-09 20:55 - 2014-08-15 14:43 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-09 20:55 - 2014-08-15 14:43 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-09 20:54 - 2014-08-15 14:41 - 00032638 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-09 19:02 - 2014-08-09 19:02 - 00027523 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\attach.txt
2014-08-09 19:02 - 2014-08-09 19:02 - 00011892 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\dds.txt
2014-08-09 18:55 - 2014-08-15 14:44 - 00271208 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-09 18:55 - 2014-08-09 18:55 - 01931088 _____ (Symantec Corporation) C:\Documents and Settings\Martin Lanigan\Desktop\FixTDSS.exe
2014-08-09 18:50 - 2014-08-09 18:50 - 00334662 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\cc_20140809_185041.reg
2014-08-09 12:14 - 2014-08-09 12:14 - 00783120 _____ (McAfee, Inc.) C:\Documents and Settings\Martin Lanigan\My Documents\iexplore.exe
2014-08-09 12:14 - 2014-08-09 12:14 - 00000404 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\RootkitRemover_20140809_121458.log
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-06 20:33 - 2014-08-06 20:33 - 00000000 _RSHD () C:\cmdcons
2014-08-06 20:33 - 2009-01-25 16:27 - 00000211 _____ () C:\Boot.bak
2014-08-06 20:33 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-06 20:28 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-06 20:28 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-06 20:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-06 20:28 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-06 20:27 - 2014-08-15 00:12 - 00000000 ____D () C:\Qoobox
2014-08-06 20:27 - 2014-08-09 21:27 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-06 20:22 - 2014-08-06 20:22 - 00001067 _____ () C:\mbytes.txt
2014-08-06 20:18 - 2014-08-06 20:17 - 04755832 _____ (AVG Technologies) C:\Documents and Settings\Martin Lanigan\Desktop\avg_free_stb_all_2014_4744_cnet.exe
2014-08-06 19:44 - 2014-08-09 21:40 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 19:43 - 2014-08-06 19:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-06 19:43 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-06 19:43 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-06 19:41 - 2014-08-06 19:41 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-06 19:33 - 2011-06-15 13:38 - 00161760 _____ () C:\Program Files\64res.dll
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\AelLSSavera
2014-08-05 19:15 - 2014-08-05 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-26 14:18 - 2014-07-26 14:23 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\hurling u12 photos 26.07.14
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 14:48 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Local Settings\temp
2014-08-15 14:48 - 2014-08-12 22:29 - 00019920 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\FRST.txt
2014-08-15 14:48 - 2014-08-12 22:28 - 00000000 ____D () C:\FRST
2014-08-15 14:47 - 2014-08-15 14:47 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\FRST-OlderVersion
2014-08-15 14:47 - 2014-08-12 22:28 - 01092096 _____ (Farbar) C:\Documents and Settings\Martin Lanigan\Desktop\FRST.exe
2014-08-15 14:46 - 2014-06-11 15:56 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-08-15 14:45 - 2011-10-12 14:43 - 00000304 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job
2014-08-15 14:45 - 2011-10-12 14:43 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3672253965-2410965747-1003979527-1018.job
2014-08-15 14:45 - 2010-02-01 20:15 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 14:45 - 2007-03-21 10:29 - 00062375 _____ () C:\WINDOWS\system32\nvwsapps.xml
2014-08-15 14:45 - 2004-08-04 11:00 - 00002262 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-15 14:44 - 2014-08-09 18:55 - 00271208 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-15 14:43 - 2014-08-09 20:55 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-15 14:43 - 2014-08-09 20:55 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-15 14:43 - 2007-03-21 09:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-15 14:43 - 2007-03-21 09:58 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-15 14:41 - 2014-08-15 14:35 - 00000000 ____D () C:\AdwCleaner
2014-08-15 14:41 - 2014-08-09 20:54 - 00032638 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-15 14:41 - 2007-12-07 19:25 - 00000178 ___SH () C:\Documents and Settings\Martin Lanigan\ntuser.ini
2014-08-15 14:35 - 2014-08-15 14:35 - 01356107 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\AdwCleaner.exe
2014-08-15 11:23 - 2014-08-15 11:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-15 11:23 - 2012-02-26 16:23 - 00000506 _____ () C:\WINDOWS\Tasks\RMSmartUpdate.job
2014-08-15 10:53 - 2010-02-01 20:15 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 00:12 - 2014-08-15 00:12 - 00018389 _____ () C:\ComboFix.txt
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student3\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student2\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student2.T4\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student1\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\student1.T4\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\lcm\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\temp
2014-08-15 00:12 - 2014-08-15 00:12 - 00000000 ____D () C:\Documents and Settings\Administrator.T4-E6F820B25018\Local Settings\temp
2014-08-15 00:12 - 2014-08-06 20:27 - 00000000 ____D () C:\Qoobox
2014-08-15 00:10 - 2004-08-04 11:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-14 23:52 - 2014-08-12 22:01 - 05571320 ____R (Swearware) C:\Documents and Settings\Martin Lanigan\Desktop\ComboFix.exe
2014-08-14 14:43 - 2014-08-12 13:51 - 00018810 _____ () C:\WINDOWS\setupapi.log
2014-08-14 14:41 - 2008-10-22 18:22 - 00000440 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E6130D87-6EBF-4116-8469-7999BA11BBBA}.job
2014-08-14 14:37 - 2014-08-14 14:37 - 00001145 _____ () C:\WINDOWS\setupact.log
2014-08-14 14:37 - 2014-08-14 14:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-12 22:30 - 2014-08-12 22:29 - 00051791 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\Addition.txt
2014-08-12 22:21 - 2007-03-21 09:58 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-08-12 19:00 - 2012-02-26 16:23 - 00000292 _____ () C:\WINDOWS\Tasks\RMSchedule.job
2014-08-10 07:47 - 2007-12-07 19:25 - 00000000 __SHD () C:\Documents and Settings\Martin Lanigan\UserData
2014-08-10 07:47 - 2007-12-07 19:25 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan
2014-08-09 21:40 - 2014-08-06 19:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-09 21:27 - 2014-08-06 20:27 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-09 19:07 - 2008-06-07 09:33 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Application Data\AVGTOOLBAR
2014-08-09 19:02 - 2014-08-09 19:02 - 00027523 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\attach.txt
2014-08-09 19:02 - 2014-08-09 19:02 - 00011892 _____ () C:\Documents and Settings\Martin Lanigan\Desktop\dds.txt
2014-08-09 18:55 - 2014-08-09 18:55 - 01931088 _____ (Symantec Corporation) C:\Documents and Settings\Martin Lanigan\Desktop\FixTDSS.exe
2014-08-09 18:50 - 2014-08-09 18:50 - 00334662 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\cc_20140809_185041.reg
2014-08-09 14:20 - 2007-04-17 12:09 - 00000000 ____D () C:\WINDOWS\pss
2014-08-09 14:20 - 2007-03-20 18:39 - 00000327 __RSH () C:\boot.ini
2014-08-09 14:20 - 2004-08-04 11:00 - 00001161 _____ () C:\WINDOWS\win.ini
2014-08-09 12:14 - 2014-08-09 12:14 - 00783120 _____ (McAfee, Inc.) C:\Documents and Settings\Martin Lanigan\My Documents\iexplore.exe
2014-08-09 12:14 - 2014-08-09 12:14 - 00000404 _____ () C:\Documents and Settings\Martin Lanigan\My Documents\RootkitRemover_20140809_121458.log
2014-08-09 10:10 - 2014-08-09 10:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-06 20:33 - 2014-08-06 20:33 - 00000000 _RSHD () C:\cmdcons
2014-08-06 20:26 - 2009-05-28 17:46 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Application Data\IM
2014-08-06 20:23 - 2013-12-27 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Performance Optimizer
2014-08-06 20:23 - 2013-05-18 18:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-06 20:23 - 2007-04-06 15:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB911927$
2014-08-06 20:22 - 2014-08-06 20:22 - 00001067 _____ () C:\mbytes.txt
2014-08-06 20:22 - 2014-06-12 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AelLSSavera
2014-08-06 20:22 - 2014-05-22 07:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RRoboSeaver
2014-08-06 20:22 - 2014-03-06 23:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RoboSaver
2014-08-06 20:17 - 2014-08-06 20:18 - 04755832 _____ (AVG Technologies) C:\Documents and Settings\Martin Lanigan\Desktop\avg_free_stb_all_2014_4744_cnet.exe
2014-08-06 20:05 - 2007-04-17 14:04 - 00000000 ____D () C:\Program Files\Symantec AntiVirus
2014-08-06 20:05 - 2007-03-26 10:33 - 00000000 ____D () C:\Program Files\Symantec
2014-08-06 20:05 - 2007-03-26 10:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-06 20:05 - 2007-03-26 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-08-06 19:46 - 2011-11-28 08:34 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Application Data\Media Player Classic
2014-08-06 19:46 - 2007-12-27 17:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-06 19:43 - 2014-08-06 19:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 19:43 - 2014-08-06 19:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-06 19:41 - 2014-08-06 19:41 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 19:41 - 2014-08-06 19:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-06 19:35 - 2013-12-31 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\f8ee453040752db
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\AelLSSavera
2014-08-05 19:15 - 2014-08-05 19:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-05 19:00 - 2012-02-26 20:00 - 00000402 _____ () C:\WINDOWS\system32\AppLog.log
2014-08-05 18:57 - 2009-01-09 19:27 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-05 17:11 - 2007-04-17 13:28 - 00002515 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Office Word 2007.lnk
2014-08-02 14:46 - 2007-12-24 17:30 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\Caoimhe!!
2014-07-26 14:23 - 2014-07-26 14:18 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\hurling u12 photos 26.07.14
2014-07-20 16:40 - 2007-12-24 17:30 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\josephine
2014-07-20 15:31 - 2014-06-27 09:33 - 00000000 ____D () C:\Documents and Settings\Martin Lanigan\Desktop\toilet
 
ZeroAccess:
C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\de935ba9
C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\de935ba9\@
 
Some content of TEMP:
====================
C:\Documents and Settings\Martin Lanigan\Local Settings\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 15 August 2014 - 09:00 AM

How is your computer running now?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#8 Wanton

Wanton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 August 2014 - 11:39 AM

Hi

I've been able to use the computer ok, a bit slow on startup but would expect that for its age

I don't notice any major difference but to be honest i have only been following your instructions

 

Here is the Esat log

 

 

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Disketch\disketch.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Disketch\disketchsetup_v2.11.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Disketch\uninst.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Pixillion\pixillion.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Pixillion\pixsetup_v2.29.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Pixillion\uninst.exe.vir a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\prism.exe.vir a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\prismsetup_v1.61.exe.vir a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\uninst.exe.vir a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\Documents and Settings\All Users\Application Data\InstallMate\{14243A49-BEC3-4F51-ADBA-F6E1CFC718BF}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Documents and Settings\Martin Lanigan\Desktop\Unused Desktop Shortcuts\IE8-Setup-Full-x32.exe a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Qoobox\Quarantine\C\Documents and Settings\Martin Lanigan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khbjjmicbjlfndiegbhjmpchnhcmphle\1\51eba50b37df95.19208600.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Documents and Settings\Martin Lanigan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knnfbcmkhfofpenimdhmfkpflemjeckm\1\51eba5879109b7.57477223.js.vir Win32/Adware.MultiPlug.H application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1467\A0233746.dll Win32/GenUpdater potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1469\A0234861.dll Win32/GenUpdater potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1472\A0234937.dll Win32/GenUpdater potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1472\A0235000.dll Win32/GenUpdater potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1476\A0235038.exe Win32/TrojanDownloader.Agent.AFD trojan
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1476\A0235039.dll a variant of Win32/SProtector.D potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1476\A0235041.exe Win32/GenUpdater potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1476\A0235047.dll Win32/GenUpdater potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242568.dll a variant of Win32/AdWare.MultiPlug.Y application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242570.dll a variant of Win32/AdWare.MultiPlug.N application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242572.dll a variant of Win32/AdWare.MultiPlug.AY application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242584.dll a variant of Win32/AdWare.MultiPlug.BN application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242618.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242620.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242621.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242622.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242623.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242624.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242625.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242626.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242627.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242628.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242629.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242631.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242632.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242633.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242634.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242635.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242636.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242637.exe Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242638.exe Win32/Toolbar.Conduit.V potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242639.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242640.dll Win32/Toolbar.Conduit.O potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242641.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242642.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242643.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242644.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242645.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242649.dll a variant of Win32/AdWare.MultiPlug.N application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242659.exe Win32/RegistryBooster potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242660.exe probably a variant of Win32/RegistryBooster potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242668.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242669.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242670.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242671.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242672.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242673.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242674.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242675.dll probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242676.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242677.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242678.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242679.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242680.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242681.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242682.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242683.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242684.dll a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242685.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242686.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242687.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242688.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242689.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242690.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242691.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242692.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242693.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242695.dll Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242696.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242697.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242700.exe Win32/Toolbar.Zugo potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242701.exe Win32/Toolbar.Zugo.E potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242702.dll Win32/Toolbar.Zugo potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242703.exe Win32/Toolbar.Zugo potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242704.exe Win32/Toolbar.Zugo potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242707.dll a variant of Win32/AdWare.MultiPlug.Y application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242709.dll a variant of Win32/AdWare.MultiPlug.N application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1517\A0242711.dll a variant of Win32/AdWare.MultiPlug.AY application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247234.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247235.exe Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247236.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247237.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247238.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247239.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247240.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247241.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247242.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247243.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247244.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247245.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247246.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247247.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247248.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247249.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247250.exe Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247251.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247252.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247253.dll probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247254.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247255.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247256.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247257.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247258.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247259.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247260.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247261.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247262.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247263.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247264.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247265.dll Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247266.exe Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247267.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247269.DLL a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247270.exe a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247273.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247274.dll Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247275.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247276.DLL Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247277.DLL probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247278.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247279.exe a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247280.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247290.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247291.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247334.exe a variant of Win32/AdWare.MultiPlug.Y application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247394.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1518\A0247395.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250571.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250572.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250573.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250574.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250575.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250576.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250577.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250578.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250579.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250580.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250581.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\System Volume Information\_restore{A6740A1F-9933-4786-B8DA-0FD234E024BB}\RP1522\A0250582.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A potentially unwanted application


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 15 August 2014 - 01:34 PM

The log is looking good, no more active malware or adware.
But your system is severly outdated. Your Windows XP is missing the latest service pack. And in addition Windows XP has reached end-of-life. I'd recommend to switch to a more recent operation system (Windows 7 or 8) the sooner the better.


Please download this attached Attached File  fixlist.txt   1.01KB   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.



That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.07)
Java 7 Update 7

Your operating system is outdated too: Download and install Service Pack 3 for Windows XP.



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#10 Wanton

Wanton
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 15 August 2014 - 06:59 PM

Last Log from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-08-2014
Ran by Martin Lanigan at 2014-08-15 20:18:39 Run:1
Running from C:\Documents and Settings\Martin Lanigan\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\de935ba9
2014-08-06 20:22 - 2014-06-12 14:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AelLSSavera
2014-08-06 20:22 - 2014-05-22 07:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RRoboSeaver
2014-08-06 20:22 - 2014-03-06 23:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RoboSaver
2014-08-06 19:35 - 2013-12-31 10:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\f8ee453040752db
2014-08-06 19:30 - 2014-08-06 19:30 - 00000000 ____D () C:\Program Files\AelLSSavera
S2 035d80ae; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\applic~1\perfor~1\PerformanceOptimizerSvc.dll",service
2014-08-06 19:33 - 2011-06-15 13:38 - 00161760 _____ () C:\Program Files\64res.dll
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3672253965-2410965747-1003979527-1018\...\Policies\Explorer: [] 
EmptyTemp:
 
*****************
 
C:\Documents and Settings\Martin Lanigan\Local Settings\Application Data\de935ba9 => Moved successfully.
C:\Documents and Settings\All Users\Application Data\AelLSSavera => Moved successfully.
C:\Documents and Settings\All Users\Application Data\RRoboSeaver => Moved successfully.
C:\Documents and Settings\All Users\Application Data\RoboSaver => Moved successfully.
C:\Documents and Settings\All Users\Application Data\f8ee453040752db => Moved successfully.
C:\Program Files\AelLSSavera => Moved successfully.
035d80ae => Service deleted successfully.
C:\Program Files\64res.dll => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3672253965-2410965747-1003979527-1018\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
EmptyTemp: => Removed 92 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users