Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92398 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removing a programme called Spy Alert [Solved]


  • This topic is locked This topic is locked
73 replies to this topic

#1 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 13 October 2013 - 12:32 PM

My housemate accidentally downloaded this programme called Spy Alert (the icon looks like a fedora). Unfortunately, I think it may have infected her computer, and I'm concerned that it might affect the rest of the computers in our house. Here's what I've done thus far:

I booted her computer, an ASUS laptop running XP Service Pack 3, into safe mode and ran Spybot search and destroy. It found 178 pieces of spyware, which I then removed. The computer seemed to be running a bit faster, but I was still concerned, so I then restarted it back into normal Windows mode and ran Malwarebytes. After a couple of hours, Malwarebytes informed me that it had found 67 pieces of malware. I then deleted those, and the problem appeared to resolve itself.

Then, this afternoon, I booted up her laptop one last time to run a final check, and lo and behold, the fedora icon had reappeared in the task bar (on the side next to the clock). I tried to manually remove it using the Add and remove programme, which sort of worked. By this I mean that it appeared to remove it from the internal files, but for some strange reason, that fedora is still on the task bar.

Sorry if this is a bit long-winded, but I'm just about at my wits' end. I also really want to give her back a Spy Alert free computer. Thanks in advance for any suggestions.

I love The Beatles and The Beatles love me.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 October 2013 - 10:47 PM

Hi beatles4life,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Posted Image Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

Posted Image aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
Posted Image OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 14 October 2013 - 12:38 PM

Hello OCD,

Thank you very much for your quick response. One quick question before I go any further: should I download these files onto my own computer and then transfer them to my housemate's computer with a usb stick, or should I download them directly onto her computer?

Thanks again,
Beatles4Life

I love The Beatles and The Beatles love me.

#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 October 2013 - 12:54 PM

Hi Beatles4Life,

Either way is fine. But the tools must be run from the desktop of the infected computer.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 14 October 2013 - 03:22 PM

Dear OCD,

Many thanks for the quick response. Here are the results from the security check test. I am running the Avast test as I am typing this.

Beatles4Life

Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Cloud Antivirus
Ad-Aware Antivirus
FirewallEngine
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Flash Player 11.9.900.117
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4527.0\AdAwareService.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.0.4527.0\AdAwareTray.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
I love The Beatles and The Beatles love me.

#6 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 14 October 2013 - 04:02 PM

Dear OCD,

This is very strange...

I'm still running the Avast scan, and the computer doesn't seem to be doing anything. The Avast log says that it started scanning the Search protection file (under C:\Documents and Settings\All users\Application Data\Search Protection) at 22.27, but it's been just over half an hour and I'm not getting any sort of 'scan complete' message. I can't figure out if Avast has finished scanning and I should save the log, or if I should just carry on.

::a minute later::

The computer just went into screen-saver mode, and when I moved the track-pad to reawaken it, the Avast screen went black for a second before everything suddenly returned to normal.

Beatles4Life

I love The Beatles and The Beatles love me.

#7 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 14 October 2013 - 05:06 PM

Dear OCD,

Avast appears to have finished scanning. I had it save the log, which made the laptop run really slowly. While I was waiting for it to save, I noticed that some of the desktop short-cut icons had disappeared or looked as though they had been 'sawn' (for lack of a better term) in half. At the moment, I am trying to prepare the logs for copying and zipping, but the computer is behaving very strangely. I copied and pasted your instructions into Word so that I could read them on the computer, but as I went to access them to find out what to do next, the screen in Word went completely white and the Microsoft hourglass appeared instead. I've also noticed that the track-pad is being unresponsive, and pressing Control- Alt- Delete has no effect at all.

Is there any way to get back to the log so I can copy it into this thread?

Thanks,
Beatles4Life

I love The Beatles and The Beatles love me.

#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 October 2013 - 05:35 PM

Hi beatles4life,

There are a few items from your Security Check scan that we can address right now that might help alleviate some of the unresponsiveness you are experiencing.

Posted Image Multiple Anti-Virus Programs Installed

I notice that you have both Panda Cloud Antivirus and Ad-Aware Antivirus installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.

Please uninstall either Panda Cloud Antivirus or Ad-Aware Antivirus (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

=========================

The same goes for the Firewalls, please disable one of them.
  • Windows Firewall
  • FirewallEngine
=========================

Is there any way to get back to the log so I can copy it into this thread?

If the scan completed the logs should be located on your desktop.

=========================

Your hard drive is severely fragmented -Total Fragmentation on Drive C:: 20%

Posted Image Disk Defragmenter for XP
  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.
=========================

Posted Image Reboot

=========================

If logs were not generated please rescan with aswMBR & OTL and post the logs in your next reply.

In your next post please provide the following:
  • Post the logs if they were generated
  • Progress on defragging the hard drive
  • If logs were not generated please rescan with aswMBR & OTL and post the logs in your next reply.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 15 October 2013 - 06:56 AM

Dear OCD,

I'm uninstalling Ad-aware as I'm writing this.

Avast appears to have finished scanning. I do see an ASW log on the desktop, and I've copied and pasted it below. I've also attached the MBR zip file.

Beatles4Life


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-14 22:06:56
-----------------------------
22:06:56.921 OS Version: Windows 5.1.2600 Service Pack 3
22:06:56.921 Number of processors: 2 586 0xE08
22:06:56.921 ComputerName: YOUR-EB98910CC7 UserName: I K
22:06:58.484 Initialize success
22:13:57.406 AVAST engine defs: 13101400
22:14:13.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:14:13.343 Disk 0 Vendor: WDC_WD2500BEVT-75A23T0 01.01A01 Size: 238475MB BusType: 3
22:14:13.593 Disk 0 MBR read successfully
22:14:13.593 Disk 0 MBR scan
22:14:13.828 Disk 0 Windows XP default MBR code
22:14:13.843 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 143243 MB offset 63
22:14:13.843 Disk 0 Partition - 00 0F Extended LBA 95229 MB offset 293362965
22:14:13.875 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 95229 MB offset 293363028
22:14:13.906 Disk 0 scanning sectors +488392065
22:14:14.062 Disk 0 scanning C:\WINDOWS\system32\drivers
22:14:43.593 Service scanning
22:15:16.843 Modules scanning
22:15:27.671 Disk 0 trace - called modules:
22:15:27.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:15:27.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f25ab8]
22:15:27.687 3 CLASSPNP.SYS[f767cfd7] -> nt!IofCallDriver -> \Device\0000008b[0x86fa5a60]
22:15:27.687 5 ACPI.sys[f74f3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f78d98]
22:15:29.187 AVAST engine scan C:\WINDOWS
22:15:53.921 AVAST engine scan C:\WINDOWS\system32
22:21:09.796 AVAST engine scan C:\WINDOWS\system32\drivers
22:21:43.046 AVAST engine scan C:\Documents and Settings\I K
22:24:25.031 AVAST engine scan C:\Documents and Settings\All Users
23:36:47.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\I K\Desktop\MBR.dat"
23:36:51.734 The log file has been saved successfully to "C:\Documents and Settings\I K\Desktop\aswMBR_log.txt"

Attached Files

  • Attached File  MBR.zip   513bytes   103 downloads

I love The Beatles and The Beatles love me.

#10 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 15 October 2013 - 07:15 AM

Hello OCD,

Just a small addendum to my last post: I've just finished uninstalling Ad-Aware and have disabled the Windows Firewall as well (I couldn't find the firewall engine). I am now defragmenting the 'C' drive and will let you know what happens when it finishes.

Thanks,
Beatles4Life

I love The Beatles and The Beatles love me.

    Advertisements

Register to Remove


#11 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 15 October 2013 - 05:20 PM

Hello OCD,

The defragging programme has just finished. I'm now going to restart the computer and then run OTL.

Thanks,
Beatles4Life

I love The Beatles and The Beatles love me.

#12 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 15 October 2013 - 05:42 PM

The computer has restarted. I was just about to run OTL when suddenly a blue screen with white text flashed on the screen for half a second, told me there was some sort of problem (I couldn't read it fast enough to tell what the problem was exactly), and then the computer restarted itself yet again.

Once it finished rebooting, I got a message saying that 'Microsoft has recovered from a serious error.' When I tried to send the error report, I suddenly got a message saying that the wireless connection (which has been working just fine on that computer until then) was unavailable.

I am now running OTL and will attach that log in my next post.

Thanks,
Beatles4Life

I love The Beatles and The Beatles love me.

#13 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 15 October 2013 - 06:12 PM

Hello OCD,

Here are the results of the OTL scan.

Thanks,
Beatles4Life


OTL logfile created on: 16/10/2013 00:41:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\I K\Desktop\HSG_wtt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 387.95 Mb Available Physical Memory | 37.91% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.85 Gb Total Space | 102.20 Gb Free Space | 73.08% Space Free | Partition Type: FAT32
Drive D: | 92.97 Gb Total Space | 92.97 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-EB98910CC7 | User Name: I K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\I K\Desktop\HSG_wtt\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper\IeHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
PRC - C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe (Lavasoft)
PRC - C:\Documents and Settings\I K\Local Settings\Application Data\Updater32912\Updater32912.exe (Innovative Apps)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()


========== Services (SafeList) ==========

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PSUAService) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (PACSPTISVR-Sound_Organizer) -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe (Sony Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (PersonalSecureDriveService) -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (bdftdif) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys File not found
DRV - (Bdfndisf) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NNSHTTPS) -- C:\WINDOWS\system32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\WINDOWS\system32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\WINDOWS\system32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\WINDOWS\system32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\WINDOWS\system32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\WINDOWS\system32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\WINDOWS\system32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\WINDOWS\system32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\WINDOWS\system32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\WINDOWS\system32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSPIHS) -- C:\WINDOWS\system32\drivers\NNSpihs.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\WINDOWS\system32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\WINDOWS\system32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (NNSNAHS) -- C:\WINDOWS\system32\drivers\NNSNAHS.sys (Panda Security, S.L.)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch...69739525988D799
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/14 22:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Extensions
[2012/02/20 20:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions
[2013/10/12 18:37:34 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/10/13 19:10:50 | 000,000,000 | ---D | M] (Spy Alert) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\support@spyalertapp.com
[2013/10/11 21:34:24 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/13 17:24:50 | 000,487,348 | ---- | M] () (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\PrivDog@AdTrustMedia.com.xpi
[2013/10/01 21:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 21:58:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/02/15 20:01:58 | 000,441,696 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 15182 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Searchcore Toolbar) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - C:\Program Files\Searchcore Toolbar\Datamngr\ToolBar\searchcoredtx.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe (Lavasoft)
O4 - HKLM..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Updater32912.exe] C:\Documents and Settings\I K\Local Settings\Application Data\Updater32912\Updater32912.exe (Innovative Apps)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A44DD6C6-363E-49FD-A167-F7C7AC810A96}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\I K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\I K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/08 19:01:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

R\QUICK LAUNCH\*.LNK /X
%USERPROFILE%\DESKTOP\*.EXE
%PROGRAMFILES%\COMMON FILES\*.*
%SYSTEMROOT%\*.SRC
%SYSTEMROOT%\INSTALL\*.*
%SYSTEMROOT%\SYSTEM32\DLL\*.*
%SYSTEMROOT%\SYSTEM32\HELPFILES\*.*
%SYSTEMROOT%\SYSTEM32\RUNDLL\*.*
%SYSTEMROOT%\WINN32\*.*
%SYSTEMROOT%\JAVA\*.*
%SYSTEMROOT%\SYSTEM32\TEST\*.*
%SYSTEMROOT%\SYSTEM32\RUNDLL32\*.*
%SYSTEMROOT%\APPPATCH\CUSTOM\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\AU
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\AUTO UPDATE\RESULTS\INSTALL|LASTSUCCESSTIME /RS
BASESERVICES
DRIVES
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/14 21:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Desktop\HSG_wtt
[2013/10/13 19:10:05 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2013/10/13 18:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpyAlert
[2013/10/13 18:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/10/13 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/10/13 17:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia
[2013/10/13 17:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/10/13 17:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/10/13 17:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/10/13 17:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Local Settings\Application Data\COMODO
[2013/10/12 22:40:02 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/10/12 19:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/12 19:57:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/12 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/12 19:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Application Data\LavasoftStatistics
[2013/10/12 19:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2013/10/12 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2013/10/12 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/10/12 18:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Local Settings\Application Data\adawarebp
[2013/10/12 18:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/10/12 18:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/10/12 18:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Application Data\adawaretb
[2013/10/12 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/10/12 18:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Desktop\For HSG's lappy
[2013/10/11 23:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/10/11 23:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/10/11 23:00:58 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2013/10/10 13:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RHelpers
[2013/10/10 13:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Updater
[2013/10/10 09:51:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/10 09:51:30 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/10 09:51:29 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/10 09:51:29 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/10 09:50:23 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/10 09:50:23 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/10 09:50:23 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/10 09:50:23 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/01 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\I K\Desktop\*.tmp files -> C:\Documents and Settings\I K\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/16 00:40:00 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\I K\Desktop\~$l_text_to_paste.rtf
[2013/10/16 00:32:30 | 000,033,099 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/10/16 00:32:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/16 00:31:56 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 00:18:38 | 002,397,045 | ---- | M] () -- C:\WINDOWS\TempCloudAV1015123901_604.csv
[2013/10/15 23:56:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/15 13:45:20 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\MBR.zip
[2013/10/14 23:36:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\MBR.dat
[2013/10/14 22:26:14 | 000,125,054 | ---- | M] () -- C:\WINDOWS\TempCloudAV1013181002_400.csv
[2013/10/14 21:57:58 | 000,003,323 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\otl_text_to_paste.rtf
[2013/10/13 19:04:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/10/13 18:19:44 | 001,260,332 | ---- | M] () -- C:\WINDOWS\TempCloudAV1013165553_820.csv
[2013/10/12 22:52:14 | 000,249,484 | ---- | M] () -- C:\WINDOWS\TempCloudAV1012214423_396.csv
[2013/10/12 19:57:18 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 19:15:20 | 000,088,698 | ---- | M] () -- C:\WINDOWS\TempCloudAV1011231939_1884.csv
[2013/10/12 00:13:14 | 000,002,150 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/10/11 23:13:46 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\I K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/11 23:13:46 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\Spybot - Search & Destroy.lnk
[2013/10/11 21:37:24 | 001,165,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV1011192334_1316.csv
[2013/10/11 20:23:02 | 003,540,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/11 20:22:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/10 14:39:50 | 003,334,126 | ---- | M] () -- C:\WINDOWS\TempCloudAV1010084657_1228.csv
[2013/10/10 14:38:02 | 000,506,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/10 14:38:02 | 000,089,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/10 14:33:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/08 18:58:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/08 18:58:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/07 17:30:20 | 001,038,843 | ---- | M] () -- C:\WINDOWS\TempCloudAV1007142727_568.csv
[2013/10/06 22:47:22 | 000,457,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV1006182720_944.csv
[2013/10/06 01:21:24 | 001,263,034 | ---- | M] () -- C:\WINDOWS\TempCloudAV1005135905_660.csv
[2013/10/03 18:37:10 | 001,629,999 | ---- | M] () -- C:\WINDOWS\TempCloudAV1003135147_872.csv
[2013/10/01 23:07:44 | 001,558,472 | ---- | M] () -- C:\WINDOWS\TempCloudAV1001191628_900.csv
[2013/10/01 20:15:02 | 000,038,543 | ---- | M] () -- C:\WINDOWS\TempCloudAV1001191122_972.csv
[2013/09/29 04:25:08 | 000,561,199 | ---- | M] () -- C:\WINDOWS\TempCloudAV0928105939_1192.csv
[2013/09/29 02:00:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-YOUR-EB98910CC7-I K.job
[2013/09/28 00:02:38 | 001,394,079 | ---- | M] () -- C:\WINDOWS\TempCloudAV0927131145_868.csv
[2013/09/27 09:49:06 | 000,583,185 | ---- | M] () -- C:\WINDOWS\TempCloudAV0927083429_1460.csv
[2013/09/26 19:24:58 | 000,874,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV0926171501_1360.csv
[2013/09/24 22:44:10 | 000,607,427 | ---- | M] () -- C:\WINDOWS\TempCloudAV0924152019_672.csv
[2013/09/24 11:41:04 | 000,626,536 | ---- | M] () -- C:\WINDOWS\TempCloudAV0924102808_424.csv
[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/09/23 19:33:58 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/09/23 19:33:58 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/09/23 19:33:58 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/09/23 19:33:58 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/09/23 19:33:58 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/09/23 19:33:58 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/09/23 19:33:58 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/09/23 19:33:58 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/09/23 19:33:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/09/23 19:33:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/09/23 19:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/09/23 19:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/09/23 19:33:58 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/09/23 19:33:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/09/23 19:33:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/09/23 19:33:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/09/23 19:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/09/23 19:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/09/23 19:33:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/09/23 19:33:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/09/23 19:33:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/09/23 19:33:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/09/23 19:33:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/09/23 19:33:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/09/23 19:33:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/09/23 19:33:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/09/23 19:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/09/23 19:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/09/23 19:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2013/09/23 19:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2013/09/23 19:06:48 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/09/22 14:53:14 | 000,087,422 | ---- | M] () -- C:\WINDOWS\TempCloudAV0922130405_772.csv
[2013/09/21 21:46:50 | 000,505,915 | ---- | M] () -- C:\WINDOWS\TempCloudAV0921190244_660.csv
[2013/09/21 20:01:56 | 000,006,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/09/21 20:01:36 | 000,151,030 | ---- | M] () -- C:\WINDOWS\TempCloudAV0921175619_564.csv
[2013/09/18 21:07:52 | 001,042,247 | ---- | M] () -- C:\WINDOWS\TempCloudAV0918173224_660.csv
[2013/09/18 09:00:20 | 000,285,066 | ---- | M] () -- C:\WINDOWS\TempCloudAV0918072852_428.csv
[2013/09/17 09:44:00 | 000,496,583 | ---- | M] () -- C:\WINDOWS\TempCloudAV0916175442_280.csv
[2013/09/16 18:50:30 | 000,244,849 | ---- | M] () -- C:\WINDOWS\TempCloudAV0916172713_768.csv
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\I K\Desktop\*.tmp files -> C:\Documents and Settings\I K\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 00:40:00 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\I \Desktop\~$l_text_to_paste.rtf
[2013/10/16 00:37:02 | 000,003,323 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\otl_text_to_paste.rtf
[2013/10/15 13:45:18 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\MBR.zip
[2013/10/15 13:39:35 | 002,397,045 | ---- | C] () -- C:\WINDOWS\TempCloudAV1015123901_604.csv
[2013/10/14 23:36:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\MBR.dat
[2013/10/14 21:58:33 | 000,125,054 | ---- | C] () -- C:\WINDOWS\TempCloudAV1013181002_400.csv
[2013/10/13 17:56:29 | 001,260,332 | ---- | C] () -- C:\WINDOWS\TempCloudAV1013165553_820.csv
[2013/10/12 22:44:39 | 000,249,484 | ---- | C] () -- C:\WINDOWS\TempCloudAV1012214423_396.csv
[2013/10/12 19:57:16 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 18:32:41 | 000,088,698 | ---- | C] () -- C:\WINDOWS\TempCloudAV1011231939_1884.csv
[2013/10/12 00:19:01 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/11 23:13:45 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\I K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/11 23:13:45 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\Spybot - Search & Destroy.lnk
[2013/10/11 20:33:10 | 001,165,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV1011192334_1316.csv
[2013/10/10 09:47:10 | 003,334,126 | ---- | C] () -- C:\WINDOWS\TempCloudAV1010084657_1228.csv
[2013/10/07 15:27:45 | 001,038,843 | ---- | C] () -- C:\WINDOWS\TempCloudAV1007142727_568.csv
[2013/10/06 19:27:34 | 000,457,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV1006182720_944.csv
[2013/10/05 14:59:19 | 001,263,034 | ---- | C] () -- C:\WINDOWS\TempCloudAV1005135905_660.csv
[2013/10/03 14:52:04 | 001,629,999 | ---- | C] () -- C:\WINDOWS\TempCloudAV1003135147_872.csv
[2013/10/01 20:16:46 | 001,558,472 | ---- | C] () -- C:\WINDOWS\TempCloudAV1001191628_900.csv
[2013/10/01 20:11:43 | 000,038,543 | ---- | C] () -- C:\WINDOWS\TempCloudAV1001191122_972.csv
[2013/09/28 11:59:53 | 000,561,199 | ---- | C] () -- C:\WINDOWS\TempCloudAV0928105939_1192.csv
[2013/09/27 14:12:02 | 001,394,079 | ---- | C] () -- C:\WINDOWS\TempCloudAV0927131145_868.csv
[2013/09/27 09:34:43 | 000,583,185 | ---- | C] () -- C:\WINDOWS\TempCloudAV0927083429_1460.csv
[2013/09/26 18:15:22 | 000,874,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV0926171501_1360.csv
[2013/09/24 16:28:00 | 000,607,427 | ---- | C] () -- C:\WINDOWS\TempCloudAV0924152019_672.csv
[2013/09/24 11:28:24 | 000,626,536 | ---- | C] () -- C:\WINDOWS\TempCloudAV0924102808_424.csv
[2013/09/22 14:25:44 | 000,087,422 | ---- | C] () -- C:\WINDOWS\TempCloudAV0922130405_772.csv
[2013/09/21 20:03:00 | 000,505,915 | ---- | C] () -- C:\WINDOWS\TempCloudAV0921190244_660.csv
[2013/09/21 20:01:55 | 000,006,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/09/21 19:20:40 | 000,151,030 | ---- | C] () -- C:\WINDOWS\TempCloudAV0921175619_564.csv
[2013/09/19 19:05:52 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/18 18:32:39 | 001,042,247 | ---- | C] () -- C:\WINDOWS\TempCloudAV0918173224_660.csv
[2013/09/18 08:29:11 | 000,285,066 | ---- | C] () -- C:\WINDOWS\TempCloudAV0918072852_428.csv
[2013/09/16 18:55:06 | 000,496,583 | ---- | C] () -- C:\WINDOWS\TempCloudAV0916175442_280.csv
[2013/09/16 18:27:31 | 000,244,849 | ---- | C] () -- C:\WINDOWS\TempCloudAV0916172713_768.csv
[2013/09/03 20:12:30 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/24 20:00:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0x0304A000.sfl
[2012/03/14 22:39:49 | 000,002,150 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/17 22:54:10 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 21:53:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 18:55:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012/01/17 18:55:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012/01/17 18:55:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\I K\Application Data\$_hpcst$.hpc
[2012/01/17 18:53:07 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2012/01/17 18:53:07 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2012/01/17 18:53:02 | 097,979,392 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2011/08/15 17:31:51 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\fusioncache.dat
[2011/08/14 17:55:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

========== ZeroAccess Check ==========

[2011/08/14 14:56:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 20:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/08/08 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2011/08/12 17:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/01/17 22:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/01/22 17:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper
[2012/02/25 12:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/05/06 16:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/05/06 16:36:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/05/06 16:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/05/06 17:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2013/05/28 15:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/28 15:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/10/10 13:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Updater
[2013/10/10 13:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RHelpers
[2013/10/12 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/10/12 18:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/10/12 18:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2013/10/12 19:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2013/10/13 17:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/10/13 18:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpyAlert
[2011/08/08 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\Infineon
[2011/08/22 14:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/09/30 19:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/17 18:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\Samsung
[2012/01/17 22:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\PC Suite
[2012/01/22 15:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\ElevatedDiagnostics
[2012/01/22 16:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\searchcoretoolbar
[2012/02/20 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\searchcoreband
[2012/02/23 21:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\Opera
[2013/01/16 12:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\ICAClient
[2013/05/06 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\Panda Security
[2013/05/28 15:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\player
[2013/08/08 22:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/08/10 15:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\BBCiPlayerDesktop
[2013/09/03 20:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\SeeSimilar02
[2013/09/03 20:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\PerformerSoft
[2013/10/12 18:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\I K\Application Data\adawaretb

========== Purity Check ==========



< End of report >
I love The Beatles and The Beatles love me.

#14 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 15 October 2013 - 06:15 PM

Dear OCD,

And here is the Extras log.

Thanks,
Beatles4Life


OTL Extras logfile created on: 16/10/2013 00:41:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\I K\Desktop\HSG_wtt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 387.95 Mb Available Physical Memory | 37.91% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.85 Gb Total Space | 102.20 Gb Free Space | 73.08% Space Free | Partition Type: FAT32
Drive D: | 92.97 Gb Total Space | 92.97 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-EB98910CC7 | User Name: I K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Documents and Settings\I K\Application Data\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\OPERA.EXE" = C:\Program Files\Opera\OPERA.EXE:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe" = C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe:*:Enabled:Ad-Aware Security Add-on DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010813A5-CE68-4C86-96F4-11CAEA3E6292}" = Sound Organizer
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2A8CF485-5A4D-4C7D-8ACF-4AB98914D529}" = Infineon TPM Professional Package
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{423A9ABA-E167-42F4-9715-485F17843750}" = Panda Cloud Antivirus
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"adawaretb" = Ad-Aware Security Add-on
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebCam, 1.3M, USB2.0, FF" = ASUS WebCam, 1.3M, USB2.0, FF
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"HaaliMkx" = Haali Media Splitter
"HControl" = ATK0100 ACPI UTILITY
"ie8" = Windows Internet Explorer 8
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"PrivDog" = PrivDog
"ProInst" = Intel® PROSet/Wireless Software
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Supreme Savings Plugin" = Supreme Savings Plugin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Searchcore Toolbar" = Searchcore Toolbar
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/10/2013 08:49:45 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024894. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 15/10/2013 08:49:45 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

Error - 15/10/2013 08:51:57 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.

Error - 15/10/2013 08:52:01 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error - 15/10/2013 08:52:10 | Computer Name = YOUR-EB98910CC7 | Source = NativeWrapper | ID = 5000
Description =

Error - 15/10/2013 08:52:34 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024894. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 15/10/2013 08:52:34 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003 Junk E-mail Filter (KB2826021): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft....k/?LinkId=23127

Error - 15/10/2013 08:52:57 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Professional Edition 2003 -- Error 25090.
Office Setup encountered a problem with the Office Source Engine, system error:
-2147024894. Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM
and look for "Office Source Engine" for information on how to resolve this problem.

Error - 15/10/2013 08:52:57 | Computer Name = YOUR-EB98910CC7 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003 Junk E-mail Filter (KB2760754): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft....k/?LinkId=23127

Error - 15/10/2013 19:18:05 | Computer Name = YOUR-EB98910CC7 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BE from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 15/10/2013 08:52:16 | Computer Name = YOUR-EB98910CC7 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error - 15/10/2013 08:52:34 | Computer Name = YOUR-EB98910CC7 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 15/10/2013 08:52:39 | Computer Name = YOUR-EB98910CC7 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2826021).

Error - 15/10/2013 08:52:57 | Computer Name = YOUR-EB98910CC7 | Source = Service Control Manager | ID = 7000
Description = The Office Source Engine service failed to start due to the following
error: %%2

Error - 15/10/2013 08:57:36 | Computer Name = YOUR-EB98910CC7 | Source = Service Control Manager | ID = 7034
Description = The Ad-Aware Service 11 service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/10/2013 08:59:15 | Computer Name = YOUR-EB98910CC7 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2760754).

Error - 15/10/2013 19:18:05 | Computer Name = YOUR-EB98910CC7 | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 15/10/2013 19:23:59 | Computer Name = YOUR-EB98910CC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
bdftdif

Error - 15/10/2013 19:32:46 | Computer Name = YOUR-EB98910CC7 | Source = System Error | ID = 1003
Description = Error code 000000ca, parameter1 00000001, parameter2 858a56d8, parameter3
85788400, parameter4 00000000.

Error - 15/10/2013 19:33:09 | Computer Name = YOUR-EB98910CC7 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
bdftdif


< End of report >
I love The Beatles and The Beatles love me.

#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 October 2013 - 10:08 PM

Hi beatles4life,

Please post all logs requested into one reply, unless the forum dictates the reply is too large. :thumbup:

=========================

Posted Image AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

Posted Image Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

Posted Image Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • JRT.txt
  • OTL.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users