Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removing a programme called Spy Alert [Solved]


  • This topic is locked This topic is locked
73 replies to this topic

#16 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 16 October 2013 - 08:39 AM

Dear OCD,

Sorry about the multiple log posts. It was a bit late when I wrote them.

I've just booted up the computer, and it seems much livelier than before. The only two unusual things thus far are that the computer no longer recognises the wireless connection and that every time I reboot, I get a message saying Windows needs to check one of the disks for consistency.

Thanks,
Beatles4Life

I love The Beatles and The Beatles love me.

    Advertisements

Register to Remove


#17 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 16 October 2013 - 09:36 AM

Here's the AdwCleaner log:

# AdwCleaner v3.007 - Report created 16/10/2013 at 15:34:11
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : I K - YOUR-EB98910CC7
# Running from : C:\Documents and Settings\I K\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserProtect
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Search Protection
Folder Deleted : C:\Program Files\searchcore toolbar
Folder Deleted : C:\Program Files\Yontoo Layers Runtime
Folder Deleted : C:\Documents and Settings\I K\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\I K\Application Data\adawaretb
Folder Deleted : C:\Documents and Settings\I K\Application Data\PerformerSoft
Folder Deleted : C:\Documents and Settings\I K\Application Data\SeeSimilar02
Folder Deleted : C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\adawaretb
Folder Deleted : C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\ConduitCommon
File Deleted : C:\Documents and Settings\I K\Desktop\SpeedAnalysis.lnk
File Deleted : C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\invalidprefs.js
File Deleted : C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKCU\Software\8558fd9b26dee45
Key Deleted : HKLM\SOFTWARE\8558fd9b26dee45
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater32912.exe]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF6AC4F2-9825-4FB6-A600-92BC5361F209}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AF6AC4F2-9825-4FB6-A600-92BC5361F209}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DynConIE
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Supreme Savings Plugin
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\SearchcoreMediabarTb
Key Deleted : HKLM\Software\Supreme Savings Plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchcore Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Supreme Savings Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchcore Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\prefs.js ]

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109400&tt=060612_8_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "cca06a240000000000000013024cd31d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "cca06a240000000000000013024cd31d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15518");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:43:55");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "cca06a240000000000000013024cd31d");
Line Deleted : user_pref("extensions.delta.instlDay", "15853");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.515:00:38");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=120519&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.dynconff.cache.lucky777.me.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1536_1164_1524_1146_1169_1348_1427_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\[...]
Line Deleted : user_pref("extensions.dynconff.cache.trustedads.adtrustmedia.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1536_1164_1524_1146_1169_1348_1427_1482_1493_1521\"><content id=\"MB_P1\"[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.comodo.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1536_1164_1524_1146_1169_1348_1427_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.hpylgr.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1536_1164_1524_1146_1169_1348_1427_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>[...]

*************************

AdwCleaner[R0].txt - [12270 octets] - [16/10/2013 15:31:46]
AdwCleaner[S0].txt - [12393 octets] - [16/10/2013 15:34:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12454 octets] ##########


Here's the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by I K on 16/10/2013 at 15:43:57.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-127915267-1111240725-3270169908-1005\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-127915267-1111240725-3270169908-1005\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322292212}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366296612}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366296612}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\I K\Local Settings\Application Data\adawarebp"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Documents and Settings\I K\Application Data\mozilla\firefox\profiles\zeijqalt.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Documents and Settings\I K\Application Data\mozilla\firefox\profiles\zeijqalt.default\prefs.js

user_pref("extensions.dynconff.JS.SFMNAppData", "%5B%7B%22d%22%3A%22www.lavasoft.com%22%2C%22t%22%3A1381600347943%2C%22f%22%3A%5B%222%22%2C%2288%22%5D%7D%2C%7B%22d%22%3A%22sec
user_pref("extensions.trusted-ads.TrustAd", "{\"r\":[{\"t\":\"FQDN\",\"r\":\"trustedads.adtrustmedia.com\",\"c\":[{\"i\":\"1\",\"s\":[\"live.sekindo.com\",\"a.iogous.com\",\"w
user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_5&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/10/2013 at 15:59:01.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And, last, but not least, here's the newer OTL log:


OTL logfile created on: 16/10/2013 16:05:37 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\I K\Desktop\HSG_wtt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 444.88 Mb Available Physical Memory | 43.48% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.85 Gb Total Space | 102.02 Gb Free Space | 72.95% Space Free | Partition Type: FAT32
Drive D: | 92.97 Gb Total Space | 92.97 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-EB98910CC7 | User Name: I K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\I K\Desktop\HSG_wtt\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper\IeHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()


========== Services (SafeList) ==========

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PSUAService) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (PACSPTISVR-Sound_Organizer) -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe (Sony Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (PersonalSecureDriveService) -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (bdftdif) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys File not found
DRV - (Bdfndisf) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NNSHTTPS) -- C:\WINDOWS\system32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\WINDOWS\system32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\WINDOWS\system32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\WINDOWS\system32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\WINDOWS\system32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\WINDOWS\system32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\WINDOWS\system32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\WINDOWS\system32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\WINDOWS\system32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\WINDOWS\system32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSPIHS) -- C:\WINDOWS\system32\drivers\NNSpihs.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\WINDOWS\system32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\WINDOWS\system32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (NNSNAHS) -- C:\WINDOWS\system32\drivers\NNSNAHS.sys (Panda Security, S.L.)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/14 22:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Extensions
[2012/02/20 20:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions
[2013/10/13 19:10:50 | 000,000,000 | ---D | M] (Spy Alert) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\support@spyalertapp.com
[2013/10/11 21:34:24 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/13 17:24:50 | 000,487,348 | ---- | M] () (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\PrivDog@AdTrustMedia.com.xpi
[2013/10/01 21:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 21:58:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\I K\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ZEIJQALT.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}

O1 HOSTS File: ([2012/02/15 20:01:58 | 000,441,696 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 15182 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A44DD6C6-363E-49FD-A167-F7C7AC810A96}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\I K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\I K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/08 19:01:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/16 15:43:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/16 15:40:02 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2013/10/16 15:31:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/16 15:30:14 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\I K\Desktop\JRT.exe
[2013/10/14 21:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Desktop\HSG_wtt
[2013/10/13 18:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpyAlert
[2013/10/13 18:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/10/13 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/10/13 17:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia
[2013/10/13 17:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/10/13 17:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/10/13 17:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/10/13 17:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Local Settings\Application Data\COMODO
[2013/10/12 22:40:02 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/10/12 19:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/12 19:57:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/12 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/12 19:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Application Data\LavasoftStatistics
[2013/10/12 19:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2013/10/12 18:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/10/12 18:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/10/12 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/10/12 18:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Desktop\For HSG's lappy
[2013/10/11 23:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/10/11 23:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/10/11 23:00:58 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2013/10/10 13:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RHelpers
[2013/10/10 13:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Updater
[2013/10/10 09:51:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/10 09:51:30 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/10 09:51:29 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/10 09:51:29 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/10 09:50:23 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/10 09:50:23 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/10 09:50:23 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/10 09:50:23 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/01 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\I K\Desktop\*.tmp files -> C:\Documents and Settings\I K\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/16 16:16:16 | 000,111,470 | ---- | M] () -- C:\WINDOWS\TempCloudAV1016143959_1196.csv
[2013/10/16 15:56:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/16 15:39:56 | 000,033,099 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/10/16 15:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/16 15:39:16 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 15:34:52 | 000,182,155 | ---- | M] () -- C:\WINDOWS\TempCloudAV1016142758_1256.csv
[2013/10/16 15:09:56 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\I K\Desktop\JRT.exe
[2013/10/16 15:07:30 | 001,048,960 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\AdwCleaner.exe
[2013/10/16 00:18:38 | 002,397,045 | ---- | M] () -- C:\WINDOWS\TempCloudAV1015123901_604.csv
[2013/10/15 13:45:20 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\MBR.zip
[2013/10/14 23:36:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\MBR.dat
[2013/10/14 22:26:14 | 000,125,054 | ---- | M] () -- C:\WINDOWS\TempCloudAV1013181002_400.csv
[2013/10/14 21:57:58 | 000,003,323 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\otl_text_to_paste.rtf
[2013/10/13 19:04:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/10/13 18:19:44 | 001,260,332 | ---- | M] () -- C:\WINDOWS\TempCloudAV1013165553_820.csv
[2013/10/12 22:52:14 | 000,249,484 | ---- | M] () -- C:\WINDOWS\TempCloudAV1012214423_396.csv
[2013/10/12 19:57:18 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 19:15:20 | 000,088,698 | ---- | M] () -- C:\WINDOWS\TempCloudAV1011231939_1884.csv
[2013/10/12 00:13:14 | 000,002,150 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/10/11 23:13:46 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\I K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/11 23:13:46 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\Spybot - Search & Destroy.lnk
[2013/10/11 21:37:24 | 001,165,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV1011192334_1316.csv
[2013/10/11 20:23:02 | 003,540,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/11 20:22:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/10 14:39:50 | 003,334,126 | ---- | M] () -- C:\WINDOWS\TempCloudAV1010084657_1228.csv
[2013/10/10 14:38:02 | 000,506,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/10 14:38:02 | 000,089,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/10 14:33:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/08 18:58:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/08 18:58:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/07 17:30:20 | 001,038,843 | ---- | M] () -- C:\WINDOWS\TempCloudAV1007142727_568.csv
[2013/10/06 22:47:22 | 000,457,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV1006182720_944.csv
[2013/10/06 01:21:24 | 001,263,034 | ---- | M] () -- C:\WINDOWS\TempCloudAV1005135905_660.csv
[2013/10/03 18:37:10 | 001,629,999 | ---- | M] () -- C:\WINDOWS\TempCloudAV1003135147_872.csv
[2013/10/01 23:07:44 | 001,558,472 | ---- | M] () -- C:\WINDOWS\TempCloudAV1001191628_900.csv
[2013/10/01 20:15:02 | 000,038,543 | ---- | M] () -- C:\WINDOWS\TempCloudAV1001191122_972.csv
[2013/09/29 04:25:08 | 000,561,199 | ---- | M] () -- C:\WINDOWS\TempCloudAV0928105939_1192.csv
[2013/09/29 02:00:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-YOUR-EB98910CC7-I K.job
[2013/09/28 00:02:38 | 001,394,079 | ---- | M] () -- C:\WINDOWS\TempCloudAV0927131145_868.csv
[2013/09/27 09:49:06 | 000,583,185 | ---- | M] () -- C:\WINDOWS\TempCloudAV0927083429_1460.csv
[2013/09/26 19:24:58 | 000,874,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV0926171501_1360.csv
[2013/09/24 22:44:10 | 000,607,427 | ---- | M] () -- C:\WINDOWS\TempCloudAV0924152019_672.csv
[2013/09/24 11:41:04 | 000,626,536 | ---- | M] () -- C:\WINDOWS\TempCloudAV0924102808_424.csv
[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/09/23 19:33:58 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/09/23 19:33:58 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/09/23 19:33:58 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/09/23 19:33:58 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/09/23 19:33:58 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/09/23 19:33:58 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/09/23 19:33:58 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/09/23 19:33:58 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/09/23 19:33:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/09/23 19:33:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/09/23 19:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/09/23 19:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/09/23 19:33:58 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/09/23 19:33:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/09/23 19:33:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/09/23 19:33:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/09/23 19:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/09/23 19:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/09/23 19:33:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/09/23 19:33:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/09/23 19:33:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/09/23 19:33:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/09/23 19:33:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/09/23 19:33:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/09/23 19:33:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/09/23 19:33:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/09/23 19:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/09/23 19:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/09/23 19:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2013/09/23 19:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2013/09/23 19:06:48 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/09/22 14:53:14 | 000,087,422 | ---- | M] () -- C:\WINDOWS\TempCloudAV0922130405_772.csv
[2013/09/21 21:46:50 | 000,505,915 | ---- | M] () -- C:\WINDOWS\TempCloudAV0921190244_660.csv
[2013/09/21 20:01:56 | 000,006,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/09/21 20:01:36 | 000,151,030 | ---- | M] () -- C:\WINDOWS\TempCloudAV0921175619_564.csv
[2013/09/18 21:07:52 | 001,042,247 | ---- | M] () -- C:\WINDOWS\TempCloudAV0918173224_660.csv
[2013/09/18 09:00:20 | 000,285,066 | ---- | M] () -- C:\WINDOWS\TempCloudAV0918072852_428.csv
[2013/09/17 09:44:00 | 000,496,583 | ---- | M] () -- C:\WINDOWS\TempCloudAV0916175442_280.csv
[2013/09/16 18:50:30 | 000,244,849 | ---- | M] () -- C:\WINDOWS\TempCloudAV0916172713_768.csv
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\I K\Desktop\*.tmp files -> C:\Documents and Settings\I K\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 15:40:21 | 000,075,387 | ---- | C] () -- C:\WINDOWS\TempCloudAV1016143959_1196.csv
[2013/10/16 15:29:57 | 001,048,960 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\AdwCleaner.exe
[2013/10/16 15:28:17 | 000,182,155 | ---- | C] () -- C:\WINDOWS\TempCloudAV1016142758_1256.csv
[2013/10/16 00:37:02 | 000,003,323 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\otl_text_to_paste.rtf
[2013/10/15 13:45:18 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\MBR.zip
[2013/10/15 13:39:35 | 002,397,045 | ---- | C] () -- C:\WINDOWS\TempCloudAV1015123901_604.csv
[2013/10/14 23:36:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\MBR.dat
[2013/10/14 21:58:33 | 000,125,054 | ---- | C] () -- C:\WINDOWS\TempCloudAV1013181002_400.csv
[2013/10/13 17:56:29 | 001,260,332 | ---- | C] () -- C:\WINDOWS\TempCloudAV1013165553_820.csv
[2013/10/12 22:44:39 | 000,249,484 | ---- | C] () -- C:\WINDOWS\TempCloudAV1012214423_396.csv
[2013/10/12 19:57:16 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 18:32:41 | 000,088,698 | ---- | C] () -- C:\WINDOWS\TempCloudAV1011231939_1884.csv
[2013/10/12 00:19:01 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/11 23:13:45 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\I K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/11 23:13:45 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\Spybot - Search & Destroy.lnk
[2013/10/11 20:33:10 | 001,165,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV1011192334_1316.csv
[2013/10/10 09:47:10 | 003,334,126 | ---- | C] () -- C:\WINDOWS\TempCloudAV1010084657_1228.csv
[2013/10/07 15:27:45 | 001,038,843 | ---- | C] () -- C:\WINDOWS\TempCloudAV1007142727_568.csv
[2013/10/06 19:27:34 | 000,457,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV1006182720_944.csv
[2013/10/05 14:59:19 | 001,263,034 | ---- | C] () -- C:\WINDOWS\TempCloudAV1005135905_660.csv
[2013/10/03 14:52:04 | 001,629,999 | ---- | C] () -- C:\WINDOWS\TempCloudAV1003135147_872.csv
[2013/10/01 20:16:46 | 001,558,472 | ---- | C] () -- C:\WINDOWS\TempCloudAV1001191628_900.csv
[2013/10/01 20:11:43 | 000,038,543 | ---- | C] () -- C:\WINDOWS\TempCloudAV1001191122_972.csv
[2013/09/28 11:59:53 | 000,561,199 | ---- | C] () -- C:\WINDOWS\TempCloudAV0928105939_1192.csv
[2013/09/27 14:12:02 | 001,394,079 | ---- | C] () -- C:\WINDOWS\TempCloudAV0927131145_868.csv
[2013/09/27 09:34:43 | 000,583,185 | ---- | C] () -- C:\WINDOWS\TempCloudAV0927083429_1460.csv
[2013/09/26 18:15:22 | 000,874,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV0926171501_1360.csv
[2013/09/24 16:28:00 | 000,607,427 | ---- | C] () -- C:\WINDOWS\TempCloudAV0924152019_672.csv
[2013/09/24 11:28:24 | 000,626,536 | ---- | C] () -- C:\WINDOWS\TempCloudAV0924102808_424.csv
[2013/09/22 14:25:44 | 000,087,422 | ---- | C] () -- C:\WINDOWS\TempCloudAV0922130405_772.csv
[2013/09/21 20:03:00 | 000,505,915 | ---- | C] () -- C:\WINDOWS\TempCloudAV0921190244_660.csv
[2013/09/21 20:01:55 | 000,006,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/09/21 19:20:40 | 000,151,030 | ---- | C] () -- C:\WINDOWS\TempCloudAV0921175619_564.csv
[2013/09/19 19:05:52 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/18 18:32:39 | 001,042,247 | ---- | C] () -- C:\WINDOWS\TempCloudAV0918173224_660.csv
[2013/09/18 08:29:11 | 000,285,066 | ---- | C] () -- C:\WINDOWS\TempCloudAV0918072852_428.csv
[2013/09/16 18:55:06 | 000,496,583 | ---- | C] () -- C:\WINDOWS\TempCloudAV0916175442_280.csv
[2013/09/16 18:27:31 | 000,244,849 | ---- | C] () -- C:\WINDOWS\TempCloudAV0916172713_768.csv
[2013/09/03 20:12:30 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/24 20:00:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0x0304A000.sfl
[2012/03/14 22:39:49 | 000,002,150 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/17 22:54:10 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 21:53:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 18:55:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012/01/17 18:55:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012/01/17 18:55:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\I K\Application Data\$_hpcst$.hpc
[2012/01/17 18:53:07 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2012/01/17 18:53:07 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2012/01/17 18:53:02 | 097,979,392 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2011/08/15 17:31:51 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\fusioncache.dat
[2011/08/14 17:55:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

========== ZeroAccess Check ==========

[2011/08/14 14:56:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 20:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
I love The Beatles and The Beatles love me.

#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 October 2013 - 09:36 PM

Hi beatles4life,

Posted Image Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {af6ac4f2-9825-4fb6-a600-92bc5361f209} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

Posted Image Reset TCP/IP stack to installation defaults

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "netsh int ip reset reset.log" then hit Enter
=========================

Posted Image chkdsk scan
  • Click Start and My Computer.
  • Right-click the hard drive you want to check, and click Properties.
  • Select the Tools tab in the Error Checking section click Check Now. Check both boxes. Click Start.
    • You'll get a message that the computer must be rebooted to run a complete check.
  • Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.
Posted Image To view results log:
  • Go to Start - Run and type in eventvwr.msc, and hit enter.
  • When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up.
  • This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.
=========================

In your next post please provide the following:
  • chkdsk log
  • How is the computer running, any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#19 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 17 October 2013 - 12:19 PM

Dear OCD,

The internet has come back on the computer, which is nice. :D

The log report from the chkdsk scan is below.

Thanks,
Beatles4Life


Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 17/10/2013
Time: 19:07:07
User: N/A
Computer: YOUR-EB98910CC7
Description:
Checking file system on C:
The type of the file system is FAT32.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Volume Serial Number is CCA0-6A24
Windows is verifying free space...
Free space verification is complete.
Windows has checked the file system and found no problems.
146645600 KB total disk space.
2949120 KB in 1590 hidden files.
278496 KB in 8680 folders.
36582464 KB in 62554 files.
106835488 KB are available.

32768 bytes in each allocation unit.
4582675 total allocation units on disk.
3338609 allocation units available on disk.


For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
I love The Beatles and The Beatles love me.

#20 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 17 October 2013 - 12:38 PM

Dear OCD,

Small addendum to my last post:

I just checked the task bar, and the fedora is still there. :(

Also, I've noticed that when I put the computer in stand by, it suddenly shuts down after about 5 minutes. I thought I was just imagining it, but I tried putting it in stand by mode just now and it happened again.

Beatles4Life

I love The Beatles and The Beatles love me.

#21 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 October 2013 - 10:07 PM

Hi beatles4life,

I just checked the task bar, and the fedora is still there. sad.gif

Hover your cursor over the fedora:
  • Does it give you any information as to what it is?
  • Try right clicking on it, any menu appear?

Also, I've noticed that when I put the computer in stand by, it suddenly shuts down after about 5 minutes. I thought I was just imagining it, but I tried putting it in stand by mode just now and it happened again.

Your computer will shut down unexpectedly if it is over-heating.
  • Is the computer hot?
  • Is there enough ventilation around the computer?
  • Is there excessive dust accumulated around the fan?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#22 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 18 October 2013 - 08:16 AM

If I hover the cursor over the fedora icon, a yellow box appears that says 'Spy Alert is Running.'

I just right clicked the fedora, and a white box appeared that says 'hide.'

As for the overheating issue, when I pressed the power button this time, I got a message saying 'Resuming Windows.' Then Windows loaded normally. It's cold at the moment, but it was really hot yesterday when I put it in stand-by.

Where is the fan and how would one check it for excessive dust? I assume I would have to switch the computer off before opening it.

I love The Beatles and The Beatles love me.

#23 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 October 2013 - 08:33 AM

Hi beatles4life,

Posted Image Remove Extensions in Firefox
  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
  • In the Add-ons Manager tab, select the Extensions or Appearance panel.
  • Select the add-on you wish to remove.

    • SpyAlert (if present)
  • Click the Remove button.
  • Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
=========================

Posted Image Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:
    • Cookies
    • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now
=========================

Posted Image Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    [2013/10/13 19:10:50 | 000,000,000 | ---D | M] (Spy Alert) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\support@spyalertapp.com
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

Where is the fan and how would one check it for excessive dust? I assume I would have to switch the computer off before opening it.

This is a laptop correct? The fan is internal, is there enough room around the laptop for air to circulate? Do you always put the computer in Stand-By Mode? You might need to consider a cooling pad.

In your next post please provide the following:
  • Fresh OTL.txt
  • Is the fedora gone now?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#24 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 19 October 2013 - 06:41 AM

Both of the computers I am using for this process are laptops.

The OTL log is below. Unfortunately, the fedora is still there. :(



OTL logfile created on: 19/10/2013 13:11:45 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\I K\Desktop\HSG_wtt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 280.54 Mb Available Physical Memory | 27.42% Memory free
2.40 Gb Paging File | 1.79 Gb Available in Paging File | 74.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.85 Gb Total Space | 102.20 Gb Free Space | 73.08% Space Free | Partition Type: FAT32
Drive D: | 92.97 Gb Total Space | 92.97 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: YOUR-EB98910CC7 | User Name: I K | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\I K\Desktop\HSG_wtt\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\IeHelper\IeHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog)
PRC - C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()


========== Services (SafeList) ==========

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PSUAService) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (PACSPTISVR-Sound_Organizer) -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe (Sony Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (PersonalSecureDriveService) -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (bdftdif) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys File not found
DRV - (Bdfndisf) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NNSHTTPS) -- C:\WINDOWS\system32\drivers\NNSHttps.sys (Panda Security, S.L.)
DRV - (NNSSTRM) -- C:\WINDOWS\system32\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV - (NNSSMTP) -- C:\WINDOWS\system32\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV - (NNSTLSC) -- C:\WINDOWS\system32\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV - (NNSPROT) -- C:\WINDOWS\system32\drivers\NNSProt.sys (Panda Security, S.L.)
DRV - (NNSPRV) -- C:\WINDOWS\system32\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV - (NNSPOP3) -- C:\WINDOWS\system32\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV - (NNSIDS) -- C:\WINDOWS\system32\drivers\NNSIds.sys (Panda Security, S.L.)
DRV - (NNSHTTP) -- C:\WINDOWS\system32\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV - (NNSPICC) -- C:\WINDOWS\system32\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV - (NNSPIHS) -- C:\WINDOWS\system32\drivers\NNSpihs.sys (Panda Security, S.L.)
DRV - (NNSALPC) -- C:\WINDOWS\system32\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV - (PSINKNC) -- C:\WINDOWS\system32\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV - (PSINProt) -- C:\WINDOWS\system32\drivers\PSINProt.sys (Panda Security, S.L.)
DRV - (PSINProc) -- C:\WINDOWS\system32\drivers\PSINProc.sys (Panda Security, S.L.)
DRV - (PSINAflt) -- C:\WINDOWS\system32\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV - (PSINFile) -- C:\WINDOWS\system32\drivers\PSINFile.sys (Panda Security, S.L.)
DRV - (PSKMAD) -- C:\WINDOWS\system32\drivers\PSKMAD.sys (Panda Security, S.L.)
DRV - (NNSNAHS) -- C:\WINDOWS\system32\drivers\NNSNAHS.sys (Panda Security, S.L.)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (SNP2STD) -- C:\WINDOWS\system32\drivers\snp2sxp.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/14 22:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Extensions
[2012/02/20 20:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions
[2013/10/11 21:34:24 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/10/13 17:24:50 | 000,487,348 | ---- | M] () (No name found) -- C:\Documents and Settings\I K\Application Data\Mozilla\Firefox\Profiles\zeijqalt.default\extensions\PrivDog@AdTrustMedia.com.xpi
[2013/10/01 21:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/01 21:58:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/02/15 20:01:58 | 000,441,696 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 15182 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\updater.exe (Updater)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A44DD6C6-363E-49FD-A167-F7C7AC810A96}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\I K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\I K\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/08 19:01:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/17 19:07:47 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2013/10/17 18:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Local Settings\Application Data\adawarebp
[2013/10/17 18:06:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/16 15:43:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/16 15:31:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/16 15:30:14 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\I K\Desktop\JRT.exe
[2013/10/14 21:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Desktop\HSG_wtt
[2013/10/13 18:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpyAlert
[2013/10/13 18:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/10/13 17:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/10/13 17:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\AdTrustMedia
[2013/10/13 17:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adtrustmedia
[2013/10/13 17:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/10/13 17:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/10/13 17:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Local Settings\Application Data\COMODO
[2013/10/12 22:40:02 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/10/12 19:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/12 19:57:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/12 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/12 19:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Application Data\LavasoftStatistics
[2013/10/12 19:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2013/10/12 18:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/10/12 18:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/10/12 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/10/12 18:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\I K\Desktop\For HSG's lappy
[2013/10/11 23:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/10/11 23:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/10/11 23:00:58 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2013/10/10 13:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RHelpers
[2013/10/10 13:47:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Updater
[2013/10/10 09:51:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/10 09:51:30 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/10 09:51:29 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/10 09:51:29 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/10 09:50:23 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/10 09:50:23 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/10 09:50:23 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/10 09:50:23 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/01 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\I K\Desktop\*.tmp files -> C:\Documents and Settings\I K\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/19 13:10:12 | 000,033,099 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/10/19 13:09:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/19 13:09:36 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/18 22:10:12 | 000,003,495 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\ocd_whatthetech5.rtf
[2013/10/18 15:57:36 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/18 15:09:40 | 000,164,658 | ---- | M] () -- C:\WINDOWS\TempCloudAV1017180745_676.csv
[2013/10/17 18:16:00 | 000,016,078 | ---- | M] () -- C:\WINDOWS\TempCloudAV1017171217_1252.csv
[2013/10/17 18:04:20 | 000,124,988 | ---- | M] () -- C:\WINDOWS\TempCloudAV1016143959_1196.csv
[2013/10/17 17:58:28 | 000,003,275 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\ocd_whatthetech4.rtf
[2013/10/16 15:34:52 | 000,182,155 | ---- | M] () -- C:\WINDOWS\TempCloudAV1016142758_1256.csv
[2013/10/16 15:09:56 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\I K\Desktop\JRT.exe
[2013/10/16 15:07:30 | 001,048,960 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\AdwCleaner.exe
[2013/10/16 00:18:38 | 002,397,045 | ---- | M] () -- C:\WINDOWS\TempCloudAV1015123901_604.csv
[2013/10/15 13:45:20 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\MBR.zip
[2013/10/14 23:36:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\MBR.dat
[2013/10/14 22:26:14 | 000,125,054 | ---- | M] () -- C:\WINDOWS\TempCloudAV1013181002_400.csv
[2013/10/14 21:57:58 | 000,003,323 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\otl_text_to_paste.rtf
[2013/10/13 19:04:24 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/10/13 18:19:44 | 001,260,332 | ---- | M] () -- C:\WINDOWS\TempCloudAV1013165553_820.csv
[2013/10/12 22:52:14 | 000,249,484 | ---- | M] () -- C:\WINDOWS\TempCloudAV1012214423_396.csv
[2013/10/12 19:57:18 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 19:15:20 | 000,088,698 | ---- | M] () -- C:\WINDOWS\TempCloudAV1011231939_1884.csv
[2013/10/12 00:13:14 | 000,002,150 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/10/11 23:13:46 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\I K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/11 23:13:46 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\I K\Desktop\Spybot - Search & Destroy.lnk
[2013/10/11 21:37:24 | 001,165,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV1011192334_1316.csv
[2013/10/11 20:23:02 | 003,540,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/11 20:22:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/10 14:39:50 | 003,334,126 | ---- | M] () -- C:\WINDOWS\TempCloudAV1010084657_1228.csv
[2013/10/10 14:38:02 | 000,506,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/10 14:38:02 | 000,089,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/10 14:33:52 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/08 18:58:22 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/08 18:58:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/07 17:30:20 | 001,038,843 | ---- | M] () -- C:\WINDOWS\TempCloudAV1007142727_568.csv
[2013/10/06 22:47:22 | 000,457,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV1006182720_944.csv
[2013/10/06 01:21:24 | 001,263,034 | ---- | M] () -- C:\WINDOWS\TempCloudAV1005135905_660.csv
[2013/10/03 18:37:10 | 001,629,999 | ---- | M] () -- C:\WINDOWS\TempCloudAV1003135147_872.csv
[2013/10/01 23:07:44 | 001,558,472 | ---- | M] () -- C:\WINDOWS\TempCloudAV1001191628_900.csv
[2013/10/01 20:15:02 | 000,038,543 | ---- | M] () -- C:\WINDOWS\TempCloudAV1001191122_972.csv
[2013/09/29 04:25:08 | 000,561,199 | ---- | M] () -- C:\WINDOWS\TempCloudAV0928105939_1192.csv
[2013/09/29 02:00:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-YOUR-EB98910CC7-I K.job
[2013/09/28 00:02:38 | 001,394,079 | ---- | M] () -- C:\WINDOWS\TempCloudAV0927131145_868.csv
[2013/09/27 09:49:06 | 000,583,185 | ---- | M] () -- C:\WINDOWS\TempCloudAV0927083429_1460.csv
[2013/09/26 19:24:58 | 000,874,278 | ---- | M] () -- C:\WINDOWS\TempCloudAV0926171501_1360.csv
[2013/09/24 22:44:10 | 000,607,427 | ---- | M] () -- C:\WINDOWS\TempCloudAV0924152019_672.csv
[2013/09/24 11:41:04 | 000,626,536 | ---- | M] () -- C:\WINDOWS\TempCloudAV0924102808_424.csv
[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/09/23 19:33:58 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/09/23 19:33:58 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/09/23 19:33:58 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/09/23 19:33:58 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/09/23 19:33:58 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/09/23 19:33:58 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/09/23 19:33:58 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/09/23 19:33:58 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/09/23 19:33:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/09/23 19:33:58 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/09/23 19:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/09/23 19:33:58 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/09/23 19:33:58 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/09/23 19:33:58 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/09/23 19:33:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/09/23 19:33:58 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/09/23 19:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/09/23 19:33:58 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/09/23 19:33:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/09/23 19:33:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/09/23 19:33:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/09/23 19:33:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/09/23 19:33:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/09/23 19:33:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/09/23 19:33:58 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/09/23 19:33:56 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/09/23 19:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/09/23 19:33:56 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/09/23 19:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2013/09/23 19:33:56 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2013/09/23 19:06:48 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/09/22 14:53:14 | 000,087,422 | ---- | M] () -- C:\WINDOWS\TempCloudAV0922130405_772.csv
[2013/09/21 21:46:50 | 000,505,915 | ---- | M] () -- C:\WINDOWS\TempCloudAV0921190244_660.csv
[2013/09/21 20:01:56 | 000,006,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/09/21 20:01:36 | 000,151,030 | ---- | M] () -- C:\WINDOWS\TempCloudAV0921175619_564.csv
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\I K\Desktop\*.tmp files -> C:\Documents and Settings\I K\Desktop\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/18 22:12:20 | 000,003,495 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\ocd_whatthetech5.rtf
[2013/10/17 19:08:04 | 000,164,658 | ---- | C] () -- C:\WINDOWS\TempCloudAV1017180745_676.csv
[2013/10/17 18:13:32 | 000,016,078 | ---- | C] () -- C:\WINDOWS\TempCloudAV1017171217_1252.csv
[2013/10/17 18:03:05 | 000,003,275 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\ocd_whatthetech4.rtf
[2013/10/16 15:40:21 | 000,124,988 | ---- | C] () -- C:\WINDOWS\TempCloudAV1016143959_1196.csv
[2013/10/16 15:29:57 | 001,048,960 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\AdwCleaner.exe
[2013/10/16 15:28:17 | 000,182,155 | ---- | C] () -- C:\WINDOWS\TempCloudAV1016142758_1256.csv
[2013/10/16 00:37:02 | 000,003,323 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\otl_text_to_paste.rtf
[2013/10/15 13:45:18 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\MBR.zip
[2013/10/15 13:39:35 | 002,397,045 | ---- | C] () -- C:\WINDOWS\TempCloudAV1015123901_604.csv
[2013/10/14 23:36:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\MBR.dat
[2013/10/14 21:58:33 | 000,125,054 | ---- | C] () -- C:\WINDOWS\TempCloudAV1013181002_400.csv
[2013/10/13 17:56:29 | 001,260,332 | ---- | C] () -- C:\WINDOWS\TempCloudAV1013165553_820.csv
[2013/10/12 22:44:39 | 000,249,484 | ---- | C] () -- C:\WINDOWS\TempCloudAV1012214423_396.csv
[2013/10/12 19:57:16 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/12 18:32:41 | 000,088,698 | ---- | C] () -- C:\WINDOWS\TempCloudAV1011231939_1884.csv
[2013/10/12 00:19:01 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/11 23:13:45 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\I K\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/10/11 23:13:45 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\I K\Desktop\Spybot - Search & Destroy.lnk
[2013/10/11 20:33:10 | 001,165,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV1011192334_1316.csv
[2013/10/10 09:47:10 | 003,334,126 | ---- | C] () -- C:\WINDOWS\TempCloudAV1010084657_1228.csv
[2013/10/07 15:27:45 | 001,038,843 | ---- | C] () -- C:\WINDOWS\TempCloudAV1007142727_568.csv
[2013/10/06 19:27:34 | 000,457,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV1006182720_944.csv
[2013/10/05 14:59:19 | 001,263,034 | ---- | C] () -- C:\WINDOWS\TempCloudAV1005135905_660.csv
[2013/10/03 14:52:04 | 001,629,999 | ---- | C] () -- C:\WINDOWS\TempCloudAV1003135147_872.csv
[2013/10/01 20:16:46 | 001,558,472 | ---- | C] () -- C:\WINDOWS\TempCloudAV1001191628_900.csv
[2013/10/01 20:11:43 | 000,038,543 | ---- | C] () -- C:\WINDOWS\TempCloudAV1001191122_972.csv
[2013/09/28 11:59:53 | 000,561,199 | ---- | C] () -- C:\WINDOWS\TempCloudAV0928105939_1192.csv
[2013/09/27 14:12:02 | 001,394,079 | ---- | C] () -- C:\WINDOWS\TempCloudAV0927131145_868.csv
[2013/09/27 09:34:43 | 000,583,185 | ---- | C] () -- C:\WINDOWS\TempCloudAV0927083429_1460.csv
[2013/09/26 18:15:22 | 000,874,278 | ---- | C] () -- C:\WINDOWS\TempCloudAV0926171501_1360.csv
[2013/09/24 16:28:00 | 000,607,427 | ---- | C] () -- C:\WINDOWS\TempCloudAV0924152019_672.csv
[2013/09/24 11:28:24 | 000,626,536 | ---- | C] () -- C:\WINDOWS\TempCloudAV0924102808_424.csv
[2013/09/22 14:25:44 | 000,087,422 | ---- | C] () -- C:\WINDOWS\TempCloudAV0922130405_772.csv
[2013/09/21 20:03:00 | 000,505,915 | ---- | C] () -- C:\WINDOWS\TempCloudAV0921190244_660.csv
[2013/09/21 20:01:55 | 000,006,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2013/09/21 19:20:40 | 000,151,030 | ---- | C] () -- C:\WINDOWS\TempCloudAV0921175619_564.csv
[2013/09/19 19:05:52 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/03 20:12:30 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/05/24 20:00:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0x0304A000.sfl
[2012/03/14 22:39:49 | 000,002,150 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/17 22:54:10 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 21:53:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 18:55:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012/01/17 18:55:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012/01/17 18:55:08 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\I K\Application Data\$_hpcst$.hpc
[2012/01/17 18:53:07 | 000,069,632 | ---- | C] () -- C:\Program Files\2057.MST
[2012/01/17 18:53:07 | 000,013,752 | ---- | C] () -- C:\Program Files\0x0809.ini
[2012/01/17 18:53:02 | 097,979,392 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2011/08/15 17:31:51 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\fusioncache.dat
[2011/08/14 17:55:39 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\I K\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs

========== ZeroAccess Check ==========

[2011/08/14 14:56:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 20:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
I love The Beatles and The Beatles love me.

#25 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 October 2013 - 09:39 PM

Hi beatles4life,

Posted Image Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

In your next post please provide the following:

  • MBAM log
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#26 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 20 October 2013 - 07:40 AM

Dear OCD,

The results of the Malwarebytes scan are below. The only thing I don't understand is why the fedora is still there. Is it just some sort of phantom fedora? I'm so confused.

On another slightly unrelated note, my housemate is getting a bit impatient (i.e. showing symptoms of computer withdrawal). I managed to placate her by telling her that I would ask you what would happen if I just erased the hard drive and re-installed Windows.

Thanks,
Beatles4Life


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.20.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
I K :: YOUR-EB98910CC7 [administrator]

20/10/2013 14:05:48
mbam-log-2013-10-20 (14-05-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199828
Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
I love The Beatles and The Beatles love me.

#27 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 October 2013 - 08:29 AM

Hi beatles4life,

The only thing I don't understand is why the fedora is still there. Is it just some sort of phantom fedora?

How is the computer running? Do you have any symptoms?

I managed to placate her by telling her that I would ask you what would happen if I just erased the hard drive and re-installed Windows.

It would return her computer to the condition it was when it was new. She would lose all newly installed programs and all data. At this point I really wouldn't recommend the re-install option.

We could also try System Restore to revert back to a date prior to the install of the Spy Alert program.

Let me know how you would like to proceed.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#28 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 21 October 2013 - 06:35 AM

She said she wants to do a System restore.
I love The Beatles and The Beatles love me.

#29 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 October 2013 - 10:41 AM

Hi beatles4life,

Posted Image How to use System Restore to restore Windows XP to a previous state
  • Log on to Windows as an administrator.
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. (The screen shot for this step is listed below).
Posted Image
  • On the Welcome to System Restore page, click to select the Restore my computer to an earlier time option, and then click Next. (The screen shot for this step is listed below).
Posted Image
  • On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next.
  • Choose a date prior to the installation of Spy Alert.
  • Note A System Restore message may appear that lists configuration changes that System Restore will make. Click OK. (The screen shot for this step is listed below).
Posted Image
  • On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
  • Log on to the computer as an administrator. Then, click OK on the System Restore Restoration Complete page. (The screen shot for this step is listed below).
Posted Image

In your next post please provide the following:
  • System Restore results

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#30 beatles4life

beatles4life

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts
  • Interests:The Beatles, crochet, bacon, and large cups of tea.

Posted 21 October 2013 - 01:12 PM

Here's what happened when I tried to restore my housemate's computer:

–––––––––––––––––––––––––––––––––––––––––––––––––

Attempt 1: 'Time travel' back to 8 October 2013 - restoration unsuccessful.

A most unusual message appeared right before I shut down to try and restore the laptop again: 'The Firefox helper failed to initialise because the system is shutting down' - what does it mean???

Disk check still appearing on start-up...

–––––––––––––––––––––––––––––––––––––––––––––––––

Attempt 2: 'Time travel' back to 7 October 2013

Disk check appears on start-up

'Your computer cannot be restored to 07 October 2013. Software Distribution Service 3.0.'

–––––––––––––––––––––––––––––––––––––––––––––––––

DLL initialisation failed - updater.exe [message before shutting down]

Attempt 3: 'Time travel' back to 1 October 2013

Disk check still there...

'Your computer cannot be restored to 01 October 2013. Software distribution service 3.0.'


––––––––––––––––––––––––––––––––––––––––––––––––––
No initialisation message this time...

Attempt 4: 'Time travel' back to 30 Sept 2013

Disk check still there...

'Your computer cannot be restored to 30 September 2013. Software distribution service 3.0'

––––––––––––––––––––––––––––––––––––––––––––––––––

What on Earth do I do now??? :pullhair:

I love The Beatles and The Beatles love me.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users