This topic is lockedJust pick up where you left off tomorrow. The process will likely take a few days at least. So get some rest and work at the steps when you can, then post the logs.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
PC boots up but can't open software [Solved]
Started by
cousinkevin
, Oct 30 2013 06:49 PM
123 replies to this topic
#16
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 02 November 2013 - 07:24 PM
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
Register to Remove
#17
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 02 November 2013 - 07:24 PM
Hi OCD,
Here's the log, going to bed. Hopefully back Sunday.
ComboFix 13-11-01.03 - Paul_2 03/11/2013 1:08.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1332 [GMT 0:00]
Running from: c:\documents and settings\Paul_2\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\Paul_2\Application Data\Toolbar4
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\~GLH0027.TMP
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\about SpeedBit Video Downloader.html
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Affid.001
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Affid.dat
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\amazon_logo.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Ask-logo-16.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\basis.xml
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cog.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Ebay-logo-16.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\empty.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\include_files\a7ff4287b53c17f7610254f6a6e81ead
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\info.txt
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\localcopy.xml
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Mercado_Livre.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Mercado_Livre0.1.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.bmp
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\SpeedBitToolbar_icons.bmp
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\TbHelper2.exe
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Thumbs.db
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Translate_webpage.png
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\version.txt
c:\documents and settings\Paul_2\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\video.png
c:\documents and settings\Paul_2\Application Data\Yxxy
c:\documents and settings\Paul_2\Application Data\Yxxy\idroo.ysy
c:\documents and settings\Test Account\Application Data\Toolbar4
c:\documents and settings\Test Account\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\Test Account\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\Test Account\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\include_files\1f295efd21cf069edbd9f944685f416a
c:\documents and settings\Test Account\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\@
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\L\00000004.@
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\U\00000004.@
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\U\00000008.@
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\U\000000cb.@
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\U\80000000.@
c:\recycler\S-1-5-21-1993962763-362288127-1177238915-1007\$723ef22ef32d2ba433456802360e9c88\U\80000032.@
E:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-10-03 to 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-10-18 19:57 . 2013-10-08 06:29 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-18 19:57 . 2013-10-08 06:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-10-09 23:08 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-10-09 23:08 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-10-09 23:08 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-10-09 23:08 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-10-09 21:02 . 2013-10-09 21:02 -------- d-----w- c:\documents and settings\Paul_2\Application Data\AVG2014
2013-10-09 20:58 . 2013-10-09 20:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2014
2013-10-09 20:53 . 2013-10-09 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2014
2013-10-09 20:48 . 2013-10-10 21:22 -------- d-----w- c:\documents and settings\Paul_2\Local Settings\Application Data\Avg2014
2013-10-09 11:24 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 11:24 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-10-09 11:24 . 2013-08-29 00:56 26240 -c----w- c:\windows\system32\dllcache\usbser.sys
2013-10-09 11:23 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 11:23 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-09 11:23 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 11:23 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-28 16:29 . 2013-01-07 22:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-28 16:29 . 2011-06-29 20:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 18:33 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2010-09-07 02:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2010-09-07 02:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2013-02-08 04:37 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2008-04-14 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2008-04-14 00:15 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-20 21:54 . 2010-09-07 02:48 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2008-04-14 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2008-04-14 12:00 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2008-04-14 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2008-04-14 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2012-10-01 14:51 . 2012-10-01 14:48 48745576 ----a-w- c:\program files\spybotsd-2.0.10-rc2.exe
2011-09-10 10:24 . 2012-06-03 20:20 161744 ----a-w- c:\program files\0cres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2011-12-02 01:03 2660016 ------w- c:\program files\SpeedBit Video Downloader\TBUE5\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-10-17 00:22 431784 ----a-w- c:\program files\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-07-14 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0sprestrt\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 11:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-08-30 13:11 3904536 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-10-19 16:18 17875120 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 04:42 577536 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2011-05-25 21:11 2098376 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-07-14 15:32 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [08/02/2013 04:37 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 02:48 27448]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 02:49 193848]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 02:48 176952]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [30/10/2013 23:29 340432]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
S2 LMIRescue_0e3fbcc9-499d-4383-9a4d-8f9de0582633;LogMeIn Rescue (0e3fbcc9-499d-4383-9a4d-8f9de0582633);c:\documents and settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe [23/03/2013 12:11 2533800]
S2 LMIRescue_190e1fbc-265c-49bc-9ee4-2036b1499f28;LogMeIn Rescue (190e1fbc-265c-49bc-9ee4-2036b1499f28);c:\documents and settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe [09/10/2013 17:08 2570592]
S2 LMIRescue_25efa157-0bf7-422c-8c9e-11820b0bddfa;LogMeIn Rescue (25efa157-0bf7-422c-8c9e-11820b0bddfa);c:\documents and settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe [23/03/2013 12:07 2533800]
S2 LMIRescue_e70e3a79-1da6-47e0-a93a-2366de83597d;LogMeIn Rescue (e70e3a79-1da6-47e0-a93a-2366de83597d);c:\documents and settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe [09/10/2013 15:43 2570592]
S2 LMIRescue_ea12e1ca-77c2-45ea-a3e6-ed8e18c08b69;LogMeIn Rescue (ea12e1ca-77c2-45ea-a3e6-ed8e18c08b69);c:\documents and settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe [03/04/2013 18:19 2533800]
S2 LMIRescue_f0557919-9c33-47c3-9d09-09b1244b2f5f;LogMeIn Rescue (f0557919-9c33-47c3-9d09-09b1244b2f5f);c:\documents and settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [23/03/2013 12:04 2533800]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [01/10/2012 14:54 1074720]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [01/10/2012 14:54 1358360]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 09:58 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19/10/2012 16:14 160944]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85047461
*Deregistered* - 85047461
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-07 16:29]
.
2013-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2013-11-02 c:\windows\Tasks\AVG_REG_0913b.job
- c:\documents and settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-27 15:09]
.
2013-11-02 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\documents and settings\All Users\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-27 15:09]
.
2013-11-02 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-10-01 13:11]
.
2013-11-02 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-11-02 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-10-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-10-23 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-11-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-08-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-09-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-07-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-10-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 11:45]
.
2013-10-22 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-10-01 13:10]
.
2013-11-02 c:\windows\Tasks\ROC_REG_JAN.job
- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
2013-09-30 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-10-01 13:11]
.
2013-11-02 c:\windows\Tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=DC690015584A97BF&affID=122147&tsp=4951
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files\DAP\dapverify.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Paul_2\Application Data\Mozilla\Firefox\Profiles\yelom9v9.default-1382486551218\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2012-10-25 01:12; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-MakiwaraNotify - c:\program files\AOL Computer Checkup\sdccont.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-SpeetItUpFree - c:\program files\SpeedItup Free\speeditupfree.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-03 01:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-11-03 01:18:57
ComboFix-quarantined-files.txt 2013-11-03 01:18
.
Pre-Run: 1,857,216,512 bytes free
Post-Run: 2,350,739,456 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9F49B50E9F51AC93FFBDC2EFE944D68C
8F558EB6672622401DA993E1E865C861
#18
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 02 November 2013 - 08:10 PM
Hi cousinkevin,
AdwCleaner v3: Scan & Clean
-
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Click on the Scan button.
- AdwCleaner will begin to scan your computer like it did before.
- After the scan has finished...
- Click on the Clean button.
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
- After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
- Copy and paste the contents of that log file in your next reply.
- A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
chkdsk scan
- Click Start and My Computer.
- Right-click the hard drive you want to check, and click Properties.
- Select the Tools tab in the Error Checking section click Check Now. Check both boxes. Click Start.
- You'll get a message that the computer must be rebooted to run a complete check.
- Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.
To view results log:
- Go to Start - Run and type in eventvwr.msc, and hit enter.
- When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up.
- This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.
=========================
After you complete the above steps boot into Normal Mode and allow the computer to boot up completely. Now attempt to use the computer, and describe how it functions.
=========================
In your next post please provide the following:
- AdwCleaner[S0].txt
- chkdsk results
- Normal Mode review
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#19
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 03 November 2013 - 04:48 PM
Unable to perform chkdsk, after ticking both boxes and clicking OK a message came up "the disk check could not be performed because the disk utility check needs exlcusive access to some windows files on the disk....etc.
I clicked the "yes" tab nothing happened, then the "no" tab "windows was unable to complete the disk check"
I completed the adwcleaner shall post I results?
Edited by cousinkevin, 03 November 2013 - 05:07 PM.
#20
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 November 2013 - 05:19 PM
Hi cousinkevin,
Please read the instructions carefully:
"after ticking both boxes and clicking OK a message came up "the disk check could not be performed because the disk utility check needs exlcusive access to some windows files on the disk....etc.
I clicked the "yes" tab nothing happened, then the "no" tab "windows was unable to complete the disk check"
You'll get a message that the computer must be rebooted to run a complete check.
Click Yes, then reboot to allow chkdsk to run.
=========================
Post the AdwCleaner log when it's ready
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#21
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 03 November 2013 - 07:24 PM
Sorry I thought it was an auto reboot. My medical treatment is exacerbating my condition at the moment and affecting my concentration, but I'll continue never the less.
# AdwCleaner v3.010 - Report created 03/11/2013 at 22:25:05
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Paul_2 - USER-E862545A71
# Running from : C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Speedbit Video Downloader
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\WINDOWS\system32\BrowserDefender
Folder Deleted : C:\Documents and Settings\Lynda\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Lynda\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Lynda\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Lynda\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\Paul_2\Application Data\Betcat
Folder Deleted : C:\Documents and Settings\Paul_2\Application Data\Systweak
File Deleted : C:\Documents and Settings\Paul_2\Desktop\My Video Downloads.lnk
File Deleted : C:\Documents and Settings\Paul_2\Desktop\SPEEDbit Video Downloader.lnk
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKCU\Software\f55d8d0e53aec43
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061465.FCTB000061465Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061465.FCTB000061465Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061465.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061465.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061465.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061465.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Documents and Settings\Lynda\Application Data\Mozilla\Firefox\Profiles\gqz3rbvy.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=DC690015584A97BF&affID=122147&tsp=4951");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
[ File : C:\Documents and Settings\Paul_2\Application Data\Mozilla\Firefox\Profiles\yelom9v9.default-1382486551218\prefs.js ]
*************************
AdwCleaner[R0].txt - [13038 octets] - [03/11/2013 22:23:23]
AdwCleaner[S0].txt - [12996 octets] - [03/11/2013 22:25:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13057 octets] ##########
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 04/11/2013
Time: 01:04:52
User: N/A
Computer: USER-E862545A71
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 13091 unused index entries from index $SII of file 0x9.
Cleaning up 13091 unused index entries from index $SDH of file 0x9.
Cleaning up 13091 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
156280288 KB total disk space.
152914364 KB in 165020 files.
68480 KB in 9221 indexes.
0 KB in bad sectors.
723352 KB in use by the system.
65536 KB occupied by the log file.
2574092 KB available on disk.
4096 bytes in each allocation unit.
39070072 total allocation units on disk.
643523 allocation units available on disk.
Internal Info:
00 01 03 00 ac a8 02 00 0b 81 04 00 00 00 00 00 ................
a5 27 00 00 06 00 00 00 88 35 00 00 00 00 00 00 .'.......5......
2c 41 28 0b 00 00 00 00 ba fd 42 78 00 00 00 00 ,A(.......Bx....
38 ff df f6 00 00 00 00 bc 8c 88 0e 0c 00 00 00 8...............
fc 3c e0 40 00 00 00 00 c2 76 fc d0 0d 00 00 00 .<.@.....v......
99 9e 36 00 00 00 00 00 98 38 07 00 9c 84 02 00 ..6......8......
00 00 00 00 00 f0 26 75 24 00 00 00 05 24 00 00 ......&u$....$..
Windows has finished checking your disk.
Please wait while your computer restarts.
For more information, see Help and Support Center at http://go.microsoft....link/events.asp.
#22
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 November 2013 - 07:51 PM
Hi cousinkevin,
There is no rush to carry out all the steps as quickly as possible. Take your time and do them as you are able. We will work methodically through the process at your pace.
=========================
Re-run OTL (it should be located on your desktop).
In your next post please provide the following:
There is no rush to carry out all the steps as quickly as possible. Take your time and do them as you are able. We will work methodically through the process at your pace.
=========================
Re-run OTL (it should be located on your desktop).- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Uncheck the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
- OTL.txt
- Any change in performance?
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#23
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 04 November 2013 - 03:58 PM
Ran OTL in safe mode, re-booted into normal mode.
Still 6 virgin media support windows pop up slowly stating "connecting" with many rows of session expired text.
These cannot be shut quickly. No pop ups in safe mode.
Outlook Express slow
Firefox very slow, though did open. Browsing slow. I have 30 Mbs/s cable broadband.
This is while AVG is auto updating.
Was able to shut down in normal way yesterday, in normal mode
Also noticed lately an unusual sound from the tower when booting up ( normal mode ) the last couple of weeks.
There is no OTL folder on the C:\ drive, I located the log on the desktop.
OTL logfile created on: 04/11/2013 21:12:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.25% Memory free
3.35 Gb Paging File | 3.27 Gb Available in Paging File | 97.60% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 2.41 Gb Free Space | 1.61% Space Free | Partition Type: NTFS
Computer Name: USER-E862545A71 | User Name: Paul_2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Paul_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
========== Services (SafeList) ==========
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (LMIRescue_190e1fbc-265c-49bc-9ee4-2036b1499f28) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_e70e3a79-1da6-47e0-a93a-2366de83597d) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (LMIRescue_ea12e1ca-77c2-45ea-a3e6-ed8e18c08b69) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_0e3fbcc9-499d-4383-9a4d-8f9de0582633) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_25efa157-0bf7-422c-8c9e-11820b0bddfa) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_f0557919-9c33-47c3-9d09-09b1244b2f5f) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\catchme.sys File not found
DRV - (RapportCerberus_59849) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C4 D8 9E 58 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2012/10/17 00:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/10/17 00:23:33 | 000,000,000 | ---D | M]
[2013/07/13 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul_2\Application Data\Mozilla\Extensions
[2013/11/02 18:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/02 18:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/02 18:28:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/11/03 01:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349191978390 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCFDC7E-C44D-4C7C-8F3A-86869B58B6B8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 16:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/03 22:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/03 01:05:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/03 01:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/03 01:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/03 01:01:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/03 01:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/03 00:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/03 00:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/02 22:25:34 | 005,143,186 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 22:10:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/02 18:15:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/10/23 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\Old Firefox Data
[2013/10/21 00:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\1366568217
[2013/10/18 19:57:51 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/18 19:57:51 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/10/18 19:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/18 19:57:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/18 19:57:16 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/18 19:57:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/10/12 20:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/10/09 23:08:59 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/10/09 23:08:49 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/10/09 21:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Application Data\AVG2014
[2013/10/09 20:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/10/09 20:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\Avg2014
[2013/10/09 11:24:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/09 11:24:17 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/09 11:24:10 | 000,026,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2013/10/09 11:23:23 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/09 11:23:23 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/09 11:23:23 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/09 11:23:23 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/07 19:42:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul_2\Recent
[2012/10/01 14:48:38 | 048,745,576 | ---- | C] (Safer-Networking Ltd. ) -- C:\Program Files\spybotsd-2.0.10-rc2.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/04 21:05:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/04 01:33:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
[2013/11/04 01:26:44 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/04 01:26:44 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\AVG_REG_0913b.job
[2013/11/04 01:26:44 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/11/04 01:26:42 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/04 01:26:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/04 01:26:41 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/04 01:26:41 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/04 01:26:39 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
[2013/11/04 01:26:39 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/04 01:26:39 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/04 01:26:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/03 23:21:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/03 22:20:35 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 22:00:46 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/03 01:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/03 01:05:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/02 22:25:38 | 005,143,186 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 21:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/02 19:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:52:12 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/11/02 18:15:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/11/02 17:00:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/01 15:54:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/10/30 23:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 23:07:37 | 000,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/22 23:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/21 13:52:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/10/17 11:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/16 20:31:12 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\My DAP Downloads.lnk
[2013/10/16 20:26:03 | 016,200,397 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-895 cam 19082012.flv
[2013/10/16 20:21:50 | 021,371,405 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-show_2899126741_1371750122306_external.flv
[2013/10/15 21:25:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/10/12 20:41:08 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/10/10 20:22:07 | 000,234,163 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\VAT Exemption form_MarconMedical.pdf
[2013/10/09 20:25:08 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/09 16:50:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/08 06:50:41 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/08 06:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/08 06:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/08 06:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/08 06:29:36 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/03 22:20:30 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:05:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/03 01:05:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/03 01:01:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/03 01:01:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/03 01:01:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/03 01:01:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/03 01:01:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/02 18:42:39 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/10/21 13:44:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/21 13:44:26 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/16 20:24:50 | 016,200,397 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-895 cam 19082012.flv
[2013/10/16 20:20:18 | 021,371,405 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-show_2899126741_1371750122306_external.flv
[2013/10/10 20:22:07 | 000,234,163 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\VAT Exemption form_MarconMedical.pdf
[2013/10/09 20:56:59 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/10/09 16:33:55 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/01/23 22:33:35 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\dt.dat
[2013/01/22 21:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 00:03:39 | 000,172,507 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2012/10/25 00:03:39 | 000,000,548 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2012/10/04 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/04 12:28:36 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/10/01 15:35:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/01 01:12:03 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sjpsusgqpvupxbp
[2012/09/29 00:05:43 | 000,006,464 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\chromeupdate.crx
[2012/08/16 21:57:30 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jejtrhljsoaszej
[2012/06/03 20:20:13 | 000,161,744 | ---- | C] () -- C:\Program Files\0cres.dll
[2012/02/16 22:10:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 01:06:22 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/12/02 01:06:21 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/06/10 21:46:52 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 19:00:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\FASTWiz.html
========== ZeroAccess Check ==========
[2010/12/09 15:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\@
[2012/07/05 20:10:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L
[2013/05/25 22:32:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\U
[2012/07/06 21:36:12 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L\00000004.@
[2011/09/29 20:42:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Edited by cousinkevin, 04 November 2013 - 04:05 PM.
#24
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 04 November 2013 - 04:51 PM
Hi cousinkevin,
Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
Clear Browser Cache in Internet Explorer
Run OTL.exe
Reboot in Normal Mode
=========================
Run a new OTL scan in Normal Mode
=========================
In your next post please provide the following:
Flush the FireFox Cache(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
- In Firefox, Options
- Select Options
- Select Privacy tab
- Find the section that reads: You might want to clear your recent history or remove individual cookies
- Select clear your recent history
- Click the Details drop-down arrow
- Make sure a check mark is placed in the following boxes:
- Cookies
- Cache
- Next select the Time Range to Clear drop-down menu
- Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
- Click Clear Now
Clear Browser Cache in Internet Explorer- Close all Internet Explorer and Windows Explorer windows that are currently open.
- Open Internet Explorer.
- Click the Tools button
, and then expand theSafety menu, then select Delete browsing history. - Select the check box next to each of the following categories.
- Temporary Internet files and website files
- History
- Click Delete
Run OTL.exe- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Commands [createrestorepoint] [emptyjava] [emptyflash] [emptytemp] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
Reboot in Normal Mode=========================
Run a new OTL scan in Normal Mode
=========================
In your next post please provide the following:
- OTL.txt
- Update on performance
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#25
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 05 November 2013 - 01:24 PM
HI OCD,
Can you give me a summery of any problems you have identified and solutions?
BTW, I installed firefox recently as IE had become unusable.
Normal Mode.
VMS pop ups on boot up.
Very slow, particularly media players WMP, RP, QT, quicktime the slowest to open with stuttering video. HD video impossible.
Youtube videos slow, HD very stuttery.
Folders slow to open.
Can't shut down normal way.
OTL logfile created on: 05/11/2013 00:22:42 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul_2\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.56% Memory free
3.35 Gb Paging File | 2.68 Gb Available in Paging File | 80.04% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 2.48 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Computer Name: USER-E862545A71 | User Name: Paul_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Paul_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0005.tmp\lmi_rescue.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
PRC - C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\system32\mkunicode.dll ()
MOD - C:\WINDOWS\system32\mmfinfo.dll ()
========== Services (SafeList) ==========
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (LMIRescue_190e1fbc-265c-49bc-9ee4-2036b1499f28) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_e70e3a79-1da6-47e0-a93a-2366de83597d) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0005.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (LMIRescue_ea12e1ca-77c2-45ea-a3e6-ed8e18c08b69) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_0e3fbcc9-499d-4383-9a4d-8f9de0582633) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_25efa157-0bf7-422c-8c9e-11820b0bddfa) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (LMIRescue_f0557919-9c33-47c3-9d09-09b1244b2f5f) -- C:\Documents and Settings\Lynda\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe (LogMeIn, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Paul_2\LOCALS~1\Temp\catchme.sys File not found
DRV - (RapportCerberus_59849) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys ()
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (Avgdiskx) -- C:\WINDOWS\system32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C4 D8 9E 58 A1 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files\DAP\daplinkchecker [2012/10/17 00:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/14 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/25 00:11:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/10/17 00:23:33 | 000,000,000 | ---D | M]
[2013/07/13 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul_2\Application Data\Mozilla\Extensions
[2013/11/02 18:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/02 18:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/02 18:28:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/11/03 01:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349191978390 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCFDC7E-C44D-4C7C-8F3A-86869B58B6B8}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/24 16:44:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/05 00:03:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/11/04 23:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/03 22:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/03 01:18:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/11/03 01:05:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/11/03 01:01:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/11/03 01:01:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/11/03 01:01:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/11/03 01:01:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/11/03 00:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/03 00:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/11/02 22:25:34 | 005,143,186 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 22:10:34 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/02 18:15:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/10/23 00:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Desktop\Old Firefox Data
[2013/10/21 00:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\My Documents\1366568217
[2013/10/18 19:57:51 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/18 19:57:51 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/10/18 19:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/18 19:57:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/18 19:57:16 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/18 19:57:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/17 15:04:56 | 000,108,816 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/10/12 20:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/10/09 23:08:59 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2013/10/09 23:08:49 | 000,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2013/10/09 21:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Application Data\AVG2014
[2013/10/09 20:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/10/09 20:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\Avg2014
[2013/10/09 11:24:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/09 11:24:17 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/09 11:24:10 | 000,026,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2013/10/09 11:23:23 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/09 11:23:23 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/09 11:23:23 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/09 11:23:23 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/07 19:42:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Paul_2\Recent
[2012/10/01 14:48:38 | 048,745,576 | ---- | C] (Safer-Networking Ltd. ) -- C:\Program Files\spybotsd-2.0.10-rc2.exe
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/05 00:33:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B4DD41ED-D92A-4751-8FBA-5EC5BF6021DA}.job
[2013/11/05 00:06:38 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\AVG_REG_0913b.job
[2013/11/05 00:06:37 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/05 00:06:37 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/11/05 00:06:36 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/05 00:06:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/05 00:06:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/11/05 00:06:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1006.job
[2013/11/05 00:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\ROC_REG_JAN.job
[2013/11/05 00:06:35 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/11/05 00:06:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/05 00:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/04 23:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/04 01:26:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1007.job
[2013/11/03 23:21:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/03 22:20:35 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 22:00:46 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/03 01:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/11/03 01:05:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/11/02 22:25:38 | 005,143,186 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul_2\Desktop\ComboFix.exe
[2013/11/02 19:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul_2\Desktop\OTL.exe
[2013/11/02 18:52:12 | 000,000,499 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/11/02 18:15:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Paul_2\Desktop\aswMBR.exe
[2013/11/02 17:00:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/01 15:54:18 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul_2\Desktop\TDSSKiller.exe
[2013/10/30 23:10:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/30 23:07:37 | 000,071,900 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/22 23:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/21 13:52:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/17 15:04:56 | 000,108,816 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2013/10/17 11:33:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/16 20:31:12 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Paul_2\Desktop\My DAP Downloads.lnk
[2013/10/16 20:26:03 | 016,200,397 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-895 cam 19082012.flv
[2013/10/16 20:21:50 | 021,371,405 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-show_2899126741_1371750122306_external.flv
[2013/10/15 21:25:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1009.job
[2013/10/12 20:41:08 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/10/10 20:22:07 | 000,234,163 | ---- | M] () -- C:\Documents and Settings\Paul_2\My Documents\VAT Exemption form_MarconMedical.pdf
[2013/10/09 20:25:08 | 000,121,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/09 16:50:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/08 06:50:41 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/08 06:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/08 06:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/08 06:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/08 06:29:36 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\Documents and Settings\Paul_2\*.tmp files -> C:\Documents and Settings\Paul_2\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/03 22:20:30 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\AdwCleaner.exe
[2013/11/03 01:05:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/11/03 01:05:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/11/03 01:01:05 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/11/03 01:01:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/11/03 01:01:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/11/03 01:01:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/03 01:01:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/11/02 18:42:39 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.zip
[2013/11/02 18:40:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Paul_2\Desktop\MBR.dat
[2013/10/21 13:44:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/21 13:44:26 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-362288127-1177238915-1005.job
[2013/10/16 20:24:50 | 016,200,397 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-895 cam 19082012.flv
[2013/10/16 20:20:18 | 021,371,405 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\PLVR-show_2899126741_1371750122306_external.flv
[2013/10/10 20:22:07 | 000,234,163 | ---- | C] () -- C:\Documents and Settings\Paul_2\My Documents\VAT Exemption form_MarconMedical.pdf
[2013/10/09 20:56:59 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/10/09 16:33:55 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/01/23 22:33:35 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\dt.dat
[2013/01/22 21:13:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/25 00:03:39 | 000,172,507 | ---- | C] () -- C:\WINDOWS\hpoins38.dat
[2012/10/25 00:03:39 | 000,000,548 | ---- | C] () -- C:\WINDOWS\hpomdl38.dat
[2012/10/04 12:33:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/10/04 12:28:36 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/10/01 15:35:23 | 000,000,961 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/01 01:12:03 | 000,069,780 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sjpsusgqpvupxbp
[2012/09/29 00:05:43 | 000,006,464 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\chromeupdate.crx
[2012/08/16 21:57:30 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jejtrhljsoaszej
[2012/06/03 20:20:13 | 000,161,744 | ---- | C] () -- C:\Program Files\0cres.dll
[2012/02/16 22:10:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/02 01:06:22 | 000,109,216 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2011/12/02 01:06:21 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/06/10 21:46:52 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/20 19:00:52 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\FASTWiz.html
========== ZeroAccess Check ==========
[2010/12/09 15:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\@
[2012/07/05 20:10:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L
[2013/05/25 22:32:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\U
[2012/07/06 21:36:12 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Paul_2\Local Settings\Application Data\{723ef22e-f32d-2ba4-3345-6802360e9c88}\L\00000004.@
[2011/09/29 20:42:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Register to Remove
#26
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 05 November 2013 - 01:49 PM
Hi cousinkevin,
Can you give me a summery of any problems you have identified and solutions?
- ComboFix & AdwCleaner removed quite a bit of Adware & unnecessary tool-bars and removed any corresponding Registry entries.
- Chkdsk was run to determine if the hard drive is in good working order. - Which it is.
This entry from your most recent OTL log is probably a big reason why your system is functioning very slowly
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 2.48 Gb Free Space | [color=#ff0000][b]1.66% Space Free[/b][/color] | Partition Type: NTFS
As you can see you only have 1.66% of free space on your hard drive. It is recommended that you run with a minimum of 20% of free space.
You will need to remove any unused programs to get your free space down to around 20%. You can transfer the programs/files to an external drive, flash drive or burn to a CD/DVD that would be ideal.
After you accomplish this you need to run System Defrag & System File Checker of your hard drive. (defrag will not run with less than 20% free space)
========================= Disk Defragmenter for XP
- Open My Computer.
- Right-click the local disk volume that you want to defragment, and then click Properties.
- On the Tools tab, click Defragment Now.
- Click Defragment.
========================= Reboot
========================= System File Checker
- Click Start, in the run box:
- Type: sfc /scannow (There's a space between sfc and /scannow.)
- Type: exit to close the command prompt window
- Include the findings in your next reply
========================= Reboot
=========================
In your next post please provide the following:
- Post back the results of the Defrag
- SFC results
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#27
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 05 November 2013 - 02:37 PM
Yes I could see lately I've not much space left.
Can I leave the programs in place and just transfer files/folders to a portable HDD instead? I have a 250GB external drive but that's nearly full. I was going to purchase a portable 1TB drive anyway, so I can still play media on my TV with a media player.
When I uninstall any programs should I delete the files/folders where they were downloaded to in the program files folder?
What about the VMS pop ups?
I don't know how quickly I can remove about 30 GB of data, to complete the latest tasks required. In other words how long can you keep the topic open?
Another issue I've just remembered, when I connect a USB drive it doesn't automatically run and some sounds don't work like new mail notification in OE.
Edited by cousinkevin, 05 November 2013 - 03:08 PM.
#28
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 05 November 2013 - 04:14 PM
Hi cousinkevin,
Yes I could see lately I've not much space left.
1. Can I leave the programs in place and just transfer files/folders to a portable HDD instead? I have a 250GB external drive but that's nearly full. I was going to purchase a portable 1TB drive anyway, so I can still play media on my TV with a media player.
2. When I uninstall any programs should I delete the files/folders where they were downloaded to in the program files folder?
3. What about the VMS pop ups?
4. I don't know how quickly I can remove about 30 GB of data, to complete the latest tasks required. In other words how long can you keep the topic open?
5. Another issue I've just remembered, when I connect a USB drive it doesn't automatically run and some sounds don't work like new mail notification in OE.
1. You can re-arrange the programs or files in whatever way is to your liking provided you free up the necessary space.
2. If you are uninstalling a program you can also delete the files & folders from the program files folder if they still remain after the uninstall.
3. What browser/s do you get the VMS pop-ups in?
4. We can keep the thread open as long as needed, as long as I am aware you're working on the steps outlined.
5. It sounds like a setting that might be missing. Let me do some research while you work on freeing up some free space and see what I can find out.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#29
cousinkevin
-
- Authentic Member
-
- 66 posts
Authentic Member
Posted 05 November 2013 - 04:31 PM
The virgin media support windows open on boot up, not in any browser. Sorry if I wasn't clear enough earlier. We had some tech support from virgin my ISP, now they can't stop the windows opening on boot up since they connected to my PC. It's really annoying and slows things down even more until I manage to close them.
#30
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 05 November 2013 - 05:20 PM
Hi cousinkevin,
Can you take a screenshot of the Virgin Mobile pop-ups?
http://windows.micro...e-a-screen-shot
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
