Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

malware infection: trying to type in data entry fields triggers pop-up

malware infection

  • This topic is locked This topic is locked
17 replies to this topic

#1 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 29 December 2013 - 04:23 PM

Hi Jeff, sorry again for the delay, the holiday period has disrupted my usual schedule.

 

I followed your last instruction to the letter and post the log here,

 

OTL logfile created on: 29/12/2013 21:44:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 66.47% Memory free
3.60 Gb Paging File | 3.07 Gb Available in Paging File | 85.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 110.85 Gb Free Space | 37.19% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 36.82 Gb Free Space | 96.20% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-3FC151321 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\defs\13122900\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.EKAiO2SDKLib\ea614f74eb722c113b5cc0e7b496aa8a\Interop.EKAiO2SDKLib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3321.40422__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3294.18759__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (pctplsm) -- C:\WINDOWS\system32\drivers\pctplsm.sys (PC Tools)
DRV - (PCTSD) -- C:\WINDOWS\system32\drivers\PCTSD.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTBD) -- C:\WINDOWS\system32\drivers\PCTBD.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (sfman) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.SYS (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9EFB316C-E6AC-470D-8EF1-4860D61AEA97}
IE - HKLM\..\SearchScopes\{9EFB316C-E6AC-470D-8EF1-4860D61AEA97}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9EFB316C-E6AC-470D-8EF1-4860D61AEA97}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9EFB316C-E6AC-470D-8EF1-4860D61AEA97}: "URL" = http://www.google.co...1I7SAVV_enGB540
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/10 18:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013/11/07 21:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/10 18:24:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/12/29 21:39:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1369314406283 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1369320571843 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6053F85-E4E6-423E-A872-BD18370BA919}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/23 11:24:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/29 21:39:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/22 16:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2013/12/22 16:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/12/22 16:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2013/12/22 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2013/12/21 22:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Femi
[2013/12/21 20:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/21 19:59:51 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/21 19:58:24 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/21 18:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Tweaking.com
[2013/12/21 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/12/19 08:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SHOP FINANCES
[2013/12/19 08:59:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/16 22:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/10 23:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/10 23:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/12/10 22:55:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/12/03 20:26:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/12/03 20:26:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/12/03 20:26:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/12/03 20:26:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/12/03 19:42:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/03 19:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\KODAK AiO Home Center489310287
[2013/12/03 19:42:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/03 19:37:27 | 005,153,140 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/05/25 19:52:12 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- C:\Program Files\Common Files\tppupd2k.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/29 21:45:29 | 000,433,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/29 21:45:29 | 000,068,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/29 21:41:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2013/12/29 21:41:19 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2013/12/29 21:41:17 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/29 21:40:57 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/29 21:40:57 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2013/12/29 21:40:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/29 21:40:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/29 21:39:46 | 000,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2013/12/29 21:39:46 | 000,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2013/12/29 21:39:46 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2013/12/29 21:39:46 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2013/12/29 21:39:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2013/12/29 21:39:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2013/12/29 21:39:46 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2013/12/29 21:39:46 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2013/12/29 21:39:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/12/29 21:33:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/29 01:45:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/28 22:38:05 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/25 12:39:45 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/12/25 10:21:21 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2013/12/23 23:22:04 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2013/12/23 19:13:43 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/23 19:13:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/21 20:21:51 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/21 20:21:40 | 000,549,180 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2013/12/21 20:19:15 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/21 20:13:35 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/12/21 20:13:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/12/19 21:42:36 | 005,045,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/12/17 21:26:48 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\Owner\Press
[2013/12/17 21:26:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\and
[2013/12/15 22:41:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/15 20:40:02 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/15 20:40:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/10 23:11:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_461
[2013/12/10 22:55:15 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013/12/10 22:27:55 | 005,153,140 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/12/03 20:28:52 | 000,000,339 | ---- | M] () -- C:\Boot.bak
 
========== Files Created - No Company Name ==========
 
[2013/12/19 21:42:20 | 005,045,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/12/17 21:26:48 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Owner\Press
[2013/12/17 21:26:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\and
[2013/12/03 20:28:51 | 000,000,339 | ---- | C] () -- C:\Boot.bak
[2013/12/03 20:28:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/03 20:26:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/12/03 20:26:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/12/03 20:26:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/12/03 20:26:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/12/03 20:26:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/07 21:37:25 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2013/07/28 11:00:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/07/07 23:39:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2013/06/28 21:43:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2013/06/28 21:43:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2013/06/28 17:51:58 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2013/06/28 17:51:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2013/06/28 17:51:18 | 000,034,914 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2013/06/28 17:51:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2013/06/28 17:51:15 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2013/06/28 17:51:14 | 000,163,933 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2013/06/28 17:51:14 | 000,112,387 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2013/06/28 17:51:14 | 000,112,287 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2013/06/28 17:51:14 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2013/06/28 17:51:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2013/06/28 17:51:09 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2013/06/28 17:51:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2013/06/28 17:51:08 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2013/06/28 17:51:03 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2013/05/25 19:54:26 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/25 19:18:13 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2013/05/25 19:06:27 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/25 19:06:26 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/25 18:22:47 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2013/05/23 13:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/05/23 12:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/23 12:11:09 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/23 11:49:26 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/23 11:48:24 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2013/05/23 11:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/05/23 11:37:53 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013/05/23 11:25:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/23 11:21:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/24 12:31:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini
 
========== ZeroAccess Check ==========
 
[2013/05/23 11:38:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
As always, thank you for your continued support.

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 31 December 2013 - 08:30 AM

Hi,

 

Sorry.  I just was shown this, but I will return as quickly as possible.  :)


Posted Image
 
 

#3 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 January 2014 - 03:49 PM

Ok....Let me know exactly how your system is running right now.  :)


Posted Image
 
 

#4 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 January 2014 - 05:30 PM

Hi Jeff, my system seems to be fine, but the Internet Explorer problem still exists. Example: I type "star wars a new hope" into the search engine on the Yahoo.com home page, it loads the results page then the window pops up " Internet Explorer has experienced a problem and needs to close. We are sorry for the inconvenience." I click the "Send Error Report" Button. Internet Explorer tries to reload the page 2-3 times, each time resulting in this pop-up window, until it gives up, when the result is a message in the Internet Explorer window that says "Unable to return to Yahoo.com".

 

Next, I typed: www.google.com and hit return. Whilst loading the page, a bubble on the tab tells me "This Tab has been recovered". Once loaded, I type "star wars a new hope" into the Google search engine and hit the return. It loads the results page but only a total of 4 bars appear in the progress bar at the bottom of the window (bottom left reads " ! " -in yellow- Done). Also, there are no advertisements on the page (I don't know if that makes a difference?). If I click on the "Images"  option, it goes through the same Recover - Fail scenario as Internet Explorer. BUT; in Google, the problem seems to be intermittent. Sometimes the page will load okay, another time it goes through the above procedure-with no difference to what's typed into the search engine.

 

Sorry to be a pain! 



#5 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 04 January 2014 - 06:44 PM

No no....not a pain at all.  :)
 
N4qAiMQ.jpgFRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Posted Image
 
 

#6 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 06 January 2014 - 04:32 AM

Hi Jeff, firstly, I noticed an error in my last report to you; in the last paragraph I typed "it goes through the same Recover - Fail scenario as Internet Explorer", I meant "it goes through the same Recover - Fail scenario as Yahoo".

 

Secondly, so that I could report to you the exact terminology used, I went through the process whilst typing my report. When I finished and closed the browser, my computer instantly rebooted it self! Once rebooted, this message was on my desk top

"The system has recovered from a serious error. A log of this error has been created. Please tell Microsoft about this problem."

I clicked on the 'show info' buttons and it gave me the following -

BCCode : 10000050     BCP1 : 8C35A85F     BCP2 : 00000000     BCP3 : BF85A83A
BCP4 : 00000000     OSVer : 5_1_2600     SP : 3_0     Product : 768_1
technical information about the error report
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER91ea.dir00\Mini010314-01.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER91ea.dir00\sysdata.xml
 
- just in case it means something to you.
 
Following are Scan reports from FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by Owner (administrator) on OWNER-3FC151321 on 06-01-2014 10:06:05
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(In-System Design, Inc.) C:\WINDOWS\tppaldr.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Samsung) C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20065384 2011-12-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [TPP Auto Loader] - C:\WINDOWS\tppaldr.exe [118784 2001-10-05] (In-System Design, Inc.)
HKLM\...\Run: [Conime] - C:\WINDOWS\system32\conime.exe [27648 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [WINDVDPatch] - C:\WINDOWS\system32\CTHELPER.EXE [40960 2002-02-07] (Creative Technology Ltd)
HKLM\...\Run: [Jet Detection] - C:\Program Files\Creative\SBLive\Program\ADGJDet.exe [28672 2001-10-04] ()
HKLM\...\Run: [CTStartup] - C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe [28672 2001-12-20] (Creative Technology Ltd.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-10] (RealNetworks, Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-24] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [] 
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-05-25] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
ShortcutTarget: Microsoft Office OneNote 2003 Quick Launch.lnk -> C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
ShortcutTarget: NCProTray.lnk -> C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://uk.yahoo.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (RealDownloader) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
 
========================== Services (Whitelisted) =================
 
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-06-14] ()
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-03] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-24] (AVAST Software)
R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-12] (Advanced Micro Devices)
R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-24] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-24] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-24] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-24] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-24] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-24] ()
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [991656 2002-03-22] (Creative Technology Ltd)
S3 MagicTune; C:\Windows\System32\drivers\MTiCtwl.sys [13396 2005-10-21] ()
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 NCPro; C:\Windows\system32\drivers\MTictwl.sys [13396 2005-10-21] ()
R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [62688 2012-10-23] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
R1 pctgntdi; C:\WINDOWS\system32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools)
S3 pctplsm; C:\WINDOWS\system32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools)
R2 PfModNT; C:\WINDOWS\system32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.)
S3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
U3 TlntSvr; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-06 10:05 - 2014-01-06 10:05 - 00000000 ____D C:\FRST
2014-01-03 23:33 - 2014-01-03 23:32 - 00094208 _____ C:\WINDOWS\Minidump\Mini010314-01.dmp
2014-01-03 20:04 - 2014-01-03 20:06 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Sherlock Holmes
2013-12-31 21:11 - 2013-12-31 21:13 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Skyfall 2012
2013-12-29 22:54 - 2013-12-29 22:54 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Buses
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\_OTL
2013-12-22 16:24 - 2014-01-05 23:40 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2013-12-22 16:24 - 2013-12-22 16:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-12-22 16:14 - 2013-12-22 16:14 - 00000000 ____D C:\Program Files\Combined Community Codec Pack
2013-12-22 16:14 - 2013-12-22 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
2013-12-21 22:53 - 2013-12-29 22:55 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Femi
2013-12-21 20:20 - 2013-12-21 20:20 - 00001446 _____ C:\WINDOWS\COM+.log
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2013-12-21 20:07 - 2013-12-21 20:15 - 00007514 _____ C:\WINDOWS\bitssetup.log
2013-12-21 20:06 - 2013-12-21 20:07 - 00000558 _____ C:\WINDOWS\Windows Update.log
2013-12-21 19:59 - 2013-12-21 20:19 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-21 19:58 - 2013-12-21 19:58 - 00000000 ____D C:\RegBackup
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Program Files\Tweaking.com
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Tweaking.com
2013-12-19 21:42 - 2013-12-19 21:42 - 05045639 _____ C:\Documents and Settings\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-12-19 08:59 - 2014-01-05 11:43 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\SHOP FINANCES
2013-12-17 21:26 - 2013-12-17 21:26 - 00000044 _____ C:\Documents and Settings\Owner\Press
2013-12-17 21:26 - 2013-12-17 21:26 - 00000000 _____ C:\Documents and Settings\Owner\and
2013-12-16 22:52 - 2013-12-16 22:52 - 00000000 ____D C:\Program Files\ESET
2013-12-15 22:41 - 2013-12-15 22:41 - 00013048 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-15 22:41 - 2013-12-15 22:41 - 00005309 _____ C:\WINDOWS\KB2904266.log
2013-12-15 22:41 - 2013-12-15 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 22:41 - 2013-12-15 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-15 22:38 - 2013-12-15 22:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-15 22:38 - 2013-12-15 22:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-15 22:38 - 2013-12-15 22:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-15 13:05 - 2013-12-15 22:41 - 00010466 _____ C:\WINDOWS\KB2898715.log
2013-12-15 13:04 - 2013-12-15 22:38 - 00010055 _____ C:\WINDOWS\KB2893984.log
2013-12-12 20:42 - 2013-12-15 22:39 - 00011936 _____ C:\WINDOWS\KB2893294.log
2013-12-12 20:42 - 2013-12-15 22:38 - 00011281 _____ C:\WINDOWS\KB2892075.log
2013-12-10 23:16 - 2013-12-10 23:16 - 00015988 _____ C:\ComboFix.txt
2013-12-10 23:08 - 2013-12-10 23:08 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-10 22:55 - 2013-12-10 22:55 - 00000000 _RSHD C:\cmdcons
 
==================== One Month Modified Files and Folders =======
 
2014-01-06 10:05 - 2014-01-06 10:05 - 00000000 ____D C:\FRST
2014-01-06 09:47 - 2013-05-23 11:42 - 00393216 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-06 09:33 - 2013-05-25 19:06 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-06 09:26 - 2013-11-16 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-01-06 09:21 - 2013-05-23 12:12 - 00509828 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-06 09:18 - 2013-05-23 11:23 - 01841185 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-06 09:17 - 2013-06-23 20:41 - 00000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
2014-01-06 09:17 - 2013-06-23 20:41 - 00000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
2014-01-06 09:17 - 2013-05-25 19:06 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-06 09:17 - 2013-05-23 12:14 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-06 09:16 - 2013-06-23 20:45 - 00000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
2014-01-06 09:16 - 2013-06-14 17:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kodak
2014-01-06 09:16 - 2013-05-25 19:06 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-06 09:16 - 2013-05-23 12:14 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-06 09:16 - 2013-05-23 11:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-05 23:42 - 2013-06-28 21:43 - 00000024 _____ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
2014-01-05 23:42 - 2013-06-28 21:43 - 00000024 _____ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
2014-01-05 23:42 - 2013-05-25 19:32 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2014-01-05 23:42 - 2013-05-25 19:32 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2014-01-05 23:42 - 2013-05-23 11:35 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2014-01-05 23:42 - 2013-05-23 11:30 - 00032432 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-05 23:40 - 2013-12-22 16:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2014-01-05 22:52 - 2013-05-23 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2014-01-05 16:33 - 2013-05-23 12:11 - 00650163 _____ C:\WINDOWS\setupapi.log
2014-01-05 12:21 - 2013-05-23 11:21 - 00044796 _____ C:\WINDOWS\wmsetup.log
2014-01-05 11:44 - 2013-05-23 13:53 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Adobe
2014-01-05 11:43 - 2013-12-19 08:59 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\SHOP FINANCES
2014-01-05 11:26 - 2013-06-23 20:45 - 00000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
2014-01-03 23:39 - 2013-11-18 14:09 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\New Folder
2014-01-03 23:33 - 2013-06-13 22:48 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-03 23:32 - 2014-01-03 23:33 - 00094208 _____ C:\WINDOWS\Minidump\Mini010314-01.dmp
2014-01-03 23:32 - 2013-11-07 21:23 - 00554985 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2014-01-03 20:25 - 2013-05-25 19:54 - 00025600 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-03 20:06 - 2014-01-03 20:04 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Sherlock Holmes
2014-01-03 18:39 - 2013-05-25 19:48 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\987615-02-13
2014-01-02 23:22 - 2013-06-23 20:45 - 00000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
2014-01-02 18:31 - 2008-04-14 12:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-31 21:13 - 2013-12-31 21:11 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Skyfall 2012
2013-12-31 20:53 - 2013-06-16 18:55 - 00000326 _____ C:\Documents and Settings\Owner\My Documents\x.txt
2013-12-29 22:55 - 2013-12-21 22:53 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Femi
2013-12-29 22:54 - 2013-12-29 22:54 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Buses
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\_OTL
2013-12-29 21:30 - 2013-05-23 12:11 - 00185500 _____ C:\WINDOWS\setupact.log
2013-12-29 13:17 - 2013-06-15 21:45 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\100OLYMP
2013-12-29 10:44 - 2013-05-26 21:12 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\BitComet
2013-12-28 19:42 - 2013-11-08 23:33 - 00000438 _____ C:\Documents and Settings\Owner\Desktop\films.txt
2013-12-25 12:39 - 2013-07-07 23:39 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-12-23 19:13 - 2013-05-25 19:08 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-22 16:24 - 2013-12-22 16:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-12-22 16:23 - 2013-05-25 19:44 - 00000000 ____D C:\Program Files\VideoLAN
2013-12-22 16:14 - 2013-12-22 16:14 - 00000000 ____D C:\Program Files\Combined Community Codec Pack
2013-12-22 16:14 - 2013-12-22 16:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
2013-12-21 20:22 - 2013-05-23 11:42 - 00048400 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-21 20:21 - 2013-05-23 12:11 - 00215264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-21 20:20 - 2013-12-21 20:20 - 00001446 _____ C:\WINDOWS\COM+.log
2013-12-21 20:20 - 2013-06-16 16:46 - 00048400 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-12-21 20:19 - 2013-12-21 19:59 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-21 20:16 - 2013-05-23 11:21 - 00000000 ____D C:\WINDOWS\Registration
2013-12-21 20:15 - 2013-12-21 20:07 - 00007514 _____ C:\WINDOWS\bitssetup.log
2013-12-21 20:13 - 2013-12-21 20:13 - 00000000 ____D C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2013-12-21 20:13 - 2013-05-23 11:30 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-21 20:13 - 2013-05-23 11:24 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-12-21 20:13 - 2013-05-23 11:24 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-12-21 20:07 - 2013-12-21 20:06 - 00000558 _____ C:\WINDOWS\Windows Update.log
2013-12-21 19:58 - 2013-12-21 19:58 - 00000000 ____D C:\RegBackup
2013-12-21 19:58 - 2013-05-23 12:04 - 00000000 ____D C:\WINDOWS\repair
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Program Files\Tweaking.com
2013-12-21 18:58 - 2013-12-21 18:58 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Tweaking.com
2013-12-19 21:42 - 2013-12-19 21:42 - 05045639 _____ C:\Documents and Settings\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2013-12-18 18:58 - 2013-05-23 13:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2013-12-17 21:26 - 2013-12-17 21:26 - 00000044 _____ C:\Documents and Settings\Owner\Press
2013-12-17 21:26 - 2013-12-17 21:26 - 00000000 _____ C:\Documents and Settings\Owner\and
2013-12-17 21:26 - 2013-05-23 11:35 - 00000000 ____D C:\Documents and Settings\Owner
2013-12-16 22:52 - 2013-12-16 22:52 - 00000000 ____D C:\Program Files\ESET
2013-12-15 22:41 - 2013-12-15 22:41 - 00013048 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-15 22:41 - 2013-12-15 22:41 - 00005309 _____ C:\WINDOWS\KB2904266.log
2013-12-15 22:41 - 2013-12-15 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-15 22:41 - 2013-12-15 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-15 22:41 - 2013-12-15 13:05 - 00010466 _____ C:\WINDOWS\KB2898715.log
2013-12-15 22:41 - 2013-07-15 22:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-15 22:41 - 2013-05-23 13:45 - 00018934 _____ C:\WINDOWS\system32\TZLog.log
2013-12-15 22:41 - 2013-05-23 13:43 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-15 22:41 - 2013-05-23 13:35 - 00085293 _____ C:\WINDOWS\updspapi.log
2013-12-15 22:41 - 2013-05-23 12:12 - 01074997 _____ C:\WINDOWS\FaxSetup.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00523157 _____ C:\WINDOWS\ocgen.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00414719 _____ C:\WINDOWS\tsoc.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00368875 _____ C:\WINDOWS\comsetup.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00221924 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00170724 _____ C:\WINDOWS\iis6.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00059709 _____ C:\WINDOWS\ocmsn.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00054019 _____ C:\WINDOWS\msgsocm.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-15 22:41 - 2013-05-23 12:12 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-15 22:39 - 2013-12-12 20:42 - 00011936 _____ C:\WINDOWS\KB2893294.log
2013-12-15 22:39 - 2013-05-23 13:40 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-15 22:38 - 2013-12-15 22:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-15 22:38 - 2013-12-15 22:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-15 22:38 - 2013-12-15 22:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-15 22:38 - 2013-12-15 13:04 - 00010055 _____ C:\WINDOWS\KB2893984.log
2013-12-15 22:38 - 2013-12-12 20:42 - 00011281 _____ C:\WINDOWS\KB2892075.log
2013-12-15 20:40 - 2013-07-08 21:22 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2013-12-15 20:40 - 2013-05-23 13:53 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-15 20:40 - 2013-05-23 13:53 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 23:39 - 2013-05-23 11:26 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-10 23:16 - 2013-12-10 23:16 - 00015988 _____ C:\ComboFix.txt
2013-12-10 23:16 - 2013-12-03 19:42 - 00000000 ____D C:\Qoobox
2013-12-10 23:12 - 2008-04-14 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-10 23:11 - 2008-04-14 12:00 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_461
2013-12-10 23:09 - 2013-05-23 12:11 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-10 23:09 - 2013-05-23 12:11 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-12-10 23:09 - 2013-05-23 12:09 - 29360128 _____ C:\WINDOWS\system32\config\software.bak
2013-12-10 23:09 - 2013-05-23 12:09 - 05505024 _____ C:\WINDOWS\system32\config\system.bak
2013-12-10 23:09 - 2013-05-23 12:09 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-12-10 23:08 - 2013-12-10 23:08 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-10 23:08 - 2013-12-10 23:08 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-10 23:08 - 2013-12-03 19:42 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-10 22:55 - 2013-12-10 22:55 - 00000000 _RSHD C:\cmdcons
2013-12-10 22:55 - 2013-05-23 12:10 - 00000339 __RSH C:\boot.ini
2013-12-10 22:27 - 2013-12-03 19:37 - 05153140 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by Owner at 2014-01-06 10:06:52
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
AdFender (Version: 1.75 - AdFender, Inc.)
Adobe Acrobat 5.0 (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
aioscnnr (Version: 6.0.2.0 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
AMD Processor Driver (Version: 1.3.2.0053 - AMD)
ATI - Software Uninstall Utility (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (Version: 2.009.0203.2227 - )
ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
avast! Free Antivirus (Version: 9.0.2008 - Avast Software)
Browser Guard 4.0 (Version: 4.0.0.1884 - PC Tools)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0203.2228.40314 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0203.2228.40314 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0203.2228.40314 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0203.2228.40314 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2009.0203.2228.40314 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2009.0203.2228.40314 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Czech (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Danish (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Dutch (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help English (Version: 2009.0203.2227.40314 - ATI) Hidden
CCC Help Finnish (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help French (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help German (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Greek (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Italian (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Japanese (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Korean (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Polish (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Russian (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Spanish (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Swedish (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Thai (Version: 2008.0610.2144.37024 - ATI) Hidden
CCC Help Turkish (Version: 2008.0610.2144.37024 - ATI) Hidden
ccc-core-preinstall (Version: 2009.0203.2228.40314 - ATI) Hidden
ccc-core-static (Version: 2009.0203.2228.40314 - ATI) Hidden
ccc-utility (Version: 2009.0203.2228.40314 - ATI) Hidden
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Combined Community Codec Pack 2013-11-27 (Version: 2013.11.27.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
eMule (Version:  - )
ESET Online Scanner v3 (Version:  - )
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (Version: 7.7.6.0 - Eastman Kodak Company)
LightScribe  1.4.39.1 (Version: 1.4.39.1 - Integrator) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office OneNote 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.10.1129.0 - Microsoft Corporation)
Natural Color Pro (Version: 1.00.0000 - )
Nero Suite (Version:  - )
Notepad++ (Version: 6.4.5 - Notepad++ Team)
PC Tools Spyware Doctor 9.1 (Version: 9.1 - PC Tools)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
QuarkXPress Passport 5.0 (Version: 5.00.0000 - Quark Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.3 - RealNetworks)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 5.10.0.6526 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skins (Version: 2009.0203.2228.40314 - ATI) Hidden
Sound Blaster Live! (Version:  - )
TPP Storage Driver Installation (Version:  - )
Tweaking.com - Windows Repair (All in One) (Version: 2.1.0 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
USB Storage Adapter (TPP) (Version:  - )
USB Storage Adapter V2 (TPP) (Version:  - )
USB Storage Adapter V3 (TPP) (Version:  - )
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinRAR archiver (Version:  - )
 
==================== Restore Points  =========================
 
08-10-2013 17:19:07 Software Distribution Service 3.0
09-10-2013 17:29:36 System Checkpoint
09-10-2013 21:26:30 Software Distribution Service 3.0
10-10-2013 21:26:51 Software Distribution Service 3.0
11-10-2013 02:00:15 Software Distribution Service 3.0
12-10-2013 20:24:03 Software Distribution Service 3.0
13-10-2013 00:54:42 Software Distribution Service 3.0
13-10-2013 02:00:15 Software Distribution Service 3.0
13-10-2013 20:25:23 Software Distribution Service 3.0
15-10-2013 19:21:55 Software Distribution Service 3.0
16-10-2013 20:52:14 Software Distribution Service 3.0
17-10-2013 21:20:04 Software Distribution Service 3.0
19-10-2013 17:46:14 Software Distribution Service 3.0
21-10-2013 17:30:39 Software Distribution Service 3.0
22-10-2013 18:14:01 Software Distribution Service 3.0
23-10-2013 18:39:26 Software Distribution Service 3.0
24-10-2013 18:49:39 Software Distribution Service 3.0
25-10-2013 19:18:04 Software Distribution Service 3.0
26-10-2013 19:51:32 Software Distribution Service 3.0
27-10-2013 23:28:57 System Checkpoint
28-10-2013 16:29:34 Software Distribution Service 3.0
29-10-2013 19:43:14 Software Distribution Service 3.0
30-10-2013 19:58:09 Software Distribution Service 3.0
31-10-2013 22:18:42 Software Distribution Service 3.0
02-11-2013 20:34:24 Software Distribution Service 3.0
04-11-2013 19:36:34 Software Distribution Service 3.0
06-11-2013 08:29:15 Software Distribution Service 3.0
07-11-2013 19:30:08 Software Distribution Service 3.0
08-11-2013 20:16:37 Software Distribution Service 3.0
10-11-2013 09:56:19 Software Distribution Service 3.0
11-11-2013 19:12:35 Software Distribution Service 3.0
13-11-2013 19:47:43 Software Distribution Service 3.0
15-11-2013 17:40:40 Software Distribution Service 3.0
16-11-2013 03:00:21 Software Distribution Service 3.0
16-11-2013 03:14:11 Software Distribution Service 3.0
17-11-2013 10:07:14 Software Distribution Service 3.0
18-11-2013 14:27:39 System Checkpoint
19-11-2013 18:49:01 System Checkpoint
20-11-2013 18:40:16 Software Distribution Service 3.0
21-11-2013 21:28:13 System Checkpoint
22-11-2013 18:49:59 Software Distribution Service 3.0
23-11-2013 19:16:41 System Checkpoint
24-11-2013 10:41:21 Software Distribution Service 3.0
24-11-2013 11:37:23 avast! antivirus system restore point
25-11-2013 11:41:07 System Checkpoint
25-11-2013 11:53:10 Software Distribution Service 3.0
27-11-2013 08:25:46 Software Distribution Service 3.0
28-11-2013 21:48:46 Software Distribution Service 3.0
01-12-2013 11:53:02 Software Distribution Service 3.0
02-12-2013 17:44:54 Software Distribution Service 3.0
04-12-2013 18:26:48 Software Distribution Service 3.0
05-12-2013 18:51:27 Software Distribution Service 3.0
09-12-2013 18:27:56 Software Distribution Service 3.0
10-12-2013 19:16:49 Software Distribution Service 3.0
12-12-2013 21:10:13 Software Distribution Service 3.0
14-12-2013 19:29:09 Software Distribution Service 3.0
15-12-2013 20:36:20 System Checkpoint
15-12-2013 22:36:14 Software Distribution Service 3.0
16-12-2013 18:20:26 Software Distribution Service 3.0
17-12-2013 18:46:27 Software Distribution Service 3.0
18-12-2013 19:09:35 Software Distribution Service 3.0
19-12-2013 19:10:36 Software Distribution Service 3.0
20-12-2013 20:45:31 Software Distribution Service 3.0
21-12-2013 18:57:11 before tweak 21-12-13
21-12-2013 19:58:09 Tweaking.com - Windows Repair
22-12-2013 01:48:17 Software Distribution Service 3.0
23-12-2013 18:41:55 Software Distribution Service 3.0
25-12-2013 10:32:14 Software Distribution Service 3.0
26-12-2013 19:01:07 Software Distribution Service 3.0
26-12-2013 19:29:20 Software Distribution Service 3.0
27-12-2013 23:58:44 System Checkpoint
28-12-2013 16:58:44 Software Distribution Service 3.0
29-12-2013 01:46:28 Software Distribution Service 3.0
29-12-2013 17:01:34 Software Distribution Service 3.0
30-12-2013 17:58:37 Software Distribution Service 3.0
01-01-2014 10:52:36 Software Distribution Service 3.0
02-01-2014 18:43:32 Software Distribution Service 3.0
03-01-2014 23:45:24 Software Distribution Service 3.0
05-01-2014 11:37:30 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2008-04-14 12:00 - 2013-12-29 21:39 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-06 09:19 - 2014-01-05 23:12 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010501\algo.dll
2013-11-07 21:37 - 2012-10-23 17:40 - 00109688 _____ () C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
2013-11-24 11:38 - 2013-11-24 11:38 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-23 11:40 - 2013-05-23 11:40 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/03/2014 11:02:07 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
Error: (01/03/2014 11:02:05 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/03/2014 11:01:06 PM) (Source: Application Error) (User: )
Description: Fault bucket -435079742.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (01/03/2014 10:58:43 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x00012b8a.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (01/03/2014 10:52:27 PM) (Source: Application Error) (User: )
Description: Fault bucket -435079742.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (01/03/2014 10:52:25 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x00012b8a.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (01/03/2014 10:52:16 PM) (Source: Application Error) (User: )
Description: Fault bucket -435079742.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (01/03/2014 10:52:12 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x00012b8a.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (01/03/2014 10:52:05 PM) (Source: Application Error) (User: )
Description: Fault bucket -435079742.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (01/03/2014 10:52:02 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msvcr110.dll, version 11.0.51106.1, fault address 0x00012b8a.
Processing media-specific event for [iexplore.exe!ws!]
 
 
System errors:
=============
Error: (01/06/2014 09:16:39 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/05/2014 11:25:22 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/04/2014 09:39:41 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/03/2014 11:34:57 PM) (Source: System Error) (User: )
Description: Error code 10000050, parameter1 8c35a85f, parameter2 00000000, parameter3 bf85a83a, parameter4 00000000.
 
Error: (01/03/2014 06:25:24 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/02/2014 06:31:58 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/01/2014 10:40:13 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/31/2013 09:09:54 PM) (Source: 0) (User: )
Description: \Device\CdRom0
 
Error: (12/31/2013 04:44:25 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/30/2013 05:46:34 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address B8975A3C4138 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
 
Microsoft Office Sessions:
=========================
Error: (01/03/2014 11:02:07 PM) (Source: Application Hang)(User: )
Description: 1180947459
 
Error: (01/03/2014 11:02:05 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (01/03/2014 11:01:06 PM) (Source: Application Error)(User: )
Description: -435079742
 
Error: (01/03/2014 10:58:43 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msvcr110.dll11.0.51106.100012b8a
 
Error: (01/03/2014 10:52:27 PM) (Source: Application Error)(User: )
Description: -435079742
 
Error: (01/03/2014 10:52:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msvcr110.dll11.0.51106.100012b8a
 
Error: (01/03/2014 10:52:16 PM) (Source: Application Error)(User: )
Description: -435079742
 
Error: (01/03/2014 10:52:12 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msvcr110.dll11.0.51106.100012b8a
 
Error: (01/03/2014 10:52:05 PM) (Source: Application Error)(User: )
Description: -435079742
 
Error: (01/03/2014 10:52:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msvcr110.dll11.0.51106.100012b8a
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 1791.23 MB
Available physical RAM: 1163.66 MB
Total Pagefile: 3684.26 MB
Available Pagefile: 3091.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.08 GB) (Free:107.08 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:38.28 GB) (Free:36.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: ECBCF48C)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 38 GB) (Disk ID: CD1118F5)
Partition 1: (Active) - (Size=38 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thanks as usual.


#7 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 07 January 2014 - 07:01 AM

Hi,
 
Let's do this.....let's uninstall Internet Explorer 8 and reinstall it.
 
Please visit the page found here and follow the instructions >> Reinstall Internet Explorer in Windows 7, Windows Vista and Windows XP
 
You will need to download a copy of Internet Explorer 8 (to your Desktop or anywhere you can find it) and then uninstall Internet Explorer 8 from your system.  The instructions cover this but I wanted you to be sure about what you are doing.  :)  If you have any questions ask and when you get it finished, let me know if that improved IE.


Posted Image
 
 

#8 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 09 January 2014 - 02:53 PM

Hi Jeff. As you suggested, I've uninstalled and reinstalled Internet Explorer 8 and it seems to have solved the problem. It did also remove some of the functionality to Windows (Volume Controll in my System Tray was no longer available, example), but I seem to have been able to recapture these by reloading them from my original Windows XP disk.

 

Thanks again for all your hard work, you've done a great job :clap:



#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 09 January 2014 - 06:40 PM

Fantastic!!  Glad to hear it.  :)

 

Are there any other malware related problems that you are experiencing??


Posted Image
 
 

#10 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 10 January 2014 - 05:06 PM

Hi Jeff, sorry for false hope - the same problems with Internet Explorer: same result when using yahoo search engine - recovered, recovered, stopped trying. Sometimes back button needs two or three clicks before it will function. At the bottom of some (but not all) News Item screens, the comments won't load.

 

NB, I've tried all these functions in Google Chrome/Yahoo and they all work smoothly.

 

When I first uninstalled and re-installed Explorer 8 these problems seemed cured. Next I reloaded Accessories and Utilities, Indexing Service, Management and Monitoring Tools, Networking Services, Other Network File and Print Services, Update Root Certificates and Windows Media Player - via Control Panel/Add or Remove Programs/Add/Remove Windows Components - as these seemed to be effected/missing after the uninstall/re-install process.

 

Oh! And Bazaar - Yahoo wouldn't recognise my email ID for about an hour tonight (I have 3 Yahoo email accounts, the other 2 were working fine). I sent a message through the Help service describing the situation, thought I'd try signing in one last time and I got in no problem (Definitely NO typo's!), haven't experienced that before. Once in, I changed my password just in case.

 

Still not a pain???


    Advertisements

Register to Remove


#11 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 11 January 2014 - 11:29 AM

Ok.....give me a new OTL log and see if we can find what is doing this....  


Posted Image
 
 

#12 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 January 2014 - 05:08 AM

Hi Jeff, thanks for keeping with this. Below is the OTL scan log. I didn't know if I should or not but I put a tick in the check-box beside LOP and Purity Check's.

 

OTL logfile created on: 13/01/2014 10:55:28 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.75 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 62.74% Memory free
3.60 Gb Paging File | 3.04 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 106.71 Gb Free Space | 35.80% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 36.82 Gb Free Space | 96.20% Space Free | Partition Type: NTFS
Drive E: | 392.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: OWNER-3FC151321 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\defs\14011202\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\089a13b51a9c17442eff954e2d2ebc6c\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\9c94aafee5b7205371940212c4055d3d\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\5a136875748781cac5f84520b9046e56\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\ebe1cb191c8906f3d161cfaef676a309\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\c43b49d65e0cc0113880b6b3f95d2314\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\be693a87b798c9317dd9a70638f94618\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\0a6fe7786e48b51759b8e18dc3060b8c\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\67f02c1e223d14f00fb51694068b08f4\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.EKAiO2SDKLib\ea614f74eb722c113b5cc0e7b496aa8a\Interop.EKAiO2SDKLib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3321.40317__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3321.40399__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3321.40301__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3321.40319__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3321.40400__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3321.40363__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3321.40378__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3321.40308__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3321.40357__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3321.40318__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3321.40308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3321.40422__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3321.40417__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3321.40346__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3321.40372__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3321.40345__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3321.40362__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3321.40310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3321.40320__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3321.40343__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3321.40324__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3321.40344__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3321.40354__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3321.40355__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3294.18759__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3321.40387__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3321.40431__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3321.40314__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3321.40393__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3321.40391__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3321.40300__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3321.40409__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3321.40297__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3321.40305__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3321.40299__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3321.40298__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3321.40298__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3321.40297__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3321.40392__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (pctplsm) -- C:\WINDOWS\system32\drivers\pctplsm.sys (PC Tools)
DRV - (PCTSD) -- C:\WINDOWS\system32\drivers\PCTSD.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTBD) -- C:\WINDOWS\system32\drivers\PCTBD.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (amdide) -- C:\WINDOWS\system32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NCPro) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTictwl.sys ()
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\CTAC32K.SYS (Creative Technology Ltd)
DRV - (sfman) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\PfModNT.SYS (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9EFB316C-E6AC-470D-8EF1-4860D61AEA97}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9EFB316C-E6AC-470D-8EF1-4860D61AEA97}: "URL" = http://www.google.co...1I7SAVV_enGB540
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/10 18:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013/11/07 21:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/10 18:24:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/12/29 21:39:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\Program\ADGJDet.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe (In-System Design, Inc.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Owner\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1369314406283 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1369320571843 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6053F85-E4E6-423E-A872-BD18370BA919}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/23 11:24:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/05/27 00:00:00 | 000,000,124 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/12 19:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2014/01/12 19:24:49 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/01/12 19:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
[2014/01/12 19:23:51 | 000,046,080 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escimgd.dll
[2014/01/12 19:23:51 | 000,029,696 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll
[2014/01/12 19:23:51 | 000,022,016 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\esccmd.dll
[2014/01/12 19:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2014/01/11 20:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\KODAK AiO Home Center805943914
[2014/01/09 18:13:10 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2014/01/09 18:13:10 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2014/01/09 18:13:10 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2014/01/09 18:13:09 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2014/01/09 18:13:09 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2014/01/09 18:13:09 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2014/01/09 18:13:09 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2014/01/09 18:13:09 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2014/01/09 18:13:09 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2014/01/09 18:13:08 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2014/01/09 18:13:08 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2014/01/09 18:13:08 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2014/01/09 18:13:08 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2014/01/09 18:13:08 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2014/01/09 18:13:08 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2014/01/09 18:13:07 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2014/01/09 18:13:07 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2014/01/09 18:13:07 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2014/01/09 18:13:07 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2014/01/09 18:13:06 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2014/01/09 18:13:06 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2014/01/09 18:13:06 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2014/01/09 18:13:05 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2014/01/09 18:13:05 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2014/01/09 18:13:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2014/01/09 18:13:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2014/01/09 18:12:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/09 18:12:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/09 18:12:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2014/01/09 18:12:50 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2014/01/09 18:12:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2014/01/09 18:12:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2014/01/09 18:12:50 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2014/01/09 18:12:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2014/01/09 18:12:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2014/01/09 18:12:50 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2014/01/09 18:12:49 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2014/01/09 18:12:49 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2014/01/09 18:12:39 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2014/01/09 18:12:39 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2014/01/09 18:12:39 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2014/01/09 18:12:39 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2014/01/09 18:12:38 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2014/01/09 18:12:38 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2014/01/09 18:12:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2014/01/09 18:12:37 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2014/01/09 18:12:37 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2014/01/09 18:12:37 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2014/01/09 18:12:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2014/01/09 18:12:36 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2014/01/09 18:12:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2014/01/09 18:12:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2014/01/09 18:12:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simptcp.dll
[2014/01/09 18:12:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2014/01/09 18:12:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2014/01/09 18:12:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2014/01/09 18:12:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2014/01/09 18:12:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2014/01/09 18:11:50 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2014/01/08 20:00:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/01/08 19:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\UpdaterEX
[2014/01/08 19:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.android
[2014/01/08 19:53:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\cache
[2014/01/08 19:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\newnext.me
[2014/01/08 19:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\genienext
[2014/01/08 19:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Mobogenie
[2014/01/08 19:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mobogenie
[2014/01/08 19:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/06 10:05:59 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/06 09:47:06 | 001,064,805 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014/01/03 20:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Sherlock Holmes
[2013/12/31 21:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Skyfall 2012
[2013/12/29 22:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Buses
[2013/12/29 21:39:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/22 16:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2013/12/22 16:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/12/22 16:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2013/12/22 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2013/12/21 22:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Femi
[2013/12/21 20:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/12/21 19:59:51 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/21 19:58:24 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/12/21 18:58:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Tweaking.com
[2013/12/21 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/12/19 08:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SHOP FINANCES
[2013/12/19 08:59:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/16 22:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/25 19:52:12 | 000,021,866 | ---- | C] (In-System Design, Inc.) -- C:\Program Files\Common Files\tppupd2k.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/13 10:55:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/01/13 10:42:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/13 10:37:20 | 000,433,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/13 10:37:19 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/13 10:34:09 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 10:33:35 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2014/01/13 10:33:29 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/01/13 10:33:25 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2014/01/13 10:32:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/13 10:32:59 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2014/01/13 10:32:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/13 01:29:39 | 000,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2014/01/13 01:29:39 | 000,024,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2014/01/13 01:29:39 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2014/01/13 01:29:39 | 000,016,420 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000005-00001102-00000002-80641102}.rfx
[2014/01/13 01:29:39 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/01/13 01:29:39 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/01/13 01:29:39 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2014/01/13 01:29:39 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2014/01/12 23:22:03 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2014/01/12 19:23:56 | 000,557,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2014/01/12 19:23:53 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2014/01/10 18:34:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/09 18:14:19 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/09 18:13:15 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/01/09 18:04:18 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/01/09 18:04:18 | 000,410,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/01/09 18:04:18 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/01/09 18:04:18 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/01/09 18:04:17 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/01/09 18:04:17 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/01/09 18:04:16 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/01/09 18:04:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/01/08 20:10:26 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1292428093-1580818891-1801674531-1003.job
[2014/01/08 20:10:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/06 09:47:19 | 001,064,805 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014/01/03 20:25:51 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/29 21:39:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/12/25 12:39:45 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/12/23 19:13:43 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/23 19:13:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/21 20:21:51 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/21 20:19:15 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/12/21 20:13:35 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/12/21 20:13:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/12/19 21:42:36 | 005,045,639 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/12/17 21:26:48 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\Owner\Press
[2013/12/17 21:26:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\and
[2013/12/15 20:40:02 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/15 20:40:01 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/01/12 19:23:53 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2014/01/09 19:55:05 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2014/01/09 18:13:15 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2014/01/09 18:13:15 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk
[2014/01/09 18:12:42 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2014/01/09 18:12:42 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2014/01/09 18:12:41 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2014/01/09 18:12:41 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2014/01/09 18:12:41 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2014/01/09 18:12:41 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2014/01/09 18:12:41 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2014/01/09 18:12:41 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2014/01/09 18:12:41 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2014/01/09 18:12:41 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2014/01/09 18:12:41 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2014/01/09 18:12:35 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2014/01/09 18:12:34 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2014/01/09 18:12:34 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2014/01/09 18:12:34 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2014/01/09 18:12:34 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2014/01/09 18:12:34 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2014/01/09 18:12:34 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2014/01/09 18:12:34 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2014/01/09 18:12:34 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2014/01/09 18:12:33 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2014/01/09 18:12:33 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2014/01/09 18:12:33 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2014/01/09 18:12:33 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2014/01/09 18:12:33 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2014/01/09 18:12:33 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2014/01/09 18:12:33 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2014/01/09 18:12:32 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2014/01/08 19:55:10 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/12/19 21:42:20 | 005,045,639 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/12/17 21:26:48 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Owner\Press
[2013/12/17 21:26:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\and
[2013/12/03 20:26:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/12/03 20:26:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/12/03 20:26:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/12/03 20:26:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/12/03 20:26:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/11/07 21:37:25 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2013/07/28 11:00:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/07/07 23:39:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2013/06/28 21:43:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2013/06/28 21:43:25 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000005-00001102-00000002-80641102}.dat
[2013/06/28 17:51:58 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2013/06/28 17:51:55 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2013/06/28 17:51:18 | 000,034,914 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2013/06/28 17:51:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2013/06/28 17:51:15 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2013/06/28 17:51:14 | 000,163,933 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2013/06/28 17:51:14 | 000,112,387 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2013/06/28 17:51:14 | 000,112,287 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2013/06/28 17:51:14 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2013/06/28 17:51:10 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2013/06/28 17:51:09 | 000,176,128 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2013/06/28 17:51:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2013/06/28 17:51:08 | 000,000,166 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2013/06/28 17:51:03 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2013/05/25 19:54:26 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/25 19:18:13 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2013/05/25 19:06:27 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/05/25 19:06:26 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/25 18:22:47 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2013/05/23 13:32:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/05/23 12:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/05/23 12:11:09 | 000,215,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/23 11:49:26 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/23 11:48:24 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2013/05/23 11:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/05/23 11:37:53 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013/05/23 11:25:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/05/23 11:21:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/24 12:31:08 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini
 
========== ZeroAccess Check ==========
 
[2013/05/23 11:38:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = c:\windows\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/27 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\782f7c59d7d0d60
[2013/06/12 17:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdFender
[2013/11/24 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/11/03 14:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DownloAdd okeeeper
[2013/10/27 17:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2014/01/13 10:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/14 18:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/10/27 17:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinterSoft
[2013/11/24 11:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2013/12/29 10:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitComet
[2014/01/12 19:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2013/06/28 17:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2014/01/13 10:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\newnext.me
[2013/09/03 17:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2013/06/28 16:52:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\RPPrivate
[2013/06/14 17:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Temp
[2013/11/07 21:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2014/01/08 19:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\UpdaterEX
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
 
< End of report >
 
Thanks as always.


#13 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 15 January 2014 - 12:30 PM

Hi,

 

Have not forgotten....just having a bit of trouble finding anything I maybe overlooked.  :)


Posted Image
 
 

#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 17 January 2014 - 01:04 PM

I am not seeing any malware in the logs that are being made, which is good, but obviously there is still something wrong.  You might try to post a new topic into the Windows forum here at What the Tech and see what the techs there have to say.  They are very good and you will be in great hands.  When you post the new topic, be sure to post a link to what we have done here and explain exactly what is going on with your system.  :)  


Posted Image
 
 

#15 wotanidiot

wotanidiot

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 18 January 2014 - 06:52 AM

OK thanks Jeff, I'll do that over the next couple of days.


Related Topics




Also tagged with one or more of these keywords: malware infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users