Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow running desktop. Please help me to sort it out. [Solved]


  • This topic is locked This topic is locked
40 replies to this topic

#1 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 12 September 2014 - 06:13 AM

HI. I am running XP from my desktop and despite adding more Ram, another 512mb making 2g now, and repartitioning the C drive to give it more needed space it is running slower than before. It also keeps freezing and I get not responding messages often in IE and Mozzilla. I have done a scan disk and defragmented the C drive. I have run Malware antimalware scan whch found no threats so not sure if it is that. If this is not the right forum please can you redirect me. DDs logs below and attached. Thank you in advance for any help. Sue.

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by home at 12:46:44.35 on 12/09/2014
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.67.2
Microsoft Windows XP Home Edition  5.1.2600.3.1252.44.1033.18.2048.1166 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\home\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://shell.windows.com/fileassoc/0409/xml/redir.asp?Ext=DAT
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DriverUpdate] "c:\program files\driverupdate\DriverUpdate.exe" -boot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: ebay.co.uk\www
Trusted Zone: Sony-europe.com
Trusted Zone: Sonystyle-europe.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxps://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277842996358
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277845074437
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\7kmptneb.default-1408266975906\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-8-21 206520]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-2-24 37352]
R1 RapportCerberus_80049;RapportCerberus_80049;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80049.sys [2014-9-2 433240]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-8-21 251928]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-8-21 332792]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-2-24 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-2-24 430160]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-2-24 97648]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-4-29 24328]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-8-21 1919256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-18 23256]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-3-28 175232]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-7-14 141392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-7-26 860472]
S3 ampa;ampa;c:\windows\system32\ampa.sys [2014-8-24 12656]
S3 Imx5123;Imx5123;c:\windows\system32\drivers\Imx5123.sys [2013-7-30 79232]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-3-29 807917]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2010-12-13 618112]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-8-8 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-14 257712]
S4 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2014-8-19 361904]
S4 HsdService;HsdService;"c:\program files\virgin media\digital home support\hsdservice.exe" --> c:\program files\virgin media\digital home support\HsdService.exe [?]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-7-26 1809720]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 119408]
S4 ServicepointService;ServicepointService;"c:\program files\virgin media\service manager\servicepointservice.exe" --> c:\program files\virgin media\service manager\ServicepointService.exe [?]
.
=============== Created Last 30 ================
.
2014-09-05 12:33:51 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-09-05 12:33:10 -------- dc----w- c:\documents and settings\all users\Trusteer
2014-09-05 12:33:09 -------- d-----w- c:\windows\system32\Trusteer
2014-09-05 12:33:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-09-05 11:45:38 -------- d-----w- c:\program files\DriverUpdate
2014-08-25 10:09:13 -------- d-----w- c:\program files\V Stuff Backup
2014-08-25 10:08:54 -------- d-----w- c:\program files\35168026c4df6cfcf2e06eb27cb7
2014-08-25 10:08:05 -------- d-----w- c:\program files\Advent
2014-08-25 10:06:42 -------- d-----w- c:\program files\Coupon Printer
2014-08-25 09:57:09 -------- d-----w- c:\program files\My Music
2014-08-25 09:55:48 -------- d-----w- c:\program files\epson
2014-08-25 09:53:50 -------- d-----w- c:\program files\0c38697bf01e02505c191eed2e
2014-08-24 14:20:50 1024 -c-h--w- C:\AMTAG.BIN
2014-08-24 14:20:18 1567856 ----a-w- c:\windows\ampa.exe
2014-08-24 14:20:18 12656 ----a-w- c:\windows\system32\ampa.sys
2014-08-24 14:20:06 -------- d-----w- c:\program files\AOMEI Partition Assistant Standard Edition 5.5
2014-08-23 11:00:15 -------- d-----w- c:\program files\ACD Systems
2014-08-23 10:52:33 -------- dc----w- C:\ACD Systems
2014-08-21 15:03:38 206520 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-08-19 10:15:17 715038 ----a-w- c:\program files\unins000.exe
2014-08-19 10:15:16 2395400 ----a-w- c:\program files\cpuz.exe
2014-08-14 14:38:27 -------- d-----w- c:\docume~1\home\locals~1\applic~1\PCHealth
.
==================== Find3M  ====================
.
2014-09-11 11:53:49 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-11 11:53:48 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-15 09:50:20 596464 ----a-r- c:\windows\system32\cpnprtukwin32.cid
.
============= FINISH: 12:52:47.71 ===============
 

Attached Files


Edited by sooty4, 12 September 2014 - 06:25 AM.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 September 2014 - 08:07 PM

Hi sooty4,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

Important information regarding Windows XP

Microsoft has stopped offering support for Windows XP beginning on April 8, 2014

If you are running Windows XP, please take the time to read the information provided at these links.=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 13 September 2014 - 05:11 AM

Thank you OCD for your prompt response and help. The information you requested is below.  Had difficulty attaching the dat file as an error kept coming up saying no file selected so not sure if you got that. I have updated the Adobe flash player and I only defragmented the C drive last week. Sue.

 Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Avira Free Antivirus   
 Avira     
 ESET Online Scanner v3  
 Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
  Adobe Flash Player  11.9.900.170 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

 

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-13 11:35:51
-----------------------------
11:35:51.968    OS Version: Windows 5.1.2600 Service Pack 3
11:35:51.968    Number of processors: 1 586 0x102
11:35:51.984    ComputerName: YOUR-0XV8V0OEAP  UserName: home
11:35:52.687    Initialize success
11:35:52.843    VM: initialized successfully
11:35:52.906    VM: Intel CPU virtualization not supported
11:38:30.203    AVAST engine defs: 14091300
11:38:45.765    The log file has been saved successfully to "C:\Documents and Settings\home\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-13 11:56:05
-----------------------------
11:56:05.562    OS Version: Windows 5.1.2600 Service Pack 3
11:56:05.562    Number of processors: 1 586 0x102
11:56:05.562    ComputerName: YOUR-0XV8V0OEAP  UserName: home
11:56:05.937    Initialize success
11:56:05.937    VM: initialized successfully
11:56:05.953    VM: Intel CPU virtualization not supported
11:57:21.984    AVAST engine defs: 14091300
11:58:05.062    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:58:05.062    Disk 0 Vendor: ST340810A 5.38 Size: 38166MB BusType: 3
11:58:05.062    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:58:05.078    Disk 1 Vendor: Maxtor_6Y080P0 YAR41BW0 Size: 78167MB BusType: 3
11:58:05.078    Disk 2  \Device\Harddisk2\DR5 -> \Device\00000065
11:58:05.078    Disk 2 Vendor: Sony 0000 Size: 78167MB BusType: 0
11:58:05.234    Disk 0 MBR read successfully
11:58:05.234    Disk 0 MBR scan
11:58:05.250    Disk 0 Windows XP default MBR code
11:58:05.250    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        33439 MB offset 63
11:58:05.250    Disk 0 unknown boot code
11:58:05.265    Disk 0 Partition - 00     0F Extended LBA              4718 MB offset 68492701
11:58:05.312    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS         4718 MB offset 68492764
11:58:05.328    Scan finished successfully
11:58:56.578    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\home\Desktop\MBR.dat"
11:58:56.593    The log file has been saved successfully to "C:\Documents and Settings\home\Desktop\aswMBR.txt"

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by home (administrator) on YOUR-0XV8V0OEAP on 13-09-2014 11:41:08
Running from C:\Documents and Settings\home\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-3244783744-2621537104-1815002781-1005\...\Run: [Google Update**.d<*>] => "C:\Documents and Settings\home\Local Settings\Application Data\Google\Desktop\Install\{ddf32af7-cb56-24de-0bab-feab1b5137ae}\d'x"Ù"\", &h#\. ùû[\{ddf32af7-cb56-24de-0bab-feab1b5137ae}\GoogleUpdate.e (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-3244783744-2621537104-1815002781-1005\...\Run: [DriverUpdate] => C:\Program Files\DriverUpdate\DriverUpdate.exe [25868608 2014-08-28] (SlimWare Utilities, Inc.)
ShellIconOverlayIdentifiers: SKIcoBackuped -> {7E5951A0-8683-432A-9483-5F43168D6A8C} => C:\Program Files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll (F-Secure)
ShellIconOverlayIdentifiers: SKIcoSelected -> {15054241-49B4-4FA6-B4C7-A0071F118110} => C:\Program Files\VirginMedia\V Stuff Backup\AGSIconOverlay.dll (F-Secure)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x00FA86ABF555CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} https://us.dl1.yimg....nst20040510.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277842996358
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\7kmptneb.default-1408266975906
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Virgin Media\Service Manager\nprpspa.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-02]

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Advent AIO Network Discovery Service; C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe [361904 2011-10-14] (DSGi)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
S4 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [65536 2001-09-28] (Sony Corporation) [File not signed]
S4 HsdService; "C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe" [X]
S4 ServicepointService; "C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-08] (Oak Technology Inc.)
S3 ampa; C:\WINDOWS\system32\ampa.sys [12656 2013-12-18] ()
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2002-03-30] (Windows ® 2000 DDK provider) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
S3 Imx5123; C:\WINDOWS\System32\drivers\Imx5123.sys [79232 2004-10-28] (Inmax Technology Corp.)
S3 LucentSoftModem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [807917 2002-03-29] (Lucent Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PAC207; C:\WINDOWS\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [16288 2002-02-27] (VERITAS Software, Inc.) [File not signed]
R1 RapportCerberus_80049; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [433240 2014-09-02] () [File not signed]
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251928 2014-08-21] (IBM Corp.) [File not signed]
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [206520 2014-08-21] (IBM Corp.) [File not signed]
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332792 2014-08-21] (IBM Corp.) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [45312 2001-12-31] (Realtek Semiconductor Corporation)
R3 SiS7012; C:\WINDOWS\System32\drivers\sis7012.sys [175232 2002-03-28] (Silicon Integrated Systems Corporation)
R3 SONYWBMS; C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS [30650 2002-02-24] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-02-24] (Avira GmbH)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-09-13] ()
S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\home\LOCALS~1\Temp\catchme.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 aswMBR; \??\C:\DOCUME~1\home\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\home\LOCALS~1\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 11:41 - 2014-09-13 11:42 - 00013618 _____ () C:\Documents and Settings\home\Desktop\FRST.txt
2014-09-13 11:40 - 2014-09-13 11:41 - 00000000 ___DC () C:\FRST
2014-09-13 11:38 - 2014-09-13 11:38 - 00000601 _____ () C:\Documents and Settings\home\Desktop\aswMBR.txt
2014-09-13 11:27 - 2014-09-13 11:27 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-13 10:58 - 2014-09-13 10:58 - 01097728 _____ (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe
2014-09-13 10:56 - 2014-09-13 10:56 - 05185536 _____ (AVAST Software) C:\Documents and Settings\home\Desktop\aswMBR.exe
2014-09-13 10:56 - 2014-09-13 10:56 - 00854417 _____ () C:\Documents and Settings\home\Desktop\SecurityCheck.exe
2014-09-12 12:45 - 2014-09-12 12:45 - 00625664 _____ () C:\Documents and Settings\home\Desktop\dds.scr
2014-09-05 13:37 - 2014-09-05 13:37 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Oracle
2014-09-05 13:34 - 2014-09-05 13:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-05 13:33 - 2014-09-05 13:33 - 00000000 ___DC () C:\Documents and Settings\All Users\Trusteer
2014-09-05 13:33 - 2014-09-05 13:33 - 00000000 ____D () C:\WINDOWS\system32\Trusteer
2014-09-05 13:33 - 2014-09-05 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-09-05 13:33 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-09-05 13:33 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-09-05 13:33 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-09-05 13:33 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-09-05 13:33 - 2014-07-25 12:26 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-09-05 13:32 - 2014-09-05 13:33 - 00005606 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-09-05 12:57 - 2014-09-05 12:57 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-05 12:46 - 2014-09-12 12:46 - 00000446 _____ () C:\WINDOWS\Tasks\DriverUpdate Scan.job
2014-09-05 12:45 - 2014-09-05 12:45 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-25 11:09 - 2014-08-25 11:09 - 00000000 ____D () C:\Program Files\V Stuff Backup
2014-08-25 11:08 - 2014-08-25 11:08 - 00000000 ____D () C:\Program Files\Advent
2014-08-25 11:08 - 2014-08-25 11:08 - 00000000 ____D () C:\Program Files\35168026c4df6cfcf2e06eb27cb7
2014-08-25 11:06 - 2014-08-25 11:06 - 00000000 ____D () C:\Program Files\Coupon Printer
2014-08-25 10:57 - 2014-08-25 10:58 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-08-25 10:55 - 2014-08-25 10:56 - 00000000 ____D () C:\Program Files\epson
2014-08-25 10:53 - 2014-08-25 10:53 - 00000000 ____D () C:\Program Files\0c38697bf01e02505c191eed2e
2014-08-24 15:20 - 2014-08-24 15:47 - 00001024 ___HC () C:\AMTAG.BIN
2014-08-24 15:20 - 2014-08-24 15:44 - 00000000 ____D () C:\Program Files\AOMEI Partition Assistant Standard Edition 5.5
2014-08-24 15:20 - 2014-08-24 15:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 5.5
2014-08-24 15:20 - 2014-08-07 10:26 - 01567856 _____ () C:\WINDOWS\ampa.exe
2014-08-24 15:20 - 2013-12-18 11:33 - 00012656 _____ () C:\WINDOWS\system32\ampa.sys
2014-08-23 12:00 - 2014-08-23 12:01 - 00000000 ____D () C:\Program Files\ACD Systems
2014-08-23 11:52 - 2014-08-23 11:52 - 00000000 ___DC () C:\ACD Systems
2014-08-21 16:03 - 2014-08-21 16:03 - 00206520 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-08-19 11:15 - 2012-04-29 13:26 - 00011090 _____ () C:\Program Files\unins000.dat
2014-08-19 11:15 - 2012-04-29 13:25 - 00715038 _____ () C:\Program Files\unins000.exe
2014-08-19 11:15 - 2012-04-23 11:24 - 02395400 _____ (CPUID) C:\Program Files\cpuz.exe
2014-08-19 11:15 - 2012-04-23 11:09 - 00019588 _____ () C:\Program Files\cpuz_readme.txt
2014-08-19 11:15 - 2010-12-15 18:51 - 00007646 _____ () C:\Program Files\cpuz_eula.txt
2014-08-19 11:15 - 2010-06-24 17:37 - 00000197 _____ () C:\Program Files\cpuz.ini
2014-08-14 18:52 - 2014-08-14 18:52 - 00000279 ____C () C:\Shortcut to VAIO (D).lnk
2014-08-14 15:38 - 2014-08-14 15:38 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\PCHealth

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 11:42 - 2014-09-13 11:41 - 00013618 _____ () C:\Documents and Settings\home\Desktop\FRST.txt
2014-09-13 11:42 - 2013-09-20 16:16 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\temp
2014-09-13 11:41 - 2014-09-13 11:40 - 00000000 ___DC () C:\FRST
2014-09-13 11:38 - 2014-09-13 11:38 - 00000601 _____ () C:\Documents and Settings\home\Desktop\aswMBR.txt
2014-09-13 11:27 - 2014-09-13 11:27 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-13 11:27 - 2013-08-08 13:16 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-09-13 11:27 - 2011-03-09 14:16 - 00816223 _____ () C:\WINDOWS\setupapi.log
2014-09-13 11:27 - 2010-06-29 21:23 - 01857745 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-13 11:26 - 2004-10-29 16:50 - 00087970 ____C () C:\WINDOWS\system32\nvapps.xml
2014-09-13 11:26 - 2002-03-29 18:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-13 11:25 - 2014-04-19 19:31 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-13 11:25 - 2002-03-30 02:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-13 11:25 - 2002-03-29 18:11 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-13 11:24 - 2010-06-20 16:21 - 00000178 ___SH () C:\Documents and Settings\home\ntuser.ini
2014-09-13 11:24 - 2010-06-20 16:21 - 00000000 ____D () C:\Documents and Settings\home
2014-09-13 11:24 - 2002-03-30 02:19 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-13 10:58 - 2014-09-13 10:58 - 01097728 _____ (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe
2014-09-13 10:56 - 2014-09-13 10:56 - 05185536 _____ (AVAST Software) C:\Documents and Settings\home\Desktop\aswMBR.exe
2014-09-13 10:56 - 2014-09-13 10:56 - 00854417 _____ () C:\Documents and Settings\home\Desktop\SecurityCheck.exe
2014-09-13 10:53 - 2012-10-27 16:55 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-12 12:46 - 2014-09-05 12:46 - 00000446 _____ () C:\WINDOWS\Tasks\DriverUpdate Scan.job
2014-09-12 12:45 - 2014-09-12 12:45 - 00625664 _____ () C:\Documents and Settings\home\Desktop\dds.scr
2014-09-12 11:37 - 2010-07-23 14:43 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
2014-09-11 13:36 - 2011-04-01 15:42 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-09-11 13:25 - 2014-07-26 12:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 13:17 - 2010-06-20 16:17 - 00007159 _____ () C:\WINDOWS\setupact.log
2014-09-11 12:53 - 2012-07-14 20:44 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-11 12:53 - 2011-06-09 15:08 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-11 10:34 - 2002-03-29 17:00 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-10 11:37 - 2013-08-15 12:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 11:31 - 2010-06-29 21:41 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-09 12:18 - 2002-03-29 18:08 - 00566980 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-09 09:28 - 2014-04-19 19:31 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-06 07:42 - 2002-03-30 02:40 - 00000000 ____D () C:\WINDOWS\nview
2014-09-05 13:37 - 2014-09-05 13:37 - 00000000 ____D () C:\Documents and Settings\home\Application Data\Oracle
2014-09-05 13:34 - 2014-09-05 13:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-05 13:33 - 2014-09-05 13:33 - 00000000 ___DC () C:\Documents and Settings\All Users\Trusteer
2014-09-05 13:33 - 2014-09-05 13:33 - 00000000 ____D () C:\WINDOWS\system32\Trusteer
2014-09-05 13:33 - 2014-09-05 13:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-09-05 13:33 - 2014-09-05 13:32 - 00005606 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-09-05 13:33 - 2011-03-21 19:40 - 00000000 ____D () C:\Program Files\Java
2014-09-05 12:57 - 2014-09-05 12:57 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-09-05 12:45 - 2014-09-05 12:45 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-09-02 08:37 - 2013-09-18 18:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-08-25 11:09 - 2014-08-25 11:09 - 00000000 ____D () C:\Program Files\V Stuff Backup
2014-08-25 11:08 - 2014-08-25 11:08 - 00000000 ____D () C:\Program Files\Advent
2014-08-25 11:08 - 2014-08-25 11:08 - 00000000 ____D () C:\Program Files\35168026c4df6cfcf2e06eb27cb7
2014-08-25 11:06 - 2014-08-25 11:06 - 00000000 ____D () C:\Program Files\Coupon Printer
2014-08-25 10:58 - 2014-08-25 10:57 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-08-25 10:56 - 2014-08-25 10:55 - 00000000 ____D () C:\Program Files\epson
2014-08-25 10:53 - 2014-08-25 10:53 - 00000000 ____D () C:\Program Files\0c38697bf01e02505c191eed2e
2014-08-24 15:47 - 2014-08-24 15:20 - 00001024 ___HC () C:\AMTAG.BIN
2014-08-24 15:44 - 2014-08-24 15:20 - 00000000 ____D () C:\Program Files\AOMEI Partition Assistant Standard Edition 5.5
2014-08-24 15:20 - 2014-08-24 15:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 5.5
2014-08-23 12:02 - 2010-08-23 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ACD Systems
2014-08-23 12:01 - 2014-08-23 12:00 - 00000000 ____D () C:\Program Files\ACD Systems
2014-08-23 11:52 - 2014-08-23 11:52 - 00000000 ___DC () C:\ACD Systems
2014-08-21 16:03 - 2014-08-21 16:03 - 00206520 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-08-20 12:41 - 2014-08-12 15:01 - 00065648 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-20 11:08 - 2002-03-29 17:01 - 00000327 __SHC () C:\boot.ini
2014-08-20 11:08 - 2002-03-29 17:00 - 00000597 _____ () C:\WINDOWS\win.ini
2014-08-20 11:08 - 2002-03-29 17:00 - 00000227 ____C () C:\WINDOWS\system.ini
2014-08-14 18:52 - 2014-08-14 18:52 - 00000279 ____C () C:\Shortcut to VAIO (D).lnk
2014-08-14 16:44 - 2011-08-11 15:09 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-14 15:38 - 2014-08-14 15:38 - 00000000 ____D () C:\Documents and Settings\home\Local Settings\Application Data\PCHealth
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Documents and Settings\All Users\USMT2IMG.DAT

Some content of TEMP:
====================
C:\Documents and Settings\home\Local Settings\temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by home at 2014-09-13 11:43:33
Running from C:\Documents and Settings\home\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee for PENTAX (HKLM\...\{EED5156C-4BA8-4105-A506-DB9D00F8B68D}) (Version: 5.1.0 - ACD Systems Ltd)
AdC4USelfUpdater (Version: 1.00.0000 - Advent) Hidden
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
ADVENT AIO Printer (HKLM\...\{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}) (Version: 1.3.3.10 - Advent)
Advent AIO Printer (Version: 1.0.6.2 - DSGi) Hidden
Advent Essentials (Version: 1.0.0.0 - DSGi) Hidden
aioscnnr (Version: 1.0.6.0 - DSGi) Hidden
AOMEI Partition Assistant Standard Edition 5.5 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
ArcSoft WebCam Companion 3 (HKLM\...\{B3236C7B-455E-4CDB-B3E1-7A2190B054BC}) (Version: 3.0.33.183 - ArcSoft)
Avira (HKLM\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Backup & Storage v2.3.1.37683 (HKLM\...\{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1) (Version: 2.3.1.37683 - VirginMedia)
Coupon Printer (HKLM\...\Coupon Printer2.2.0.1) (Version: 2.2.0.1 - Coupons.com Inc.)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DigitalPrint 1.1 (HKLM\...\{E2069DE3-5924-4766-A385-CDA273885A31}) (Version:  - )
DriverUpdate (HKLM\...\{F7FBA125-E6E5-4D4F-A165-D094C10B0523}) (Version: 2.2.40819 - SlimWare Utilities, Inc.)
DVgate (HKLM\...\{29F61465-428A-11D4-B646-00C04F790F76}) (Version:  - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
hp instant support (HKLM\...\hp instant support) (Version: 5.0.2.4.asst_classic.asst_install - Motive Communications, Inc.)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000 - Hewlett-Packard Company) Hidden
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lucent Technologies Soft Modem AMR (HKLM\...\Lucent Technologies Soft Modem) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motion JPEG Software Decoder (HKLM\...\Motion JPEG Software Decoder) (Version:  - )
MovieShaker 3.3 (HKLM\...\{D4A49B00-02F8-11D5-B64D-00C04F790F76}) (Version:  - )
Mozilla Firefox 31.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Music Visualizer Library 1.2 (HKLM\...\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Online Registration (Version: 4.1 - Sony Information Technology Europe) Hidden
OpenMG Limited Patch 3.0.01-02-01-18-01 (HKLM\...\OpenMG HotFix3.0.01-02-01-18-01) (Version:  - )
OpenMG Secure Module 3.0.01 (HKLM\...\{A228A09C-4826-42E0-A3D8-95B2BAAB5049}) (Version:  - )
PC Camer@ (HKLM\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Aecotech)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PreReq (Version: 6.0.5.2 - Eastman Kodak Company) Hidden
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Radialpoint Security Advisor 2.5.19 (Version: 2.5.19 - Radialpoint SafeCare Inc.) Hidden
Rapport (Version: 3.5.1403.78 - Trusteer) Hidden
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
RealProducer Basic 8.5 (HKLM\...\RealProducer 8.5) (Version:  - )
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SonicStage 1.1.00 (HKLM\...\{E535DC62-56D6-11D5-8AE3-00105A7276CD}) (Version:  - )
SonicStage CD-R Writing Module (HKLM\...\{F3CB4DC0-4FC0-11D5-9254-0000F460E7A9}) (Version:  - )
Sony DV Shared Library (HKLM\...\{6990A2BF-D1D2-11D3-81BC-00609789C908}) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1403.78 - Trusteer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VAIO Action Setup (HKLM\...\{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}) (Version:  - )
VAIO Brezza Wallpaper (HKLM\...\{ACEC9C3E-0100-4EBE-B298-35A2145828A0}) (Version:  - )
VAIO Clock Screen Saver (HKLM\...\{2B9FBAE1-5016-4F14-B452-E6874A3C1284}) (Version:  - )
VAIO Grid Wallpaper (HKLM\...\{21CF3E6E-1659-433E-B6CE-165D793560DA}) (Version:  - )
VAIO Online Registration (HKLM\...\InstallShield_{C64AA545-4301-45C6-B6D0-ED831A19A3A4}) (Version: 4.1 - Sony Information Technology Europe)
VAIO Serenus Wallpaper (HKLM\...\{802EF464-4992-42B3-8434-45151AD3C933}) (Version:  - )
VAIO System Information (HKLM\...\{2366D960-F00F-11D3-99D3-00C04FCCB775}) (Version:  - )
VAIO Web Phone (HKLM\...\{764FBCE2-1593-11D4-A51F-0800460222F0}) (Version:  - )
Virgin Media Digital Home Support 2.1.27 (HKLM\...\RadialpointHomeSecurityDashboard_is1) (Version: 2.1.27 - Virgin Media)
Virgin Media Service Manager 3.7.47 (HKLM\...\RadialpointClientGateway_is1) (Version: 3.7.47 - Virgin Media)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

09-09-2014 11:01:50 Software Distribution Service 3.0
10-09-2014 10:30:32 Software Distribution Service 3.0
11-09-2014 13:09:32 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-03-29 17:00 - 2013-09-18 11:52 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2006-10-22 12:22 - 2006-10-22 12:22 - 00212992 _____ () C:\WINDOWS\system32\nvapi.dll
2002-03-29 07:42 - 2006-10-22 12:22 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2014-08-12 12:55 - 2014-07-14 16:49 - 00049744 _____ () C:\Documents and Settings\home\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\USMT2IMG.DAT:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\All Users\USMT2IMG.DAT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk => C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk => C:\WINDOWS\pss\VAIO Action Setup (Server).lnkCommon Startup
MSCONFIG\startupreg: ADAiO2StatusMonitor => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: Backup & Storage => "C:\Program Files\VirginMedia\V Stuff Backup\Backup & Storage.exe"
MSCONFIG\startupreg: BluetoothAuthenticationAgent => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
MSCONFIG\startupreg: Camera Detector => C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DHSClient.exe => "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
MSCONFIG\startupreg: DriverUpdate => "C:\Program Files\DriverUpdate\DriverUpdate.exe" -boot
MSCONFIG\startupreg: DWQueuedReporting => "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
MSCONFIG\startupreg: EPSON Stylus C66 Series => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2S1.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
MSCONFIG\startupreg: LTSMMSG => LTSMMSG.exe
MSCONFIG\startupreg: Monitor => C:\WINDOWS\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: PAC207_Monitor => C:\WINDOWS\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: ServiceManager.exe => "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Multiport Communications Port (COM4)
Description: Multiport Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial
Problem: : Windows cannot determine the settings for this device. Consult the documentation that came with this device and use the Resource tab to set the configuration. (Code 34)
Resolution: The device requires manual configuration. See the hardware documentation or contact the hardware vendor for instructions on manually configuring the device. After you configure the device itself, you can use the "Resources" tab in Device Manager to configure the resource settings in Windows.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 10:40:23 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21326, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/08/2014 10:38:54 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (09/08/2014 10:38:54 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21326, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21326, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ServiceModelService 4.0.0.0 (ServiceModelService 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21326, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ServiceModelOperation 4.0.0.0 (ServiceModelOperation 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21326, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (09/08/2014 10:38:52 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service ServiceModelEndpoint 4.0.0.0 (ServiceModelEndpoint 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

System errors:
=============
Error: (09/13/2014 11:28:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SharedAccess service terminated with the following error:
%%1055

Error: (09/13/2014 11:28:13 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1055" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD8-2166-11D1-B1D0-00805FC1270E}

Error: (09/13/2014 11:26:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira Service Host service to connect.

Error: (09/13/2014 10:06:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira Service Host service to connect.

Error: (09/12/2014 10:26:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira Service Host service to connect.

Error: (09/11/2014 00:53:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IMAPI CD-Burning COM Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/11/2014 00:50:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira Service Host service to connect.

Error: (09/11/2014 10:38:21 AM) (Source: DCOM) (EventID: 10005) (User: YOUR-0XV8V0OEAP)
Description: DCOM got error "%%1055" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/11/2014 10:38:21 AM) (Source: DCOM) (EventID: 10005) (User: YOUR-0XV8V0OEAP)
Description: DCOM got error "%%1055" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/11/2014 10:35:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Avira Service Host service to connect.

Microsoft Office Sessions:
=========================
Error: (09/08/2014 10:40:23 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 21326

Error: (09/08/2014 10:38:54 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.0

Error: (09/08/2014 10:38:54 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 21326

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: SMSvcHost 4.0.0.0SMSvcHost 4.0.0.0

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 21326

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ServiceModelService 4.0.0.0ServiceModelService 4.0.0.0

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 21326

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ServiceModelOperation 4.0.0.0ServiceModelOperation 4.0.0.0

Error: (09/08/2014 10:38:53 AM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: 21326

Error: (09/08/2014 10:38:52 AM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ServiceModelEndpoint 4.0.0.0ServiceModelEndpoint 4.0.0.0

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 1.80GHz
Percentage of memory in use: 25%
Total physical RAM: 2047.53 MB
Available physical RAM: 1535.38 MB
Total Pagefile: 3897.99 MB
Available Pagefile: 3373.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.83 MB

==================== Drives ================================

Drive c: (VAIO) (Fixed) (Total:32.66 GB) (Free:11.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (VAIO) (Fixed) (Total:4.61 GB) (Free:4.55 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:76.32 GB) (Free:76.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 1AAC1AAC)
Partition 1: (Active) - (Size=32.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.6 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 76.3 GB) (Disk ID: F4AEF4AE)
Partition 1: (Active) - (Size=76.3 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

==================== End Of Log ============================

 


Edited by sooty4, 13 September 2014 - 05:35 AM.


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 September 2014 - 08:45 AM

Hi sooty4,
 

Had difficulty attaching the dat file as an error kept coming up saying no file selected so not sure if you got that.

That's fine, just keep the file, do not delete it.
 

I have updated the Adobe flash player and I only defragmented the C drive last week.


Please don't take any steps unless I ask you to do so. We will get to all program updates as we go along. :thumbup:

Kindly don't use "bold" text when making your replies, it makes reading the logs harder on the eyes.

Have you run ComboFix recently?
Did you do a System Restore on September 13, 2014?

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-3244783744-2621537104-1815002781-1005\...\Run: [Google Update**.d<*>] => "C:\Documents and Settings\home\Local Settings\Application Data\Google\Desktop\Install\{ddf32af7-cb56-24de-0bab-feab1b5137ae}\d'x"Ù"\", &h#\. ùû[\{ddf32af7-cb56-24de-0bab-feab1b5137ae}\GoogleUpdate.e (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Empty Temp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • Answers to my questions

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 13 September 2014 - 11:39 AM

Hi OCD. Sorry about the text, its just what it was set at.  Hope this is better. No I haven't run combofix or done a system restore for about two years. The results of the scans you requested are below. Thanks. Sue.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by home at 2014-09-13 16:34:39 Run:1
Running from C:\Documents and Settings\home\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <====
ATTENTION!
HKU\S-1-5-21-3244783744-2621537104-1815002781-1005\...\Run: [Google Update**.d<*>] => "C:\Documents and Settings\home\Local Settings\Application Data\Google\Desktop\Install\{ddf32af7-cb56-24de-0bab-feab1b5137ae}\d'x"Ù"\", &h#\. ùû[\{ddf32af7-cb56-24de-0bab-feab1b5137ae}\GoogleUpdate.e (the data entry has 5 more characters). <===== ATTENTION (Value Name with invalid characters)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Empty Temp:
End

*****************

HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
ATTENTION! => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3244783744-2621537104-1815002781-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update**.d<*> => Value Deleted Successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
"HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
"HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => Key not found.
EmptyTemp: => Removed 2.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by home on 13/09/2014 at 17:35:34.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\home\Application Data\coupons"
Successfully deleted: [Folder] "C:\Documents and Settings\home\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\home\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Documents and Settings\home\start menu\programs\free window registry repair"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/09/2014 at 18:02:08.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v3.310 - Report created 13/09/2014 at 17:24:50
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : home - YOUR-0XV8V0OEAP
# Running from : C:\Documents and Settings\home\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer2.2.0.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer2.2.0.1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v31.0 (x86 en-GB)

[ File : C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\7kmptneb.default-1408266975906\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1457 octets] - [05/08/2014 11:55:51]
AdwCleaner[R1].txt - [1611 octets] - [13/09/2014 17:08:01]
AdwCleaner[S0].txt - [1526 octets] - [05/08/2014 12:00:41]
AdwCleaner[S1].txt - [1542 octets] - [13/09/2014 17:24:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1602 octets] ##########



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 September 2014 - 07:50 PM

Hi sooty4,

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 14 September 2014 - 04:43 AM

Hi OCD. When trying to scan it comes up with an error message which says FRST.exe has encountered a problem and needs to close. I tried a few times and it would not complete scan. The computer seems to be running faster today though. Please advise further. Thank you. Sue.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by home (administrator) on YOUR-0XV8V0OEAP on 14-09-2014 12:10:44
Running from C:\Documents and Settings\home\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SlimWare Utilities, Inc.) C:\Program Files\DriverUpdate\DriverUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
 


Edited by sooty4, 14 September 2014 - 06:09 AM.


#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 September 2014 - 08:12 AM

Hi sooty4 ,

Delete the copy of FRST currently installed on your computer, reboot then download a fresh copy of FRST and try the scan again.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 15 September 2014 - 07:14 AM

 Hi. I already tried that twice and still the same result.



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 September 2014 - 01:42 PM

Hi sooty4,

Try this tool instead.

bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt file, no need to post the Extras.txt.

=========================

In your next post please provide the following:

  • OTL.Txt
  • What symptoms are you still experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 16 September 2014 - 03:52 AM

HI. Yes that ran OK. The computer still seems slow to load sites and nearly always comes up with an error message on the left of the taskbar. 'Done but with error on page' or just the yellow triangle with error! Did you find anything in the scans at all?

 

OTL logfile created on: 16/09/2014 10:16:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\home\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.52% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.66 Gb Total Space | 13.54 Gb Free Space | 41.47% Space Free | Partition Type: NTFS
Drive D: | 4.61 Gb Total Space | 4.55 Gb Free Space | 98.83% Space Free | Partition Type: NTFS
Drive H: | 76.32 Gb Total Space | 75.01 Gb Free Space | 98.28% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0XV8V0OEAP | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (IBM Corp.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM Corp.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe File not found
SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Advent AIO Network Discovery Service) -- C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe (DSGi)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\home\LOCALS~1\Temp\catchme.sys File not found
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (RapportCerberus_80049) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (IBM Corp.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (IBM Corp.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (IBM Corp.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ampa) -- C:\WINDOWS\system32\ampa.sys ()
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Imx5123) -- C:\WINDOWS\system32\drivers\Imx5123.sys (Inmax Technology Corp.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (SiS7012) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (SONYWBMS) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 FA 86 AB F5 55 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {DE3EF10D-6691-4374-891A-4558DE379167}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DE3EF10D-6691-4374-891A-4558DE379167}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/14 10:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/14 10:49:57 | 000,000,000 | ---D | M]
 
[2011/03/06 13:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
[2014/08/17 10:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\7kmptneb.default-1408266975906\extensions
[2014/09/14 10:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/14 10:51:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestquerie...?q={searchTerms}
CHR - homepage:
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2013/09/18 11:52:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [DriverUpdate] C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ebay.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: Sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: Sonystyle-europe.com ([]* in Trusted sites)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} https://us.dl1.yimg....nst20040510.cab (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277842996358 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1277845074437 (MUWebControl Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1F7002A-61F1-480A-BDD1-8C28D64F107B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (lorer.exe) - C:\WINDOWS\explorer.) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/30 02:16:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/16 10:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
[2014/09/16 07:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/09/14 12:59:32 | 001,097,728 | ---- | C] (Farbar) -- C:\Documents and Settings\home\Desktop\FRST.exe
[2014/09/14 10:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/13 17:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/09/13 17:34:13 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\home\Desktop\JRT.exe
[2014/09/13 12:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Adobe
[2014/09/13 11:40:29 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/13 10:56:49 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Documents and Settings\home\Desktop\aswMBR.exe
[2014/09/05 13:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Oracle
[2014/09/05 13:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/09/05 13:33:51 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/09/05 13:33:51 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/09/05 13:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Trusteer
[2014/09/05 13:33:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
[2014/09/05 13:33:07 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/09/05 13:33:07 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/09/05 13:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/09/05 13:33:06 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/09/05 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/09/05 12:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2014/08/25 11:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\V Stuff Backup
[2014/08/25 11:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\35168026c4df6cfcf2e06eb27cb7
[2014/08/25 11:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Advent
[2014/08/25 11:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer
[2014/08/25 10:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/08/25 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\My Music
[2014/08/25 10:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2014/08/25 10:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\0c38697bf01e02505c191eed2e
[2014/08/24 15:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 5.5
[2014/08/24 15:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\AOMEI Partition Assistant Standard Edition 5.5
[2014/08/23 12:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2014/08/23 11:52:33 | 000,000,000 | ---D | C] -- C:\ACD Systems
[2014/08/21 16:03:38 | 000,206,520 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/08/19 11:15:16 | 002,395,400 | ---- | C] (CPUID) -- C:\Program Files\cpuz.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/16 10:14:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
[2014/09/16 09:53:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/16 07:57:54 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/09/16 07:57:34 | 000,087,970 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/09/16 07:57:06 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/16 07:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/16 07:56:51 | 2147,061,760 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 13:40:27 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
[2014/09/14 12:59:51 | 001,097,728 | ---- | M] (Farbar) -- C:\Documents and Settings\home\Desktop\FRST.exe
[2014/09/14 12:39:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/13 17:34:16 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\home\Desktop\JRT.exe
[2014/09/13 17:06:59 | 001,373,475 | ---- | M] () -- C:\Documents and Settings\home\Desktop\AdwCleaner.exe
[2014/09/13 12:28:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/09/13 12:28:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/09/13 12:01:03 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\home\Desktop\MBR.zip
[2014/09/13 11:58:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\home\Desktop\MBR.dat
[2014/09/13 10:56:57 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Documents and Settings\home\Desktop\aswMBR.exe
[2014/09/13 10:56:12 | 000,854,417 | ---- | M] () -- C:\Documents and Settings\home\Desktop\SecurityCheck.exe
[2014/09/12 12:46:06 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\DriverUpdate Scan.job
[2014/09/12 12:45:51 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\home\Desktop\dds.scr
[2014/09/11 13:25:40 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/09 12:18:25 | 000,481,002 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/09/09 12:18:25 | 000,077,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/09/09 09:28:20 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/24 15:47:52 | 000,001,024 | -H-- | M] () -- C:\AMTAG.BIN
[2014/08/21 16:03:38 | 000,206,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/08/20 11:08:29 | 000,000,327 | -HS- | M] () -- C:\boot.ini
 
========== Files Created - No Company Name ==========
 
[2014/09/13 17:06:55 | 001,373,475 | ---- | C] () -- C:\Documents and Settings\home\Desktop\AdwCleaner.exe
[2014/09/13 12:01:03 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\home\Desktop\MBR.zip
[2014/09/13 11:58:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\home\Desktop\MBR.dat
[2014/09/13 10:56:10 | 000,854,417 | ---- | C] () -- C:\Documents and Settings\home\Desktop\SecurityCheck.exe
[2014/09/12 12:45:50 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\home\Desktop\dds.scr
[2014/09/05 12:46:19 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\DriverUpdate Scan.job
[2014/08/24 15:20:50 | 000,001,024 | -H-- | C] () -- C:\AMTAG.BIN
[2014/08/24 15:20:18 | 001,567,856 | ---- | C] () -- C:\WINDOWS\ampa.exe
[2014/08/24 15:20:18 | 000,012,656 | ---- | C] () -- C:\WINDOWS\System32\ampa.sys
[2014/08/19 11:15:17 | 000,715,038 | ---- | C] () -- C:\Program Files\unins000.exe
[2014/08/19 11:15:16 | 000,011,090 | ---- | C] () -- C:\Program Files\unins000.dat
[2014/08/19 11:15:16 | 000,000,197 | ---- | C] () -- C:\Program Files\cpuz.ini
[2014/08/12 15:01:23 | 000,065,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/08/08 13:16:10 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/12/07 14:49:20 | 000,005,729 | ---- | C] () -- C:\WINDOWS\System32\EPSTP32U.DAT
[2011/09/06 19:23:36 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\home\findaproperty our street picture.jpg
[2010/07/16 13:36:22 | 1728,427,069 | ---- | C] () -- C:\Documents and Settings\All Users\USMT2IMG.DAT
[2010/06/29 14:39:18 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\FASTWiz.html
[2010/06/20 16:21:56 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/04/01 15:44:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/08/07 13:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2013/09/11 13:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ADVENT
[2011/03/06 11:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/01 15:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2012/01/22 16:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2014/08/12 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2013/08/07 09:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/07/23 14:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/07/25 13:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/05/13 13:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2012/07/06 15:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2012/10/01 14:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\ACD Systems
[2013/04/04 13:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/05/08 13:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\DriverFinder
[2011/08/11 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\ElevatedDiagnostics
[2002/03/30 20:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\InterTrust
[2014/09/05 13:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Oracle
[2013/05/13 13:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Radialpoint
[2011/07/01 13:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Temp
[2010/07/25 13:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Trusteer
[2013/05/13 13:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Virgin Media
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 18:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 11:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true >
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
========== Base Services ==========
SRV - [2008/04/14 01:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 01:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 01:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 14:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 01:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 01:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 01:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 01:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 01:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 01:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 01:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 01:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 01:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 01:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 01:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 01:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 01:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 01:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 01:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 01:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 01:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 01:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 01:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 01:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 01:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 01:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 01:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 01:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 01:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 01:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 07:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST340810A
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: Maxtor 6Y080P0
Partitions: 1
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type:
Media Type:
Model: Memory Stick Slot
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 33.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 5.00GB
Starting Offset: 35068262912
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 76.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
========== Files - Unicode (All) ==========
[2013/09/19 08:45:11 | 098,323,654 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\刭₠善6
[2013/09/19 08:45:11 | 098,323,654 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\刭₠善6
[2013/09/18 10:57:01 | 098,123,923 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\먴묞善6
[2013/09/18 10:57:01 | 098,123,923 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\먴묞善6
[2013/09/13 15:17:38 | 097,463,612 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\௶颒善6
[2013/09/13 14:17:54 | 097,463,612 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\௶颒善6
[2013/09/11 06:30:05 | 097,063,418 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᣣ᪍善6
[2013/09/11 06:30:05 | 097,063,418 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᣣ᪍善6
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\USMT2IMG.DAT:SummaryInformation

< End of report >



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 September 2014 - 10:31 PM

Hi sooty4 ,
 

The computer still seems slow to load sites and nearly always comes up with an error message on the left of the taskbar. 'Done but with error on page' or just the yellow triangle with error!

Which browser/s does this occur in?

Can you provide a screenshot?
 

Did you find anything in the scans at all?

Not really finding anything that appears to be that serious.

=========================

bullseye_zpse9eaf36e.gif Uninstall via Add/Remove Programs

  • Please go to Start > Control Panel > Add Remove Programs.
    Locate the following programs: (if present)
    • Adobe Flash Player 11.9.900.170
  • Click Remove and allow Windows to completely remove each one in turn.
  • Then reboot your computer to complete this part of the process.

=========================

bullseye_zpse9eaf36e.gif Adobe Flash Player:

Go to http://get.adobe.com...player/?no_ab=1

  • Remove the check mark from the box "Install Google Drive"
  • Click the Download button, and follow the onscreen directions to complete the installation.

Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Run OTL.exe

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    O15 - HKCU\..Trusted Domains: ebay.co.uk ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: Sony-europe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: Sonystyle-europe.com ([]* in Trusted sites)
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

=========================

In your next post please provide the following:

  • OTL fix log (if provided)
  • fresh OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 17 September 2014 - 05:06 AM

Hi. The error message is in IE. In Mozzilla I get a not responding error and then it freezes. Screenshots attached.

 

 The adobe flash player was not there probably because I updated it before. The OTL log is below. Thanks.

 

OTL logfile created on: 17/09/2014 11:32:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\home\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.18% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.66 Gb Total Space | 13.60 Gb Free Space | 41.66% Space Free | Partition Type: NTFS
Drive D: | 4.61 Gb Total Space | 4.55 Gb Free Space | 98.83% Space Free | Partition Type: NTFS
Drive H: | 76.32 Gb Total Space | 75.01 Gb Free Space | 98.28% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-0XV8V0OEAP | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (IBM Corp.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM Corp.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Documents and Settings\home\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll ()
MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe File not found
SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM Corp.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Advent AIO Network Discovery Service) -- C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe (DSGi)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\home\LOCALS~1\Temp\catchme.sys File not found
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (RapportCerberus_80049) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (IBM Corp.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (IBM Corp.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (IBM Corp.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ampa) -- C:\WINDOWS\system32\ampa.sys ()
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (Imx5123) -- C:\WINDOWS\system32\drivers\Imx5123.sys (Inmax Technology Corp.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (SiS7012) -- C:\WINDOWS\system32\drivers\sis7012.sys (Silicon Integrated Systems Corporation)
DRV - (SONYWBMS) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 FA 86 AB F5 55 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {DE3EF10D-6691-4374-891A-4558DE379167}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DE3EF10D-6691-4374-891A-4558DE379167}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/09/14 10:49:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/14 10:49:57 | 000,000,000 | ---D | M]
 
[2011/03/06 13:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
[2014/08/17 10:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\7kmptneb.default-1408266975906\extensions
[2014/09/14 10:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/14 10:51:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestquerie...?q={searchTerms}
CHR - homepage:
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2013/09/18 11:52:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [DriverUpdate] C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} https://us.dl1.yimg....nst20040510.cab (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277842996358 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1277845074437 (MUWebControl Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1F7002A-61F1-480A-BDD1-8C28D64F107B}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (lorer.exe) - C:\WINDOWS\explorer.) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/30 02:16:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/17 11:09:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/09/17 10:33:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/16 10:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
[2014/09/14 12:59:32 | 001,097,728 | ---- | C] (Farbar) -- C:\Documents and Settings\home\Desktop\FRST.exe
[2014/09/14 10:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/13 17:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/09/13 17:34:13 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\home\Desktop\JRT.exe
[2014/09/13 12:27:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Local Settings\Application Data\Adobe
[2014/09/13 11:40:29 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/13 10:56:49 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Documents and Settings\home\Desktop\aswMBR.exe
[2014/09/05 13:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\Oracle
[2014/09/05 13:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/09/05 13:33:51 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/09/05 13:33:51 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/09/05 13:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Trusteer
[2014/09/05 13:33:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
[2014/09/05 13:33:07 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/09/05 13:33:07 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/09/05 13:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/09/05 13:33:06 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/09/05 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/09/05 12:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2014/08/25 11:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\V Stuff Backup
[2014/08/25 11:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\35168026c4df6cfcf2e06eb27cb7
[2014/08/25 11:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Advent
[2014/08/25 11:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Coupon Printer
[2014/08/25 10:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2014/08/25 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\My Music
[2014/08/25 10:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2014/08/25 10:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\0c38697bf01e02505c191eed2e
[2014/08/24 15:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AOMEI Partition Assistant Standard Edition 5.5
[2014/08/24 15:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\AOMEI Partition Assistant Standard Edition 5.5
[2014/08/23 12:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2014/08/23 11:52:33 | 000,000,000 | ---D | C] -- C:\ACD Systems
[2014/08/21 16:03:38 | 000,206,520 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/08/19 11:15:16 | 002,395,400 | ---- | C] (CPUID) -- C:\Program Files\cpuz.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/17 11:27:32 | 004,718,646 | ---- | M] () -- C:\Documents and Settings\home\Desktop\screenshot2.bmp
[2014/09/17 11:23:51 | 004,718,646 | ---- | M] () -- C:\Documents and Settings\home\Desktop\screenshot.bmp
[2014/09/17 11:08:07 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/09/17 11:07:44 | 000,087,970 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2014/09/17 11:06:29 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/17 11:06:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/17 11:06:13 | 2147,061,760 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/17 10:53:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/17 08:57:22 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{05259640-3FC6-4058-8291-C66DFD0DC59C}.job
[2014/09/17 08:53:35 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/16 10:14:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.exe
[2014/09/14 12:59:51 | 001,097,728 | ---- | M] (Farbar) -- C:\Documents and Settings\home\Desktop\FRST.exe
[2014/09/13 17:34:16 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\home\Desktop\JRT.exe
[2014/09/13 17:06:59 | 001,373,475 | ---- | M] () -- C:\Documents and Settings\home\Desktop\AdwCleaner.exe
[2014/09/13 12:28:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/09/13 12:28:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/09/13 12:01:03 | 000,000,511 | ---- | M] () -- C:\Documents and Settings\home\Desktop\MBR.zip
[2014/09/13 11:58:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\home\Desktop\MBR.dat
[2014/09/13 10:56:57 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Documents and Settings\home\Desktop\aswMBR.exe
[2014/09/13 10:56:12 | 000,854,417 | ---- | M] () -- C:\Documents and Settings\home\Desktop\SecurityCheck.exe
[2014/09/12 12:46:06 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\DriverUpdate Scan.job
[2014/09/12 12:45:51 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\home\Desktop\dds.scr
[2014/09/11 13:25:40 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/09 12:18:25 | 000,481,002 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/09/09 12:18:25 | 000,077,524 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/09/09 09:28:20 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/08/24 15:47:52 | 000,001,024 | -H-- | M] () -- C:\AMTAG.BIN
[2014/08/21 16:03:38 | 000,206,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/08/20 11:08:29 | 000,000,327 | -HS- | M] () -- C:\boot.ini
 
========== Files Created - No Company Name ==========
 
[2014/09/17 11:27:31 | 004,718,646 | ---- | C] () -- C:\Documents and Settings\home\Desktop\screenshot2.bmp
[2014/09/17 11:23:50 | 004,718,646 | ---- | C] () -- C:\Documents and Settings\home\Desktop\screenshot.bmp
[2014/09/13 17:06:55 | 001,373,475 | ---- | C] () -- C:\Documents and Settings\home\Desktop\AdwCleaner.exe
[2014/09/13 12:01:03 | 000,000,511 | ---- | C] () -- C:\Documents and Settings\home\Desktop\MBR.zip
[2014/09/13 11:58:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\home\Desktop\MBR.dat
[2014/09/13 10:56:10 | 000,854,417 | ---- | C] () -- C:\Documents and Settings\home\Desktop\SecurityCheck.exe
[2014/09/12 12:45:50 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\home\Desktop\dds.scr
[2014/09/05 12:46:19 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\DriverUpdate Scan.job
[2014/08/24 15:20:50 | 000,001,024 | -H-- | C] () -- C:\AMTAG.BIN
[2014/08/24 15:20:18 | 001,567,856 | ---- | C] () -- C:\WINDOWS\ampa.exe
[2014/08/24 15:20:18 | 000,012,656 | ---- | C] () -- C:\WINDOWS\System32\ampa.sys
[2014/08/19 11:15:17 | 000,715,038 | ---- | C] () -- C:\Program Files\unins000.exe
[2014/08/19 11:15:16 | 000,011,090 | ---- | C] () -- C:\Program Files\unins000.dat
[2014/08/19 11:15:16 | 000,000,197 | ---- | C] () -- C:\Program Files\cpuz.ini
[2014/08/12 15:01:23 | 000,065,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/08/08 13:16:10 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/12/07 14:49:20 | 000,005,729 | ---- | C] () -- C:\WINDOWS\System32\EPSTP32U.DAT
[2011/09/06 19:23:36 | 000,010,257 | ---- | C] () -- C:\Documents and Settings\home\findaproperty our street picture.jpg
[2010/07/16 13:36:22 | 1728,427,069 | ---- | C] () -- C:\Documents and Settings\All Users\USMT2IMG.DAT
[2010/06/29 14:39:18 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\FASTWiz.html
[2010/06/20 16:21:56 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/04/01 15:44:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013/09/19 08:45:11 | 098,323,654 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\刭₠善6
[2013/09/19 08:45:11 | 098,323,654 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\刭₠善6
[2013/09/18 10:57:01 | 098,123,923 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\먴묞善6
[2013/09/18 10:57:01 | 098,123,923 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\먴묞善6
[2013/09/13 15:17:38 | 097,463,612 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\௶颒善6
[2013/09/13 14:17:54 | 097,463,612 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\௶颒善6
[2013/09/11 06:30:05 | 097,063,418 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᣣ᪍善6
[2013/09/11 06:30:05 | 097,063,418 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\ᣣ᪍善6
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\USMT2IMG.DAT:SummaryInformation

< End of report >

 

 



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 September 2014 - 08:27 AM

Hi sooty4,

bullseye_zpse9eaf36e.gif Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)

  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:

    • Cookies
    • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now

=========================

bullseye_zpse9eaf36e.gif Clear Browser Cache in IE9

  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button ietoolsbutton.jpg, and then expand the Safety menu, then select Delete browsing history.
  • Select the check box next to each of the following categories.
    • Temporary Internet files and website files
    • History
  • Click Delete

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • How's the computer running, any improvement?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 sooty4

sooty4

    Authentic Member

  • Authentic Member
  • PipPip
  • 86 posts

Posted 20 September 2014 - 09:43 AM

Hi. OCD. Malwarebytes found no threats. ESet found three. Reports below. Computer still same. Sorry for delay. Thanks.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/09/2014
Scan Time: 13:30:53
Logfile: malwarelog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.20.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322804
Time Elapsed: 38 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

C:\Documents and Settings\home\My Documents\Downloads\QuickTimeAlternativeQT7basedv322.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\WINDOWS\uninst.exe a variant of Win32/PCCleaners potentially unwanted application deleted - quarantined
C:\WINDOWS\system32\sasnative32.exe Win32/AdvancedSystemProtector.A potentially unwanted application deleted - quarantined
 


Edited by sooty4, 20 September 2014 - 09:46 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users