Jump to content


Photo

Problems updating / uninstalling MS Security Essentials


  • This topic is locked This topic is locked
18 replies to this topic

#1 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 06 February 2014 - 07:31 PM

Hi, 

 

I had some problems with MS Security Essentials, and wondered if something sinister was happening on my XP laptop. First an update would not install. After following a few MS guides it appeared to have worked, then  the program would not run, then I tried to uninstall it and this would not work either. I found a solution which involved running msremoval.bat and despite some more error messages it appears to have worked, and I am planning to reinstall it, but I was hoping you would cast your eyes over these log files to make sure it is safe for me to do so - 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.06.10
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cliff :: EEEPC [administrator]
 
Protection: Enabled
 
06/02/2014 23:36:12
MBAM-log-2014-02-07 (00-47-32).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269855
Time elapsed: 49 minute(s), 39 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> No action taken.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 9
C:\Documents and Settings\cliff\Local Settings\Application Data\Slick Savings (PUP.Optional.Spigot.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091 (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468 (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.
 
Files Detected: 55
C:\Documents and Settings\cliff\Local Settings\Temp\iet16C.tmp.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\ieLogic.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\e4jB.tmp_dir1376399918\user\mism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> No action taken.
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP298\A0082916.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP304\A0083167.exe (PUP.Optional.Spigot.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Application Data\Slick Savings\coupons.crx (PUP.Optional.Spigot.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\CT2504091.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\CT2504091.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\CT3220468.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\CT3220468.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\dtime.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> No action taken.
 
(end)
 
Many thanks
 
franig


#2 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 06 February 2014 - 07:32 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by  at 1:17:43 on 2014-02-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1092 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\cliff\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [Slick Savings] "c:\documents and settings\cliff\application data\slick savings\CouponsHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\cliff\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\cliff\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{42CCB349-9994-4991-B8B9-0F2C09F9509A} : DHCPNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cliff\application data\mozilla\firefox\profiles\2xqjij51.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=
FF - plugin: c:\documents and settings\cliff\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-6 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-6 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-6 22856]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-6-27 625024]
S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2013-9-2 2438696]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 X86BDA;OEM Capture;c:\windows\system32\drivers\oemdrv.sys --> c:\windows\system32\drivers\OEMDrv.sys [?]
.
=============== Created Last 30 ================
.
2014-02-06 23:31:17 -------- d-----w- c:\documents and settings\cliff\application data\Malwarebytes
2014-02-06 23:31:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-02-06 23:31:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-06 23:31:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-06 23:05:54 -------- d-----w- c:\documents and settings\all users\application data\Zemana AntiMalware
2014-02-06 22:48:04 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2014-02-04 20:45:56 16496 ----a-w- C:\FixitRegBackup.reg
2014-02-04 20:10:40 -------- d-----w- C:\MSE_tmp
2014-02-02 20:28:29 -------- d-----w- c:\documents and settings\cliff\application data\ElevatedDiagnostics
2014-02-02 20:14:49 -------- d-----w- c:\windows\SDTemp
.
==================== Find3M  ====================
.
2014-02-06 23:41:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 23:41:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-16 09:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe
.
============= FINISH:  1:18:03.65 ===============
 


#3 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 06 February 2014 - 07:33 PM

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 12.0.0.44  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox (26.0) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 


#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 06 February 2014 - 09:44 PM

Hi franig, and welcome to SWI

The first thing you should do is to install an antivirus program. If you plan on being connected to the Internet, like you are now, it's not safe to do so without an antivirus program installed and protecting you. You might find Avast! Free Antivirus a good alternative to MS Security Essentials, and it's free. Whichever you chose, you need to do that now, and then do a full system scan and clean anything found.

It looks like when you ran MBAM you my not have cleaned everything.

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Your Java version is outdated and vulnerable.
Please go to Start > Control Panel > Programs and Features, and uninstall the following:
Java 7 Update 21
 
Next, because Java has had so many vulnerabilities, if you don't have a program that requires Java, or a web site you visit that requires it, I recommend leaving it uninstalled. Your system will be more secure. If you decide to reinstall, or find that a program or website requires it, you can download the latest version from here:
http://java.com/en/download/manual.jsp
If you reinstall it because a program requires Java, you can increase your security by going to the Java Control Panel (Start > Control Panel > Java), selecting the Security tab, and Unchecking "Enable Java content in the browser".

 

Your version of Adobe Acrobat Reader is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Adobe Reader
Then go to to http://www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

 

Please post the logs from MBAM, AdwCleaner, and ESET Online Scanner, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 February 2014 - 02:12 PM

Thanks TheJoker, 

 

I've installed Avast and the scan has come back clean.

 

Here is the MBAM log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.07.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cliff :: EEEPC [administrator]
 
Protection: Enabled
 
07/02/2014 15:47:51
mbam-log-2014-02-07 (15-47-51).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | 
 
Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269966
Time elapsed: 45 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1
 
D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14
 
E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and 
 
deleted successfully.
HKCU\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 9
C:\Documents and Settings\cliff\Local Settings\Application Data\Slick Savings 
 
(PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> 
 
Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) 
 
-> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091 (PUP.Optional.Conduit.A) -> 
 
Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\xpi (PUP.Optional.Conduit.A) 
 
-> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468 (PUP.Optional.Conduit.A) -> 
 
Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) 
 
-> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\defaults 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\defaults\preferences 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 55
C:\Documents and Settings\cliff\Local Settings\Temp\iet16C.tmp.exe (PUP.Optional.Conduit) -> 
 
Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\ieLogic.exe 
 
(PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\e4jB.tmp_dir1376399918\user\mism.exe 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined 
 
and deleted successfully.
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and 
 
deleted successfully.
C:\System Volume 
 
Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP298\A0082916.exe 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume 
 
Information\_restore{47CE108E-5D7D-4625-9D5A-698840496DF7}\RP304\A0083167.exe 
 
(PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Application Data\Slick Savings\coupons.crx 
 
(PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\1.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\a.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\b.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\c.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\d.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\e.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\f.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\g.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\h.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\i.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\j.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\k.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\l.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\m.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\n.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\o.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\p.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\q.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\r.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\s.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\t.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\u.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\v.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\w.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\wlu.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\x.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\y.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Application Data\PriceGong\Data\z.txt 
 
(PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\chLogic.exe 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\CT2504091.txt 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\CT2504091.xpi 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\dtime.csf 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\ffLogic.exe 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\initData.json 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\ism.exe 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\manifest.json 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\statisticsStub.exe 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\ct2504091\xpi\install.rdf 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\conduit.xml 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\CT3220468.txt 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\CT3220468.xpi 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\dtime.csf 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\initData.json 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\manifest.json 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\version.txt 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local Settings\Temp\CT3220468\xpi\install.rdf 
 
(PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\cliff\Local 
 
Settings\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> 
 
Quarantined and deleted successfully.
 
(end)


#6 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 February 2014 - 02:58 PM

I've run into a problem with AdwCleaner, it is hanging on "Deleting folders", will this run ok in safe mode or is there another option? Thanks for your help

#7 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 February 2014 - 03:12 PM

Also noticed that security centre thinks that security essentials is still installed.

#8 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 February 2014 - 05:22 PM

adwcleaner log (uninstalled Avast which got it working!)

 

# AdwCleaner v3.018 - Report created 07/02/2014 at 22:51:42
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : cliff - EEEPC
# Running from : C:\Documents and Settings\cliff\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\cliff\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\cliff\Application Data\Mozilla\Firefox\Profiles\2xqjij51.default\ConduitCommon
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Vuze\Azureus.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v26.0 (en-GB)
 
[ File : C:\Documents and Settings\cliff\Application Data\Mozilla\Firefox\Profiles\2xqjij51.default\prefs.js ]
 
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378213491508,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=");
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3508 octets] - [07/02/2014 20:14:05]
AdwCleaner[R1].txt - [3627 octets] - [07/02/2014 20:51:12]
AdwCleaner[R2].txt - [3746 octets] - [07/02/2014 22:47:38]
AdwCleaner[S0].txt - [347 octets] - [07/02/2014 20:18:18]
AdwCleaner[S1].txt - [347 octets] - [07/02/2014 20:53:27]
AdwCleaner[S2].txt - [3570 octets] - [07/02/2014 22:51:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3630 octets] ##########


#9 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 February 2014 - 06:24 PM

eset log

 

C:\AdwCleaner\Quarantine\C\Program Files\Vuze\bunndle.zip.vir a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\spg.zip.vir probably a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe.vir Win32/Somoto.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_31_5p83tu.dll.vir a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_32_5p83tu.dll.vir a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\crt189.tmp.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\fft180.tmp.exe Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\cliff\Local Settings\Temp\utt160.tmp.exe a variant of Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\WINDOWS\Temp\vuzeToolbar.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined


#10 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 07 February 2014 - 06:29 PM

I've uninstalled java and adobe for now. 



#11 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 08 February 2014 - 12:26 AM

I've installed Avast and the scan has come back clean.

 

Excellent.
 

I've run into a problem with AdwCleaner, it is hanging on "Deleting folders", will this run ok in safe mode or is there another option? Thanks for your help

adwcleaner log (uninstalled Avast which got it working!)

 

Did you reinstall Avast!?
 

Also noticed that security centre thinks that security essentials is still installed.


Does Security Center still think that Microsoft Security Essentials is still installed?
If so, please follow the instructions on this page to run the Microsoft FixIt Tool:

http://answers.micro...ba-28ebd45c0838

If that doesn't work, you can try the alternate methods listed on that page.
 

 

Please download Junkware Removal Tool to your Desktop.

  • Disconnect from the Internet (unplug your connection to your router or modem).
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Restart your security software and reconnect to the Internet.
  • Please post the contents of JRT.txt into your reply.

 

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the Extra Registry section, click and select "All".
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    :Commands
    [EmptyTemp]
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post each in their own reply due to length.

 

Please post the two logs from OTL each in their own reply (so nothing is cut off by the maximum post length), and then in a third reply the log from Junkware Removal Tool, and let me know how successful you were using the Microsoft FixIt Tool to complete removal of Microsoft Security Essentials, or any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#12 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 February 2014 - 05:59 AM

Thanks for the advice,

 

AV reinstalled. 

Fixit didn't work, the first manual solution did. Phew!

 

Here's the log from JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by cliff on 08/02/2014 at 11:33:43.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\cliff\Local Settings\Application Data\cre"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/02/2014 at 11:45:51.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 February 2014 - 07:00 AM

OTL.txt

 

OTL logfile created on: 08/02/2014 12:37:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\cliff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.94% Memory free
3.33 Gb Paging File | 2.94 Gb Available in Paging File | 88.39% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 21.80 Gb Free Space | 36.56% Space Free | Partition Type: NTFS
Drive F: | 29.80 Gb Total Space | 4.56 Gb Free Space | 15.32% Space Free | Partition Type: FAT32
 
Computer Name: EEEPC | User Name: cliff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/08 12:30:54 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/08 12:30:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/08 11:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cliff\Desktop\OTL.exe
PRC - [2014/01/03 00:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/08 18:44:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2008/06/03 21:24:50 | 000,294,912 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/06/03 20:43:56 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008/06/03 19:34:38 | 000,479,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008/05/21 08:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2008/05/20 17:44:30 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
PRC - [2008/04/14 21:03:54 | 000,596,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/07/21 23:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/08 12:30:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/21 22:40:47 | 002,156,032 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll
MOD - [2014/01/03 00:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 23:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Dropbox\bin\libcef.dll
MOD - [2008/04/14 20:58:40 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/04/14 20:55:58 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/08 12:30:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/06 23:41:50 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 09:00:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\OEMDrv.sys -- (X86BDA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/02/08 12:31:02 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/08 12:31:01 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/08 12:31:01 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/08 12:31:01 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/02/08 12:31:01 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/02/08 12:31:01 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/02/08 12:31:01 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/09/07 14:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 14:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 14:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 14:55:58 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/05/27 03:27:28 | 004,748,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 03:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 03:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/29 00:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/03/27 09:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/11 11:37:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/03/10 10:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 09:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/09/20 03:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/07/27 03:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/05/28 16:00:22 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BBAF91F1-47FF-4B6A-AA65-50D3D2624DDF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBAF91F1-47FF-4B6A-AA65-50D3D2624DDF}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.startup.homepage: "http://uk.search.yah...=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/01/09 15:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/08 12:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/20 08:58:40 | 000,000,000 | ---D | M]
 
[2011/11/26 13:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cliff\Application Data\Mozilla\Extensions
[2014/02/07 00:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cliff\Application Data\Mozilla\Firefox\Profiles\2xqjij51.default\extensions
[2013/09/02 19:11:11 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Mozilla\Firefox\Profiles\2xqjij51.default\searchplugins\yahoo.xml
[2013/12/20 08:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/20 08:56:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/20 08:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 09:00:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/09 15:16:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: AdBlock = C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKCU..\Run: [Slick Savings] "C:\Documents and Settings\cliff\Application Data\Slick Savings\CouponsHelper.exe" File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\cliff\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/27 05:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{79033bf8-fa2c-11e0-a48b-0015aff99839}\Shell - "" = AutoRun
O33 - MountPoints2\{79033bf8-fa2c-11e0-a48b-0015aff99839}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79033bf8-fa2c-11e0-a48b-0015aff99839}\Shell\AutoRun\command - "" = D:\VersionControl.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/08 12:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/02/08 12:31:08 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/08 12:31:07 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/08 12:31:06 | 000,410,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/08 12:31:06 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/02/08 12:31:06 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/08 12:31:04 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/08 12:31:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/08 11:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/08 11:24:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cliff\Desktop\OTL.exe
[2014/02/08 11:23:20 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\cliff\Desktop\JRT.exe
[2014/02/08 11:08:54 | 011,125,072 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\cliff\Desktop\mseinstall.exe
[2014/02/07 23:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/02/07 23:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Desktop\Downloads to file
[2014/02/07 20:41:30 | 000,000,000 | -HSD | C] -- C:\found.002
[2014/02/07 20:13:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/07 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Application Data\AVAST Software
[2014/02/07 16:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/07 16:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/07 16:15:00 | 090,578,216 | ---- | C] (AVAST Software) -- C:\Documents and Settings\cliff\Desktop\avast_free_antivirus_setup (1).exe
[2014/02/06 23:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Application Data\Malwarebytes
[2014/02/06 23:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/06 23:31:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/06 23:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/06 23:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zemana AntiMalware
[2014/02/06 22:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/04 21:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/02/04 20:10:40 | 000,000,000 | ---D | C] -- C:\MSE_tmp
[2014/02/02 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/02/02 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Application Data\ElevatedDiagnostics
[2014/02/02 20:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SDTemp
[2014/02/02 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/31 19:38:21 | 008,617,040 | ---- | C] (CyberGhost S.R.L.                                           ) -- C:\Documents and Settings\cliff\Desktop\CGWebInstall.exe
[2008/06/27 06:48:49 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/08 12:41:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/08 12:31:52 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/08 12:31:35 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/08 12:31:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/08 12:31:01 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/08 12:31:01 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/08 12:31:01 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/08 12:31:01 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/02/08 12:31:01 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/08 12:31:01 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/08 12:31:00 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/08 12:31:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/08 12:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/08 12:03:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/08 11:50:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380592470-3419626912-261792674-1006UA.job
[2014/02/08 11:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cliff\Desktop\OTL.exe
[2014/02/08 11:23:24 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\cliff\Desktop\JRT.exe
[2014/02/08 11:18:25 | 000,442,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/08 11:18:25 | 000,071,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/08 11:14:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/08 11:11:40 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/02/08 11:08:58 | 011,125,072 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\cliff\Desktop\mseinstall.exe
[2014/02/08 11:00:28 | 000,002,612 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\msremoval.bat
[2014/02/07 22:22:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2014/02/07 21:47:12 | 000,016,086 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/02/07 16:15:33 | 090,578,216 | ---- | M] (AVAST Software) -- C:\Documents and Settings\cliff\Desktop\avast_free_antivirus_setup (1).exe
[2014/02/07 15:59:52 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\adwcleaner.exe
[2014/02/06 23:41:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/06 23:41:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/06 23:31:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/06 22:27:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/05 07:13:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/02/04 13:56:40 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/04 13:56:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\Google Chrome.lnk
[2014/02/02 18:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380592470-3419626912-261792674-1006Core.job
[2014/02/01 12:44:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/31 19:38:30 | 008,617,040 | ---- | M] (CyberGhost S.R.L.                                           ) -- C:\Documents and Settings\cliff\Desktop\CGWebInstall.exe
[2014/01/31 15:37:08 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\cliff\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/31 15:36:03 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\Dropbox.lnk
[2014/01/16 09:59:46 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/08 12:31:52 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/08 12:31:08 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/08 12:31:06 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/08 10:59:15 | 000,002,612 | ---- | C] () -- C:\Documents and Settings\cliff\Desktop\msremoval.bat
[2014/02/07 16:42:23 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/07 15:59:51 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\cliff\Desktop\adwcleaner.exe
[2014/02/06 23:31:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/04 20:45:56 | 000,016,086 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/11/10 12:02:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/19 21:41:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/02 17:51:36 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\cliff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 08:41:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\cliff\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008/06/27 05:41:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/07/23 17:42:24 | 000,524,288 | -H-- | M] () -- C:\1000H.ROM
[2008/06/27 05:40:37 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/06/27 05:34:33 | 000,000,206 | ---- | M] () -- C:\audio.log
[2008/06/27 05:28:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/26 08:41:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/06/27 05:28:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2014/02/07 21:47:12 | 000,016,086 | ---- | M] () -- C:\FixitRegBackup.reg
[2008/06/27 05:28:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/27 05:36:29 | 000,000,254 | ---- | M] () -- C:\LAN.log
[2008/06/27 05:28:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/02/08 11:14:02 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/06/27 05:34:33 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2008/06/27 05:58:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/06/27 06:13:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/06/27 05:58:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/27 06:13:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/06/27 05:36:55 | 000,000,176 | ---- | M] () -- C:\Wifi.log
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
[colOTL logfile created on: 08/02/2014 12:37:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\cliff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.94% Memory free
3.33 Gb Paging File | 2.94 Gb Available in Paging File | 88.39% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 21.80 Gb Free Space | 36.56% Space Free | Partition Type: NTFS
Drive F: | 29.80 Gb Total Space | 4.56 Gb Free Space | 15.32% Space Free | Partition Type: FAT32
 
Computer Name: EEEPC | User Name: cliff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/08 12:30:54 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/08 12:30:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/08 11:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cliff\Desktop\OTL.exe
PRC - [2014/01/03 00:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/12/08 18:44:49 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2008/06/03 21:24:50 | 000,294,912 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/06/03 20:43:56 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2008/06/03 19:34:38 | 000,479,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008/05/21 08:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2008/05/20 17:44:30 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Program Files\Elantech\ETDCTRL.EXE
PRC - [2008/04/14 21:03:54 | 000,596,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/07/21 23:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/08 12:30:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/21 22:40:47 | 002,156,032 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll
MOD - [2014/01/03 00:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 23:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Dropbox\bin\libcef.dll
MOD - [2008/04/14 20:58:40 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/04/14 20:55:58 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/08 12:30:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/06 23:41:50 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 09:00:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\OEMDrv.sys -- (X86BDA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/02/08 12:31:02 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/08 12:31:01 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/08 12:31:01 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/08 12:31:01 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/02/08 12:31:01 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/02/08 12:31:01 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/02/08 12:31:01 | 000,049,944 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/09/07 14:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 14:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 14:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 14:55:58 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/05/27 03:27:28 | 004,748,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 03:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 03:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/29 00:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/03/27 09:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/11 11:37:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/03/10 10:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 09:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/09/20 03:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/07/27 03:00:38 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007/05/28 16:00:22 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
 
 

#14 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 February 2014 - 07:02 AM

Extras.txt

 

OTL Extras logfile created on: 08/02/2014 12:37:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\cliff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.94% Memory free
3.33 Gb Paging File | 2.94 Gb Available in Paging File | 88.39% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.62 Gb Total Space | 21.80 Gb Free Space | 36.56% Space Free | Partition Type: NTFS
Drive F: | 29.80 Gb Total Space | 4.56 Gb Free Space | 15.32% Space Free | Partition Type: FAT32
 
Computer Name: EEEPC | User Name: cliff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon Kindle" = Amazon Kindle
"Avast" = avast! Free Antivirus
"CyberGhost VPN_is1" = CyberGhost VPN
"DD305 Personal Lives and Social Policy" = DD305 Personal Lives and Social Policy
"Elantech" = ETDWare PS/2-x86 7.0.2.5 WHQL
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZTE_MF627_LEGACY_DRIVER_1.2059.0.4" = ZTE_MF627_USB_MODEM_1.2059.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17/09/2012 16:35:54 | Computer Name = EEEPC | Source = MPSampleSubmission | ID = 5000
Description = 
 
Error - 05/11/2012 14:31:55 | Computer Name = EEEPC | Source = MPSampleSubmission | ID = 5000
Description = 
 
Error - 10/11/2012 07:28:15 | Computer Name = EEEPC | Source = Microsoft Security Client | ID = 5000
Description = 
 
Error - 27/11/2012 15:21:21 | Computer Name = EEEPC | Source = Chrome | ID = 1
Description = 
 
[ System Events ]
Error - 07/02/2014 20:28:00 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 07/02/2014 20:28:00 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 07/02/2014 20:28:00 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 07/02/2014 20:28:01 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 07/02/2014 20:28:01 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 07/02/2014 20:28:01 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 07/02/2014 20:30:13 | Computer Name = EEEPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.13 for the Network Card with network
 address 0015AFE693BA has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 07/02/2014 20:31:10 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
   %%193
 
Error - 08/02/2014 07:14:09 | Computer Name = EEEPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.13 for the Network Card with network
 address 0015AFE693BA has been  denied by the DHCP server 0.0.0.0 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 08/02/2014 07:15:01 | Computer Name = EEEPC | Source = Service Control Manager | ID = 7023
Description = The Terminal Services service terminated with the following error:
   %%193
 
 
< End of report >
 
Just checked Security Center, it is reporting that Avast is running, no more reports of MSE. Thanks.


#15 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 08 February 2014 - 08:21 AM

Just checked Security Center, it is reporting that Avast is running, no more reports of MSE.

 

Excellent.

The contents of the OTL logfile OTL.txt was cut off by the maximum post length. Please check to see where it cut off, and post the remainder. The end section of that file is important.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#16 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 February 2014 - 08:47 AM

Here's the rest of the otl file: - sorry about that. 

 

 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {BBAF91F1-47FF-4B6A-AA65-50D3D2624DDF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BBAF91F1-47FF-4B6A-AA65-50D3D2624DDF}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.startup.homepage: "http://uk.search.yah...=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/01/09 15:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/08 12:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/20 08:58:40 | 000,000,000 | ---D | M]
 
[2011/11/26 13:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cliff\Application Data\Mozilla\Extensions
[2014/02/07 00:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cliff\Application Data\Mozilla\Firefox\Profiles\2xqjij51.default\extensions
[2013/09/02 19:11:11 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Mozilla\Firefox\Profiles\2xqjij51.default\searchplugins\yahoo.xml
[2013/12/20 08:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/20 08:56:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/20 08:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 09:00:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/09 15:16:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: AdBlock = C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\cliff\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart File not found
O4 - HKCU..\Run: [Slick Savings] "C:\Documents and Settings\cliff\Application Data\Slick Savings\CouponsHelper.exe" File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\cliff\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\cliff\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/27 05:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{79033bf8-fa2c-11e0-a48b-0015aff99839}\Shell - "" = AutoRun
O33 - MountPoints2\{79033bf8-fa2c-11e0-a48b-0015aff99839}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79033bf8-fa2c-11e0-a48b-0015aff99839}\Shell\AutoRun\command - "" = D:\VersionControl.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/08 12:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/02/08 12:31:08 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/08 12:31:07 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/08 12:31:06 | 000,410,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/08 12:31:06 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/02/08 12:31:06 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/08 12:31:04 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/08 12:31:00 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/08 11:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/08 11:24:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cliff\Desktop\OTL.exe
[2014/02/08 11:23:20 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\cliff\Desktop\JRT.exe
[2014/02/08 11:08:54 | 011,125,072 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\cliff\Desktop\mseinstall.exe
[2014/02/07 23:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/02/07 23:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Desktop\Downloads to file
[2014/02/07 20:41:30 | 000,000,000 | -HSD | C] -- C:\found.002
[2014/02/07 20:13:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/07 16:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Application Data\AVAST Software
[2014/02/07 16:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/07 16:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/07 16:15:00 | 090,578,216 | ---- | C] (AVAST Software) -- C:\Documents and Settings\cliff\Desktop\avast_free_antivirus_setup (1).exe
[2014/02/06 23:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Application Data\Malwarebytes
[2014/02/06 23:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/06 23:31:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/06 23:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/06 23:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zemana AntiMalware
[2014/02/06 22:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/04 21:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/02/04 20:10:40 | 000,000,000 | ---D | C] -- C:\MSE_tmp
[2014/02/02 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2014/02/02 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cliff\Application Data\ElevatedDiagnostics
[2014/02/02 20:14:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SDTemp
[2014/02/02 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2014/01/31 19:38:21 | 008,617,040 | ---- | C] (CyberGhost S.R.L.                                           ) -- C:\Documents and Settings\cliff\Desktop\CGWebInstall.exe
[2008/06/27 06:48:49 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/08 12:41:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/08 12:31:52 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/08 12:31:35 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/08 12:31:02 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/08 12:31:01 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/08 12:31:01 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/08 12:31:01 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/08 12:31:01 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/02/08 12:31:01 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/08 12:31:01 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/08 12:31:00 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/08 12:31:00 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/08 12:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/08 12:03:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/08 11:50:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380592470-3419626912-261792674-1006UA.job
[2014/02/08 11:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cliff\Desktop\OTL.exe
[2014/02/08 11:23:24 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\cliff\Desktop\JRT.exe
[2014/02/08 11:18:25 | 000,442,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/08 11:18:25 | 000,071,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/08 11:14:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/08 11:11:40 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/02/08 11:08:58 | 011,125,072 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\cliff\Desktop\mseinstall.exe
[2014/02/08 11:00:28 | 000,002,612 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\msremoval.bat
[2014/02/07 22:22:17 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2014/02/07 21:47:12 | 000,016,086 | ---- | M] () -- C:\FixitRegBackup.reg
[2014/02/07 16:15:33 | 090,578,216 | ---- | M] (AVAST Software) -- C:\Documents and Settings\cliff\Desktop\avast_free_antivirus_setup (1).exe
[2014/02/07 15:59:52 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\adwcleaner.exe
[2014/02/06 23:41:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/06 23:41:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/06 23:31:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/06 22:27:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/05 07:13:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/02/04 13:56:40 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/04 13:56:40 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\Google Chrome.lnk
[2014/02/02 18:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1380592470-3419626912-261792674-1006Core.job
[2014/02/01 12:44:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/31 19:38:30 | 008,617,040 | ---- | M] (CyberGhost S.R.L.                                           ) -- C:\Documents and Settings\cliff\Desktop\CGWebInstall.exe
[2014/01/31 15:37:08 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\cliff\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/31 15:36:03 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\cliff\Desktop\Dropbox.lnk
[2014/01/16 09:59:46 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/08 12:31:52 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/02/08 12:31:08 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/08 12:31:06 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/08 10:59:15 | 000,002,612 | ---- | C] () -- C:\Documents and Settings\cliff\Desktop\msremoval.bat
[2014/02/07 16:42:23 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/07 15:59:51 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\cliff\Desktop\adwcleaner.exe
[2014/02/06 23:31:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/04 20:45:56 | 000,016,086 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/11/10 12:02:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/19 21:41:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/02 17:51:36 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\cliff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 08:41:47 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\cliff\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008/06/27 05:41:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/07/23 17:42:24 | 000,524,288 | -H-- | M] () -- C:\1000H.ROM
[2008/06/27 05:40:37 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/06/27 05:34:33 | 000,000,206 | ---- | M] () -- C:\audio.log
[2008/06/27 05:28:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/26 08:41:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/06/27 05:28:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2014/02/07 21:47:12 | 000,016,086 | ---- | M] () -- C:\FixitRegBackup.reg
[2008/06/27 05:28:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/27 05:36:29 | 000,000,254 | ---- | M] () -- C:\LAN.log
[2008/06/27 05:28:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/02/08 11:14:02 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/06/27 05:34:33 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2008/06/27 05:58:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/06/27 06:13:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/06/27 05:58:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/27 06:13:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/06/27 05:36:55 | 000,000,176 | ---- | M] () -- C:\Wifi.log
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< :Commands >
 
< [EmptyTemp] >
 
< End of report >


#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 08 February 2014 - 08:56 AM

There was nothing bad in the remainder of the OTL log, so we can start some cleanup.

You can now delete some of the tools that we used, if not already deleted, and any logs they produced:

DDS
Security Check

AdwCleaner (run the program and click Uninstall)
Junkware Removal Tool

OTL

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 franig

franig

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 08 February 2014 - 11:17 AM

Yes, thanks very much for all your help, its greatly appreciated. I'll start on those recommendations now. 



#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 09 February 2014 - 09:48 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button