Jump to content

Recommended Posts

Posted
It saying no such file or directory,i checked the usb device before i removed it and it said rst.sh was on it! I checked both the sda folders but it wasnt there
  • Replies 48
  • Created
  • Last Reply

Top Posters In This Topic

Posted
I got the sdb1 folder i unplugged it and put it back in again and it appeared i have transferred the rst.sh 2 usb(i hope lol) can u tell me how i transfer them frm the usb onto a message here?
Posted
What point in the instructions are you? You should put rst.sh on the USB flash drive from a working computer before booting yours into xPud. Then, run the bash command and shut down xPud. If you plug the USB flash drive back into the working computer, you can post enum.log from the flash drive into your reply.
Posted
I am just waiting 2 borrow the laptop again and i will post the info u ask for should hopfuly have it within the next hour or so
Posted

here is the enum log

 

 

256.0K Mar 24 21:36 /mnt/sda1/WINDOWS/system32/config/SOFTWARE

7.3M Mar 25 23:48 /mnt/sda1/WINDOWS/system32/config/SYSTEM

 

 

27.0M Mar 16 2012 /sda1/~/RP246/~SOFTWARE

27.0M Mar 17 2012 /sda1/~/RP247/~SOFTWARE

27.0M Mar 20 2012 /sda1/~/RP249/~SOFTWARE

27.0M Mar 23 2012 /sda1/~/RP250/~SOFTWARE

27.0M Mar 25 2012 /sda1/~/RP251/~SOFTWARE

27.0M Mar 26 2012 /sda1/~/RP252/~SOFTWARE

27.0M Mar 28 2012 /sda1/~/RP253/~SOFTWARE

27.0M Mar 30 2012 /sda1/~/RP254/~SOFTWARE

27.0M Apr 1 2012 /sda1/~/RP255/~SOFTWARE

27.0M Apr 2 2012 /sda1/~/RP256/~SOFTWARE

27.0M Apr 3 2012 /sda1/~/RP257/~SOFTWARE

27.0M Apr 4 2012 /sda1/~/RP258/~SOFTWARE

27.0M Apr 6 2012 /sda1/~/RP259/~SOFTWARE

27.0M Apr 7 2012 /sda1/~/RP260/~SOFTWARE

27.0M Apr 8 2012 /sda1/~/RP261/~SOFTWARE

27.0M Apr 9 2012 /sda1/~/RP262/~SOFTWARE

27.0M Apr 10 2012 /sda1/~/RP263/~SOFTWARE

27.0M Apr 12 2012 /sda1/~/RP264/~SOFTWARE

27.0M Apr 13 2012 /sda1/~/RP265/~SOFTWARE

27.0M Apr 14 2012 /sda1/~/RP266/~SOFTWARE

27.0M Apr 15 2012 /sda1/~/RP267/~SOFTWARE

27.0M Apr 16 2012 /sda1/~/RP268/~SOFTWARE

27.1M May 15 2012 /sda1/~/RP291/~SOFTWARE

27.1M May 17 2012 /sda1/~/RP292/~SOFTWARE

27.1M May 18 2012 /sda1/~/RP293/~SOFTWARE

27.1M May 20 2012 /sda1/~/RP294/~SOFTWARE

27.1M May 22 2012 /sda1/~/RP295/~SOFTWARE

27.1M May 24 2012 /sda1/~/RP296/~SOFTWARE

27.1M May 25 2012 /sda1/~/RP297/~SOFTWARE

27.1M May 27 2012 /sda1/~/RP298/~SOFTWARE

27.1M May 28 2012 /sda1/~/RP299/~SOFTWARE

27.1M May 30 2012 /sda1/~/RP300/~SOFTWARE

27.1M Jun 1 2012 /sda1/~/RP301/~SOFTWARE

27.1M Jun 3 2012 /sda1/~/RP302/~SOFTWARE

27.1M Jun 4 2012 /sda1/~/RP303/~SOFTWARE

27.1M Jun 4 2012 /sda1/~/RP304/~SOFTWARE

27.1M Jun 5 2012 /sda1/~/RP305/~SOFTWARE

27.1M Jun 6 2012 /sda1/~/RP306/~SOFTWARE

27.1M Jun 7 2012 /sda1/~/RP307/~SOFTWARE

27.1M Jun 8 2012 /sda1/~/RP308/~SOFTWARE

27.1M Jun 9 2012 /sda1/~/RP309/~SOFTWARE

27.1M Jun 10 2012 /sda1/~/RP310/~SOFTWARE

27.1M Jun 11 2012 /sda1/~/RP311/~SOFTWARE

27.1M Jun 13 2012 /sda1/~/RP312/~SOFTWARE

27.1M Jun 13 2012 /sda1/~/RP313/~SOFTWARE

27.0M Apr 19 2012 /sda1/~/RP270/~SOFTWARE

27.0M Apr 21 2012 /sda1/~/RP271/~SOFTWARE

27.0M Apr 22 2012 /sda1/~/RP272/~SOFTWARE

27.0M Apr 25 2012 /sda1/~/RP273/~SOFTWARE

27.0M Apr 26 2012 /sda1/~/RP274/~SOFTWARE

27.1M Apr 26 2012 /sda1/~/RP275/~SOFTWARE

27.1M Apr 27 2012 /sda1/~/RP276/~SOFTWARE

27.1M Apr 28 2012 /sda1/~/RP277/~SOFTWARE

27.1M Apr 29 2012 /sda1/~/RP278/~SOFTWARE

27.1M May 1 2012 /sda1/~/RP279/~SOFTWARE

27.1M May 2 2012 /sda1/~/RP280/~SOFTWARE

27.1M May 3 2012 /sda1/~/RP281/~SOFTWARE

27.1M May 4 2012 /sda1/~/RP282/~SOFTWARE

27.1M May 5 2012 /sda1/~/RP283/~SOFTWARE

27.1M May 6 2012 /sda1/~/RP284/~SOFTWARE

27.1M May 7 2012 /sda1/~/RP285/~SOFTWARE

27.1M May 8 2012 /sda1/~/RP286/~SOFTWARE

27.1M May 9 2012 /sda1/~/RP287/~SOFTWARE

27.1M May 13 2012 /sda1/~/RP288/~SOFTWARE

27.1M May 14 2012 /sda1/~/RP289/~SOFTWARE

27.0M Mar 18 2012 /sda1/~/RP248/~SOFTWARE

27.0M Apr 17 2012 /sda1/~/RP269/~SOFTWARE

27.1M May 14 2012 /sda1/~/RP290/~SOFTWARE

7.0M Mar 16 2012 /sda1/~/RP246/~SYSTEM

7.0M Mar 17 2012 /sda1/~/RP247/~SYSTEM

7.0M Mar 20 2012 /sda1/~/RP249/~SYSTEM

7.0M Mar 23 2012 /sda1/~/RP250/~SYSTEM

7.0M Mar 25 2012 /sda1/~/RP251/~SYSTEM

7.0M Mar 26 2012 /sda1/~/RP252/~SYSTEM

7.0M Mar 28 2012 /sda1/~/RP253/~SYSTEM

7.0M Mar 30 2012 /sda1/~/RP254/~SYSTEM

7.0M Apr 1 2012 /sda1/~/RP255/~SYSTEM

7.0M Apr 2 2012 /sda1/~/RP256/~SYSTEM

7.0M Apr 3 2012 /sda1/~/RP257/~SYSTEM

7.0M Apr 4 2012 /sda1/~/RP258/~SYSTEM

7.0M Apr 6 2012 /sda1/~/RP259/~SYSTEM

7.0M Apr 7 2012 /sda1/~/RP260/~SYSTEM

7.0M Apr 8 2012 /sda1/~/RP261/~SYSTEM

7.0M Apr 9 2012 /sda1/~/RP262/~SYSTEM

7.0M Apr 10 2012 /sda1/~/RP263/~SYSTEM

7.0M Apr 12 2012 /sda1/~/RP264/~SYSTEM

7.0M Apr 13 2012 /sda1/~/RP265/~SYSTEM

7.0M Apr 14 2012 /sda1/~/RP266/~SYSTEM

7.0M Apr 15 2012 /sda1/~/RP267/~SYSTEM

7.0M Apr 16 2012 /sda1/~/RP268/~SYSTEM

7.0M May 15 2012 /sda1/~/RP291/~SYSTEM

7.0M May 17 2012 /sda1/~/RP292/~SYSTEM

7.0M May 18 2012 /sda1/~/RP293/~SYSTEM

7.0M May 20 2012 /sda1/~/RP294/~SYSTEM

7.0M May 22 2012 /sda1/~/RP295/~SYSTEM

7.0M May 24 2012 /sda1/~/RP296/~SYSTEM

7.0M May 25 2012 /sda1/~/RP297/~SYSTEM

7.0M May 27 2012 /sda1/~/RP298/~SYSTEM

7.0M May 28 2012 /sda1/~/RP299/~SYSTEM

7.0M May 30 2012 /sda1/~/RP300/~SYSTEM

7.0M Jun 1 2012 /sda1/~/RP301/~SYSTEM

7.0M Jun 3 2012 /sda1/~/RP302/~SYSTEM

7.0M Jun 4 2012 /sda1/~/RP303/~SYSTEM

7.0M Jun 4 2012 /sda1/~/RP304/~SYSTEM

7.0M Jun 5 2012 /sda1/~/RP305/~SYSTEM

7.0M Jun 6 2012 /sda1/~/RP306/~SYSTEM

7.0M Jun 7 2012 /sda1/~/RP307/~SYSTEM

7.0M Jun 8 2012 /sda1/~/RP308/~SYSTEM

7.0M Jun 9 2012 /sda1/~/RP309/~SYSTEM

7.0M Jun 10 2012 /sda1/~/RP310/~SYSTEM

7.0M Jun 11 2012 /sda1/~/RP311/~SYSTEM

7.0M Jun 13 2012 /sda1/~/RP312/~SYSTEM

7.0M Jun 13 2012 /sda1/~/RP313/~SYSTEM

7.0M Apr 19 2012 /sda1/~/RP270/~SYSTEM

7.0M Apr 21 2012 /sda1/~/RP271/~SYSTEM

7.0M Apr 22 2012 /sda1/~/RP272/~SYSTEM

7.0M Apr 25 2012 /sda1/~/RP273/~SYSTEM

7.0M Apr 26 2012 /sda1/~/RP274/~SYSTEM

7.0M Apr 26 2012 /sda1/~/RP275/~SYSTEM

7.0M Apr 27 2012 /sda1/~/RP276/~SYSTEM

7.0M Apr 28 2012 /sda1/~/RP277/~SYSTEM

7.0M Apr 29 2012 /sda1/~/RP278/~SYSTEM

7.0M May 1 2012 /sda1/~/RP279/~SYSTEM

7.0M May 2 2012 /sda1/~/RP280/~SYSTEM

7.0M May 3 2012 /sda1/~/RP281/~SYSTEM

7.0M May 4 2012 /sda1/~/RP282/~SYSTEM

7.0M May 5 2012 /sda1/~/RP283/~SYSTEM

7.0M May 6 2012 /sda1/~/RP284/~SYSTEM

7.0M May 7 2012 /sda1/~/RP285/~SYSTEM

7.0M May 8 2012 /sda1/~/RP286/~SYSTEM

7.0M May 9 2012 /sda1/~/RP287/~SYSTEM

7.0M May 13 2012 /sda1/~/RP288/~SYSTEM

7.0M May 14 2012 /sda1/~/RP289/~SYSTEM

7.0M Mar 18 2012 /sda1/~/RP248/~SYSTEM

7.0M Apr 17 2012 /sda1/~/RP269/~SYSTEM

7.0M May 14 2012 /sda1/~/RP290/~SYSTEM

Posted

Hello, suarezlfc.

 

 

Ok, perfect. We'll try restoring to an earlier point. Please follow these instructions. Note that the rst.sh command is different than before.

 

  • Insert your xPud USB drive into the non-booting computer.
  • Boot the computer
  • Boot from the USB as before
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh -r
  • Press Enter
  • At the prompt, please type 313 and press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt
     
     
    Please note - all text entries are case sensitive

Copy and paste the report.txt for my review from the xPud flash drive.

 

 

Please also try and boot the sick computer and let me know what happens.

 

 

etavares

Posted (edited)

SOFTWARE hive restored from RP313

SYSTEM hive restored from RP313

SECURITY hive restored from RP313

SAM hive restored from RP313

 

 

thats all there was in the report and i found it under restore,there was no folder report.txt

 

ive rebooted my computer and it has come on;) your a legend mate,do i need to do anything else?

Edited by suarezlfc
Posted

another problem has arisen,i dont seem to be able to access the internet through my pc,i tried to update microsoft security ess but i keep getting an error msg

error code 0x8024402c

error description securty ess couldnt install the definition updates because the proxy server or target server cant be resolved

 

and if i try to access google through chrome or ie it comes up no internet connection,i am using the same ethernet cable in the laptop( and i have internet access no problem)as i am in my pc so theres still something up on my pc,any ideas?

Posted

Hello, suarezlfc.

 

 

Great, glad to hear we have it booting! Let's look at potential issues. including the lack of internet access. If worse gets to worse, we can restore an earlier restore point.

 

 

 

 

 

 

 

 

 

 

Step 1

 

 

We need to create an OTL report,

  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
     
     
     
     
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

 

 

 

 

 

 

Step 2

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

 

 

etavares

Posted

i am able to use the internet on my pc so far i have ran otl and farbar anyway here is the report

farbar

Windows Firewall:

=============

 

 

Firewall Disabled Policy:

==================

 

 

 

 

System Restore:

============

 

 

System Restore Disabled Policy:

========================

 

 

 

 

Security Center:

============

 

 

Windows Update:

============

 

 

Windows Autoupdate Disabled Policy:

============================

 

 

 

 

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

 

 

 

 

**** End of log ****

Posted

otl report

 

OTL logfile created on: 31/03/2027 13:24:33 - Run 7

OTL by OldTimer - Version 3.2.53.0 Folder = D:\Documents and Settings\neil fulton\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1022.48 Mb Total Physical Memory | 276.49 Mb Available Physical Memory | 27.04% Memory free

2.40 Gb Paging File | 1.61 Gb Available in Paging File | 66.99% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.80 Gb Total Space | 22.50 Gb Free Space | 59.54% Space Free | Partition Type: NTFS

Drive D: | 111.24 Gb Total Space | 90.88 Gb Free Space | 81.70% Space Free | Partition Type: NTFS

 

Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - D:\Documents and Settings\neil fulton\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)

PRC - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)

PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

PRC - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Steam\bin\libcef.dll ()

MOD - C:\Program Files\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppgooglenaclpluginchrome.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\Locales\en-US.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avutil-50.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avformat-52.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avcodec-52.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll ()

MOD - C:\WINDOWS\sm56spn.dll ()

MOD - C:\WINDOWS\sm56jpn.dll ()

MOD - C:\WINDOWS\sm56itl.dll ()

MOD - C:\WINDOWS\sm56eng.dll ()

MOD - C:\WINDOWS\sm56ger.dll ()

MOD - C:\WINDOWS\sm56fra.dll ()

MOD - C:\WINDOWS\sm56brz.dll ()

MOD - C:\WINDOWS\sm56cht.dll ()

MOD - C:\WINDOWS\sm56chs.dll ()

MOD - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

MOD - C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll ()

MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) -- File not found

DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys File not found

DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (lbrtfdc) -- File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- D:\DOCUME~1\NEILFU~1\LOCALS~1\Temp\catchme.sys File not found

DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)

DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()

DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {7D1CC8B6-4271-40C8-BA9E-91854C72078F}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{A7B1B330-62A8-4731-A40B-34AAC361D96F}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{601115BF-FE84-4E00-AAAE-281610222DF3}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ieb&appid=102&systemid=2&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{A7B1B330-62A8-4731-A40B-34AAC361D96F}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 22:10:22 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll

CHR - plugin: Chrome NaCl (Disabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gears.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Client Gateway 4.1.16 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: SiteAdvisor = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

CHR - Extension: vshare plugin = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Radialpoint SPD Extension = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\

 

O1 HOSTS File: ([2012/01/20 22:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [PCMService] c:\apps\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found

O4 - HKLM..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

O4 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006..\Run: [smpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

O4 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDA3FEC-98C4-4888-880B-B2077EF2D21C}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2027/03/31 13:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2027/03/30 21:52:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\PCHealth

[2027/03/24 23:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2027/03/31 13:24:35 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2027/03/31 13:13:34 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2027/03/31 13:13:34 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job

[2027/03/31 13:13:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2027/03/31 13:13:25 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2027/03/31 01:09:19 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2027/03/31 00:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2027/03/30 20:26:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/06/14 14:07:20 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/06/13 22:37:15 | 028,573,696 | ---- | M] () -- C:\WINDOWS\software.old

[2012/06/13 22:36:23 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/13 22:36:23 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/13 22:30:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/06/07 14:13:30 | 000,000,669 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/04 21:53:37 | 000,005,120 | ---- | M] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/02/15 09:48:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 14:34:01 | 000,005,120 | ---- | C] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/11 20:57:31 | 000,058,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/12/29 23:00:59 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe

[2011/12/29 21:32:27 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe

[2011/12/29 21:32:21 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys

[2011/12/29 17:40:39 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/12/29 17:40:39 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/12/29 17:40:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/12/29 17:39:22 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/07/24 14:56:21 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2011/07/24 14:56:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2011/07/24 14:52:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2011/07/22 20:54:16 | 000,113,032 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2011/07/22 20:54:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2011/05/17 16:20:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/05/14 14:55:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI

[2007/05/20 19:38:23 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

========== LOP Check ==========

 

[2010/08/05 10:34:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\2032C

[2011/09/04 16:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\2537A

[2009/08/09 19:08:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AdventureChronicles1

[2010/08/05 10:51:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BabylonIM

[2010/08/08 13:18:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Bandoo

[2009/07/14 18:06:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Beanbag Studios

[2011/05/01 19:36:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Big Fish Games

[2011/09/06 13:41:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\boost_interprocess

[2011/05/10 13:40:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\cN01803FfCfF01803

[2012/01/17 19:13:47 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files

[2010/08/05 09:24:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\iMesh

[2011/12/29 22:12:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IObit

[2009/07/04 22:33:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\JollyBear

[2011/11/13 14:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Leapfrog

[2012/01/17 19:13:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData

[2009/03/07 13:42:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MGS

[2009/03/07 13:39:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microgaming

[2009/07/04 23:37:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Oberonv1005

[2006/04/20 16:49:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2

[2009/07/14 17:54:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PlayFirst

[2009/08/10 18:48:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Product

[2009/08/10 18:48:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\QuickClick

[2027/03/31 13:22:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Radialpoint

[2009/07/06 22:06:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SpinTop Games

[2007/10/23 11:31:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\STOPzilla!

[2011/05/02 18:41:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP

[2009/07/13 00:20:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\The Game Equation

[2009/10/16 15:20:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems

[2006/07/01 08:57:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\VadeRetro

[2006/04/20 16:44:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Viewpoint

[2012/01/19 20:39:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Virgin Media

[2010/10/11 22:07:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Zylom

[2010/08/05 09:24:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{1A458D70-B989-4B6C-8D14-6475A477F678}

[2011/09/11 16:22:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2007/10/14 15:21:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\AntiSpyware

[2009/08/09 18:57:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Artogon

[2010/08/05 10:58:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Bandoo

[2009/02/18 17:37:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\BitTorrent

[2011/12/29 23:00:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\DNA

[2010/12/14 20:32:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\ElevatedDiagnostics

[2007/05/09 22:23:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Image Zone Express

[2011/04/16 11:11:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Inbox Toolbar

[2009/07/20 21:09:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\ITTNord

[2007/03/28 17:41:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Leadertech

[2009/07/15 21:08:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Meridian93

[2011/04/13 19:48:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\MsgCnf

[2011/12/29 23:01:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\MyShoppingGenie

[2010/02/11 16:37:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Oberon Media

[2009/07/12 20:18:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Oberonv1002

[2006/08/22 22:06:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\OD2

[2009/05/06 15:29:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\OpenOffice.org

[2009/07/14 17:54:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\PlayFirst

[2009/07/26 17:16:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Playrix Entertainment

[2007/05/21 09:25:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\PPMate

[2009/02/22 14:26:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\ppStream

[2010/07/09 18:21:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\RadioBar

[2011/04/25 14:04:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\RebateInformer

[2006/06/09 20:26:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Template

[2009/07/07 21:17:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\TheScruffs

[2009/10/16 15:20:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Ulead Systems

[2011/12/29 23:00:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\uTorrent

[2006/10/24 11:57:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\VadeRetro

[2009/01/30 18:07:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Virgin Broadband

[2011/05/08 22:05:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\Virgin Media

[2010/09/14 19:55:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\lindsay fulton\Application Data\vShare

[2009/04/21 17:16:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Application Data\SACore

[2010/07/31 18:14:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\SACore

[2011/05/15 21:23:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\asoftech

[2011/09/06 13:44:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\bsbandmltbpi

[2011/12/29 21:47:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\IObit

[2011/09/04 17:07:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\OD2

[2027/03/30 22:52:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Radialpoint

[2011/12/27 13:39:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Sports Interactive

[2011/05/10 16:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Ulead Systems

[2011/05/09 17:09:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\VadeRetro

[2012/01/19 14:01:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Virgin Media

[2011/11/27 18:16:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\VshareComplete

[2027/03/31 13:13:34 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2006/07/01 08:53:44 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK

[2006/07/01 09:28:19 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI

[2004/08/04 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2011/10/12 20:10:31 | 000,280,613 | ---- | M] () -- C:\ComboFix.txt

[2006/07/01 08:10:44 | 000,006,053 | ---- | M] () -- C:\DWNLOG.TXT

[2027/03/31 13:13:25 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2006/07/01 08:55:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/07/01 08:57:04 | 000,000,880 | -H-- | M] () -- C:\IPH.PH

[2006/07/01 08:10:44 | 000,006,053 | ---- | M] () -- C:\MCDLOG.TXT

[2006/07/01 08:55:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 14:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM

[2011/11/20 20:07:59 | 000,250,048 | ---- | M] () -- C:\NTLDR

[2027/03/31 13:13:24 | 1608,224,768 | -HS- | M] () -- C:\pagefile.sys

[2006/04/20 11:01:26 | 000,001,128 | ---- | M] () -- C:\SAUDIT.TXT

[2006/07/01 08:10:44 | 000,000,000 | ---- | M] () -- C:\UPDFLOP.TAG

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.sys /90 >

[2012/05/15 14:20:33 | 001,863,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2004/08/10 16:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 16:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 16:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

 

< End of report >

Posted

Hello, suarezlfc.

 

 

 

 

Step 1

 

 

I see you have IOBit installed on your computer. This is a known rogue antivirus that steals definitions from legitimate antiviruses. Please read about it here. I strongly suggest you please uninstall IOBit via Add/Remove Programs.

 

If you have already removed it, it did leave some files behind. Please let me know what you did here.

 

 

 

 

Step 2

 

 

Next, we need to update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 4 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 7 Update 2
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.

 

 

 

 

 

 

 

 

Step 3

 

 

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

 

 

We need run an OTL Script

  1. Please download OTL from one of the following mirrors if you do not still have it.

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:OTL
DRV - (WDICA) -- File not found
DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- D:\DOCUME~1\NEILFU~1\LOCALS~1\Temp\catchme.sys File not found
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ieb&appid=102&systemid=2&sr=0&q={searchTer ms}
IE - HKLM\..\SearchScopes\{A7B1B330-62A8-4731-A40B-34AAC361D96F}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}
IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://search.bearshare.com//web?src=ieb&appid=102&systemid=2&sr=0&q={searchTer ms}
IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{A7B1B330-62A8-4731-A40B-34AAC361D96F}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre7\bin\jusched.exe File not found
:commands
[EmptyTemp]

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

 

 

etavares

Posted

hi etavares

 

i cant seem to find the iobit ive checked on the add/remove program list but it is not there! could it be located anywere else?

all old javas deleted and new java installed

 

otl report no1 All processes killed========== OTL ==========

Service WDICA stopped successfully!

Service WDICA deleted successfully!

File File not found not found.

Service Trufos stopped successfully!

Service Trufos deleted successfully!

File C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys File not found not found.

Service Profos stopped successfully!

Service Profos deleted successfully!

File C:\Program Files\Virgin Media\Security\BitDefender\profos.sys File not found not found.

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

File File not found not found.

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

File File not found not found.

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

File File not found not found.

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

File File not found not found.

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

File File not found not found.

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

File File not found not found.

Service Changer stopped successfully!

Service Changer deleted successfully!

File File not found not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File D:\DOCUME~1\NEILFU~1\LOCALS~1\Temp\catchme.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A7B1B330-62A8-4731-A40B-34AAC361D96F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7B1B330-62A8-4731-A40B-34AAC361D96F}\ not found.

Registry key HKEY_USERS\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.

Registry key HKEY_USERS\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Microsoft\Internet Explorer\SearchScopes\{A7B1B330-62A8-4731-A40B-34AAC361D96F}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7B1B330-62A8-4731-A40B-34AAC361D96F}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_USERS\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: lindsay fulton

->Temp folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66083 bytes

 

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

 

User: neil fulton

->Temp folder emptied: 21009908 bytes

->Temporary Internet Files folder emptied: 2048294 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 375438483 bytes

->Flash cache emptied: 928 bytes

 

User: NetworkService

->Temp folder emptied: 520220 bytes

->Temporary Internet Files folder emptied: 79720579 bytes

 

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

 

User: ShopperReports3

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1351680 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4493792 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 78013328 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 20291055 bytes

 

Total Files Cleaned = 556.00 mb

 

 

OTL by OldTimer - Version 3.2.53.0 log created on 06282012_222055

 

 

Files\Folders moved on Reboot...

 

 

PendingFileRenameOperations files...

 

 

Registry entries deleted on Reboot...

Posted

otl report no 2

 

OTL logfile created on: 28/06/2012 22:30:14 - Run 8

OTL by OldTimer - Version 3.2.53.0 Folder = D:\Documents and Settings\neil fulton\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1022.48 Mb Total Physical Memory | 339.38 Mb Available Physical Memory | 33.19% Memory free

2.40 Gb Paging File | 1.70 Gb Available in Paging File | 70.96% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.80 Gb Total Space | 22.45 Gb Free Space | 59.41% Space Free | Partition Type: NTFS

Drive D: | 111.24 Gb Total Space | 90.96 Gb Free Space | 81.77% Space Free | Partition Type: NTFS

 

Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - D:\Documents and Settings\neil fulton\Desktop\OTL (1).exe (OldTimer Tools)

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - c:\Program Files\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Steam\steam.exe (Valve Corporation)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)

PRC - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)

PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

PRC - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Steam\bin\libcef.dll ()

MOD - C:\Program Files\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppgooglenaclpluginchrome.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\Locales\en-US.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avutil-50.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avformat-52.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avcodec-52.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll ()

MOD - C:\WINDOWS\sm56spn.dll ()

MOD - C:\WINDOWS\sm56jpn.dll ()

MOD - C:\WINDOWS\sm56itl.dll ()

MOD - C:\WINDOWS\sm56eng.dll ()

MOD - C:\WINDOWS\sm56ger.dll ()

MOD - C:\WINDOWS\sm56fra.dll ()

MOD - C:\WINDOWS\sm56brz.dll ()

MOD - C:\WINDOWS\sm56cht.dll ()

MOD - C:\WINDOWS\sm56chs.dll ()

MOD - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

MOD - C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll ()

MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)

DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()

DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {7D1CC8B6-4271-40C8-BA9E-91854C72078F}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{601115BF-FE84-4E00-AAAE-281610222DF3}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-2908480339-1261026855-1997213502-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/23 22:10:22 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll

CHR - plugin: Chrome NaCl (Disabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gears.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Client Gateway 4.1.16 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: VshareComplete plugin for chrome = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: SiteAdvisor = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

CHR - Extension: vshare plugin = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Radialpoint SPD Extension = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\

 

O1 HOSTS File: ([2012/01/20 22:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [PCMService] c:\apps\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

O4 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006..\Run: [smpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

O4 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-2908480339-1261026855-1997213502-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDA3FEC-98C4-4888-880B-B2077EF2D21C}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2027/03/30 21:52:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\PCHealth

[2027/03/24 23:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp

[2012/06/28 22:19:29 | 000,596,992 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\neil fulton\Desktop\OTL (1).exe

[2012/06/28 22:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/06/28 22:16:36 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/06/28 22:16:35 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/06/28 22:16:29 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/06/28 22:16:29 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/06/28 22:11:27 | 021,053,392 | ---- | C] (Oracle Corporation) -- D:\Documents and Settings\neil fulton\Desktop\jre-7u4-windows-i586 (1).exe

[2012/06/13 15:50:26 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/06/28 22:32:43 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/06/28 22:22:31 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/28 22:22:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job

[2012/06/28 22:22:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/06/28 22:22:20 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/28 22:19:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\neil fulton\Desktop\OTL (1).exe

[2012/06/28 22:16:12 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/06/28 22:16:12 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/06/28 22:16:12 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/06/28 22:16:12 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/06/28 22:16:11 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012/06/28 22:16:11 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/06/28 22:11:18 | 021,053,392 | ---- | M] (Oracle Corporation) -- D:\Documents and Settings\neil fulton\Desktop\jre-7u4-windows-i586 (1).exe

[2012/06/28 22:09:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/28 21:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/06/27 13:52:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/06/14 14:07:20 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/06/13 22:37:15 | 028,573,696 | ---- | M] () -- C:\WINDOWS\software.old

[2012/06/13 22:36:23 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/13 22:36:23 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/13 22:30:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/06/07 14:13:30 | 000,000,669 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/04 21:53:37 | 000,005,120 | ---- | M] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui

[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll

[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl

[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll

[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll

[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll

[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe

[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll

[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll

[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll

[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

 

========== Files Created - No Company Name ==========

 

[2012/02/15 09:48:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 14:34:01 | 000,005,120 | ---- | C] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/11 20:57:31 | 000,058,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/12/29 23:00:59 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe

[2011/12/29 21:32:27 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe

[2011/12/29 21:32:21 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys

[2011/12/29 17:40:39 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/12/29 17:40:39 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/12/29 17:40:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/12/29 17:39:22 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/07/24 14:56:21 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2011/07/24 14:56:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2011/07/24 14:52:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2011/07/22 20:54:16 | 000,113,032 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2011/07/22 20:54:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2011/05/17 16:20:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/05/14 14:55:49 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI

[2007/05/20 19:38:23 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

 

< End of report >

Posted

Hello, suarezlfc.

 

 

OK, you have SmartDefrag? I saw an IOBIt directory, but couldn't tell what software it was. You can keep that if you want, although I question anything made by IOBit given the article I shared above.

 

 

Step 1

 

 

Next, we need to update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 4 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 7 Update 2
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.

 

 

 

 

 

 

 

 

Step 2

 

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

 

 

etavares

Posted

hi etavares

 

i ran the eset scan but i never got the option when it had finished for a list of found threats,it just said no threats were found

Posted

Yes, Smart Defrag is made by IOBit. Defragging in general is a good idea. It does improve performance. Here's a good link to read more about the benefits:

http://www.bleepingcomputer.com/tutorials/the-importance-of-disk-defragmentation/

 

Is everything running OK now? I can provide instructions to clean up if it looks good.

Posted

Hello, suarezlfc.

 

 

Your logs appear clean. You can run StartupLite in my Optional instructions below...that may help improve speed. If it is slow at bootup, you can try Soluto. Some folks have had luck with that.

 

 

 

 

 

 

Step 1

 

 

Next, we need to remove the other tools we have used.

  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpg icon to start the program.
  • Then, click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.

 

 

 

 

 

 

Step 2

 

 

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.

  1. Go to Start --> All Programs --> Accessories --> System Tools --> System Restore.
  2. Select Create a Restore Point and click Next.
  3. Give the restore point a name and press create.
  4. You'll see it work, then say that it was created sucessfully. Click Close.

 

 

 

 

Now, we need to remove the old, infected points using DiskCleanup.

  1. Click on Start --> Run.
  2. Type in cleanmgr into the run box and hit OK.
  3. Select C: and press OK
  4. Select the More Options tab.
  5. Click on Clean up in the System Restore section..
  6. Click OK.
  7. You'll get a couple of prompts asking if you're sure you want do to this, select Yes and OK for them.
  8. Disk cleanup will remove the old restore points that included the malware.

 

 

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.

 

 

 

 

Optional Items

 

 

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.

 

 

 

 

System Still Slow?

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

 

 

Protect yourself from malicious sites

 

 

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

 

 

 

 

 

 

 

 

Keep Windows Up to Date

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

 

 

 

 

Update your AntiVirus Software

 

 

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

 

 

 

 

Make sure your applications have all of their updates

 

 

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

 

 

 

 

 

 

Install an AntiSpyware Program

 

 

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

 

 

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

 

 

 

 

Update all these programs regularly

Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

 

 

Good luck!

 

 

etavares

  • 2 weeks later...
Guest
This topic is now closed to further replies.

×
×
  • Create New...