Jump to content

Recommended Posts

Posted
hi guys im having a few issues with my pc im wondering if anyone could help,i seem to be getting alot of pop ups lately when i open a new web browser page,im getting alot of gambling sites and also keep getting a page that flashes up bizcoaching!! im pretty sure this is an infection can anybody help me out?
  • Replies 13
  • Created
  • Last Reply

Top Posters In This Topic

Posted

Hi Suarezlfc

 

can you run this for me please.

 

Please download AdwCleaner by Xplode onto your desktop.

 

 

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Then can you go to this post and reply back with all the Logs for are security team to review them

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

 

http://www.geekstogo.com/downloads/unite_blue.png

 

Need help with your computer problems? Then why not join Free PC Help. Register here

 

If Free PC Help has helped you then please consider a donation. Click here

 

We are all members helping other members.

Please return here where you may be able to help someone else.

After all, no one knows everything and you may have the answer that someone needs.

Posted

hi seedy here is the log

# AdwCleaner v2.304 - Logfile created 07/07/2013 at 13:56:26

# Updated 03/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : neil fulton - SN049765120045

# Boot Mode : Normal

# Running from : D:\Documents and Settings\neil fulton\My Documents\Downloads\adwcleaner.exe

# Option [Delete]

 

 

 

 

***** [services] *****

 

 

 

 

***** [Files / Folders] *****

 

 

Deleted on reboot : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

File Deleted : D:\DOCUME~1\NEILFU~1\LOCALS~1\Temp\Uninstall.exe

File Deleted : D:\Documents and Settings\All Users\Desktop\RebateGiant.com.url

File Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

File Deleted : D:\END

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DomaIQ Uninstaller

Folder Deleted : C:\Program Files\Free Offers from Freeze.com

Folder Deleted : C:\Program Files\Supreme Savings

Folder Deleted : C:\Program Files\Viewpoint

Folder Deleted : C:\Program Files\vShare.tv plugin

Folder Deleted : C:\Program Files\VshareComplete

Folder Deleted : D:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : D:\Documents and Settings\All Users\Application Data\Bandoo

Folder Deleted : D:\Documents and Settings\All Users\Application Data\boost_interprocess

Folder Deleted : D:\Documents and Settings\All Users\Application Data\iMesh

Folder Deleted : D:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : D:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : D:\Documents and Settings\All Users\Start Menu\Programs\RebateInformer

Folder Deleted : D:\Documents and Settings\neil fulton\Application Data\Babylon

Folder Deleted : D:\Documents and Settings\neil fulton\Application Data\PriceGong

Folder Deleted : D:\Documents and Settings\neil fulton\Application Data\VshareComplete

Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Conduit

Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Ilivid

Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\PackageAware

Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Updater19962

Folder Deleted : D:\Documents and Settings\neil fulton\Start Menu\Programs\Video Downloader

 

 

***** [Registry] *****

 

 

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\DomaIQ

Key Deleted : HKLM\SOFTWARE\e2db88e76aee10

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Supreme Savings

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\SimplyGen

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

 

 

***** [internet Browsers] *****

 

 

-\\ Internet Explorer v8.0.6001.18702

 

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=120519&babsrc=NT_ss&mntrId=F86A0016E6106FFB --> hxxp://www.google.com

 

 

-\\ Google Chrome v11.0.696.65

 

 

File : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

 

Deleted [l.31] : keyword = "startsear.ch",

Deleted [l.34] : search_url = "hxxp://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={se[...]

 

 

*************************

 

 

AdwCleaner[R1].txt - [9074 octets] - [07/07/2013 13:55:09]

AdwCleaner[s1].txt - [8932 octets] - [07/07/2013 13:56:26]

 

 

########## EOF - D:\AdwCleaner[s1].txt - [8992 octets] ##########

Posted

malware log

 

Malwarebytes Anti-Malware 1.75.0.1300

http://www.malwarebytes.org

 

 

Database version: v2013.07.11.04

 

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

neil fulton :: SN049765120045 [administrator]

 

 

07/07/2013 15:43:00

mbam-log-2013-07-07 (15-43-00).txt

 

 

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 409829

Time elapsed: 1 hour(s), 58 second(s)

 

 

Memory Processes Detected: 0

(No malicious items detected)

 

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.DomaIQ) -> Quarantined and deleted successfully.

 

 

Registry Values Detected: 0

(No malicious items detected)

 

 

Registry Data Items Detected: 0

(No malicious items detected)

 

 

Folders Detected: 0

(No malicious items detected)

 

 

Files Detected: 1

D:\Documents and Settings\neil fulton\My Documents\Downloads\Setup.exe (Trojan.DomaIQ) -> Quarantined and deleted successfully.

 

 

(end)

Posted

OTL logfile created on: 07/07/2013 17:52:30 - Run 2

OTL by OldTimer - Version 3.2.53.0 Folder = D:\Documents and Settings\neil fulton\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1022.48 Mb Total Physical Memory | 305.09 Mb Available Physical Memory | 29.84% Memory free

2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.89% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.80 Gb Total Space | 16.74 Gb Free Space | 44.28% Space Free | Partition Type: NTFS

Drive D: | 111.24 Gb Total Space | 79.50 Gb Free Space | 71.47% Space Free | Partition Type: NTFS

 

Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - D:\Documents and Settings\neil fulton\Local Settings\temp\jre-7u25-windows-i586-iftw.exe (Oracle Corporation)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - D:\Documents and Settings\neil fulton\Desktop\OTL (1).exe (OldTimer Tools)

PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)

PRC - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

PRC - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - D:\Documents and Settings\neil fulton\Application Data\Sun\Java\jre1.7.0_25\lzma.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppgooglenaclpluginchrome.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\Locales\en-US.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avutil-50.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avformat-52.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avcodec-52.dll ()

MOD - C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll ()

MOD - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

MOD - C:\WINDOWS\system32\pthreadVC.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll ()

MOD - C:\WINDOWS\sm56spn.dll ()

MOD - C:\WINDOWS\sm56jpn.dll ()

MOD - C:\WINDOWS\sm56itl.dll ()

MOD - C:\WINDOWS\sm56eng.dll ()

MOD - C:\WINDOWS\sm56ger.dll ()

MOD - C:\WINDOWS\sm56fra.dll ()

MOD - C:\WINDOWS\sm56brz.dll ()

MOD - C:\WINDOWS\sm56cht.dll ()

MOD - C:\WINDOWS\sm56chs.dll ()

MOD - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

MOD - C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll ()

MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found

DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)

DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()

DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{4E9D8D44-C087-446F-9AAF-32AED87212EA}: "URL" = http://www.bing.com/search?q={searchTerms}&r=468

IE - HKCU\..\SearchScopes\{601115BF-FE84-4E00-AAAE-281610222DF3}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/06/02 09:46:36 | 000,000,000 | ---D | M]

 

[2013/04/27 19:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

 

========== Chrome ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll

CHR - plugin: Chrome NaCl (Disabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gears.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Client Gateway 4.1.16 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: SiteAdvisor = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\

CHR - Extension: vshare plugin = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Radialpoint SPD Extension = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\

 

O1 HOSTS File: ([2012/01/20 22:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PCMService] c:\apps\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKCU..\Run: [smpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365692516062 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDA3FEC-98C4-4888-880B-B2077EF2D21C}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: nwiz - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: RealTray - hkey= - key= - Reg Error: Value error. File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2027/03/30 21:52:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\PCHealth

[2027/03/24 23:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp

[2013/07/02 15:14:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2013/07/02 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/07/02 15:06:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2013/07/02 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2013/07/02 13:49:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Applications

[2013/07/01 18:36:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\My Documents\Nokia Suite

[2013/07/01 18:33:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia Suite

[2013/07/01 18:32:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia

[2013/07/01 18:30:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2013/07/01 18:29:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\NokiaAccount

[2013/06/30 20:03:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\Nokia

[2013/06/30 20:02:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\PC Suite

[2013/06/30 20:02:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Suite

[2013/06/30 19:58:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Nokia

[2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Nokia

[2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia

[2013/06/30 19:54:12 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2013/06/30 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2013/06/30 19:53:26 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys

[2013/06/30 19:53:25 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys

[2013/06/30 19:53:20 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys

[2013/06/30 19:53:17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys

[2013/06/30 19:53:15 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys

[2013/06/30 19:53:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll

[2013/06/30 19:53:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll

[2013/06/30 19:53:10 | 000,069,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll

[2013/06/30 19:53:10 | 000,018,560 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys

[2013/06/30 19:53:08 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll

[2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/07 17:44:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/07/07 17:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/07/07 17:34:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/07 17:32:37 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/07 17:32:37 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job

[2013/07/07 17:32:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/07/07 17:32:27 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/07 14:42:45 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/07/07 14:37:31 | 000,564,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/07/07 14:37:31 | 000,113,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/07/07 14:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/07/07 13:53:18 | 000,650,027 | ---- | M] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe

[2013/07/05 17:13:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/07/02 15:14:52 | 000,001,463 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2013/07/02 15:06:28 | 000,001,501 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2013/07/02 14:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/07/01 18:29:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2013/07/01 18:29:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2013/07/01 18:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2013/06/30 19:58:53 | 000,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk

[2013/06/08 11:41:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/06/08 11:41:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/06/07 23:55:44 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

[2013/06/07 22:56:06 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/06/07 22:56:06 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2013/06/07 22:56:06 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2013/06/07 22:56:06 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll

[2013/06/07 22:56:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2013/06/07 22:56:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2013/06/07 22:56:06 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2013/06/07 22:56:06 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll

[2013/06/07 22:56:06 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll

[2013/06/07 22:56:06 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2013/06/07 22:56:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2013/06/07 22:56:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll

[2013/06/07 22:56:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll

[2013/06/07 22:56:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2013/06/07 22:56:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2013/06/07 22:56:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll

[2013/06/07 22:56:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll

[2013/06/07 22:56:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2013/06/07 22:56:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2013/06/07 22:56:05 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2013/06/07 22:56:05 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2013/06/07 22:56:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2013/06/07 22:56:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2013/06/07 22:56:05 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2013/06/07 22:56:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2013/06/07 22:56:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

[2013/06/07 22:56:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll

[2013/06/07 22:56:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll

[2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

 

========== Files Created - No Company Name ==========

 

[2013/07/07 13:52:48 | 000,650,027 | ---- | C] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe

[2013/07/02 15:14:52 | 000,001,463 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2013/07/02 15:06:28 | 000,001,501 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2013/07/01 18:29:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2013/07/01 18:29:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2013/07/01 18:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2013/06/30 19:58:52 | 000,001,636 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk

[2013/04/11 14:42:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/10/13 13:41:20 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2012/02/15 09:48:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 14:34:01 | 000,008,704 | ---- | C] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/11 20:57:31 | 000,058,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/12/29 23:00:59 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe

[2011/12/29 21:32:27 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe

[2011/12/29 21:32:21 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys

[2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/12/29 17:40:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/12/29 17:39:22 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/07/24 14:56:21 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2011/07/24 14:56:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2011/07/24 14:52:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2011/07/22 20:54:16 | 000,113,032 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2011/07/22 20:54:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2007/05/20 19:38:23 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

========== LOP Check ==========

 

[2013/07/02 15:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2010/08/05 10:34:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\2032C

[2011/09/04 16:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\2537A

[2009/08/09 19:08:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AdventureChronicles1

[2012/10/13 13:41:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Affinegy

[2013/07/02 13:49:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Applications

[2013/06/06 19:57:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG2013

[2010/08/05 10:51:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BabylonIM

[2009/07/14 18:06:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Beanbag Studios

[2011/05/01 19:36:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Big Fish Games

[2011/05/10 13:40:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\cN01803FfCfF01803

[2012/01/17 19:13:47 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files

[2011/12/29 22:12:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IObit

[2009/07/04 22:33:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\JollyBear

[2011/11/13 14:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Leapfrog

[2013/06/06 20:00:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData

[2009/03/07 13:42:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MGS

[2009/03/07 13:39:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microgaming

[2013/06/30 20:01:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nokia

[2013/06/30 19:45:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2009/07/04 23:37:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Oberonv1005

[2006/04/20 16:49:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2

[2013/06/30 20:02:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Suite

[2009/07/14 17:54:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PlayFirst

[2009/08/10 18:48:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Product

[2009/08/10 18:48:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\QuickClick

[2013/07/07 17:35:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Radialpoint

[2009/07/06 22:06:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SpinTop Games

[2007/10/23 11:31:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\STOPzilla!

[2011/05/02 18:41:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP

[2009/07/13 00:20:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\The Game Equation

[2009/10/16 15:20:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems

[2006/07/01 08:57:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\VadeRetro

[2012/01/19 20:39:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Virgin Media

[2010/10/11 22:07:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Zylom

[2010/08/05 09:24:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{1A458D70-B989-4B6C-8D14-6475A477F678}

[2011/09/11 16:22:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/15 21:23:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\asoftech

[2013/04/11 22:17:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\AVG2013

[2012/12/12 21:31:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Azureus

[2012/12/03 00:05:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\BitLord

[2011/09/06 13:44:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\bsbandmltbpi

[2011/12/29 21:47:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\IObit

[2013/07/01 18:33:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Nokia

[2013/07/02 13:31:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Nokia Suite

[2011/09/04 17:07:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\OD2

[2013/07/01 18:32:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\PC Suite

[2013/04/30 10:16:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\player

[2012/12/02 23:57:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Python-Eggs

[2013/06/29 20:05:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Radialpoint

[2011/12/27 13:39:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Sports Interactive

[2013/04/11 22:12:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\TuneUp Software

[2011/05/10 16:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Ulead Systems

[2011/05/09 17:09:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\VadeRetro

[2012/01/19 14:01:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Virgin Media

[2013/07/07 17:32:37 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

========== Drive Information ==========

 

Physical Drives

---------------

 

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media

Interface type: IDE

Media Type: Fixed\thard disk media

Model: ST3160812AS

Partitions: 2

Status: OK

Status Info: 0

 

Drive: \\\\.\\PHYSICALDRIVE1 -

Interface type: USB

Media Type:

Model: Generic USB SD Reader USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: \\\\.\\PHYSICALDRIVE2 -

Interface type: USB

Media Type:

Model: Generic USB CF Reader USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: \\\\.\\PHYSICALDRIVE3 -

Interface type: USB

Media Type:

Model: Generic USB SM Reader USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: \\\\.\\PHYSICALDRIVE4 -

Interface type: USB

Media Type:

Model: Generic USB MS Reader USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Partitions

---------------

 

DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 38.00GB

Starting Offset: 32256

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 111.00GB

Starting Offset: 40591756800

Hidden sectors: 0

 

 

< %SYSTEMDRIVE%\*.* >

[2006/07/01 08:53:44 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK

[2006/07/01 09:28:19 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI

[2004/08/04 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2006/07/01 08:10:44 | 000,006,053 | ---- | M] () -- C:\DWNLOG.TXT

[2013/07/07 17:32:27 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2006/07/01 08:55:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/07/01 08:57:04 | 000,000,880 | -H-- | M] () -- C:\IPH.PH

[2006/07/01 08:10:44 | 000,006,053 | ---- | M] () -- C:\MCDLOG.TXT

[2006/07/01 08:55:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 14:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM

[2011/11/20 20:07:59 | 000,250,048 | ---- | M] () -- C:\NTLDR

[2013/07/07 17:32:26 | 1608,224,768 | -HS- | M] () -- C:\pagefile.sys

[2006/04/20 11:01:26 | 000,001,128 | ---- | M] () -- C:\SAUDIT.TXT

[2006/07/01 08:10:44 | 000,000,000 | ---- | M] () -- C:\UPDFLOP.TAG

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2004/08/10 16:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004/08/10 16:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004/08/10 16:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

 

< End of report >

Posted

Hi suarezlfc

 

OTL by OldTimer - Version 3.2.53.0 Folder = D:\Documents and Settings\neil fulton\Desktop

This is an outdated version of OTL.

Please remove it and download a fresh copy from ... OTL

 

Double click on OTL to run it.

  • Under the Extra Registry section, make sure that Use SafeList is selected.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. (the Main.txt and the Extras.txt)

 

Thanks

Member of:

UNITE

Posted

otl

OTL logfile created on: 10/07/2013 14:29:06 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\neil fulton\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1022.48 Mb Total Physical Memory | 320.48 Mb Available Physical Memory | 31.34% Memory free

2.40 Gb Paging File | 1.73 Gb Available in Paging File | 71.96% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.80 Gb Total Space | 16.54 Gb Free Space | 43.75% Space Free | Partition Type: NTFS

Drive D: | 111.24 Gb Total Space | 79.48 Gb Free Space | 71.45% Space Free | Partition Type: NTFS

 

Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - D:\Documents and Settings\neil fulton\My Documents\Downloads\OTL (1).exe (OldTimer Tools)

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)

PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)

PRC - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)

PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

PRC - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll ()

MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()

MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppgooglenaclpluginchrome.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\Locales\en-US.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avutil-50.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avformat-52.dll ()

MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avcodec-52.dll ()

MOD - C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll ()

MOD - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe ()

MOD - C:\WINDOWS\system32\pthreadVC.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll ()

MOD - c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll ()

MOD - C:\WINDOWS\sm56spn.dll ()

MOD - C:\WINDOWS\sm56jpn.dll ()

MOD - C:\WINDOWS\sm56itl.dll ()

MOD - C:\WINDOWS\sm56eng.dll ()

MOD - C:\WINDOWS\sm56ger.dll ()

MOD - C:\WINDOWS\sm56fra.dll ()

MOD - C:\WINDOWS\sm56brz.dll ()

MOD - C:\WINDOWS\sm56cht.dll ()

MOD - C:\WINDOWS\sm56chs.dll ()

MOD - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

MOD - C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll ()

MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)

SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (CLSched) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found

DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)

DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)

DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)

DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)

DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()

DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)

DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{4E9D8D44-C087-446F-9AAF-32AED87212EA}: "URL" = http://www.bing.com/search?q={searchTerms}&r=468

IE - HKCU\..\SearchScopes\{601115BF-FE84-4E00-AAAE-281610222DF3}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/06/02 09:46:36 | 000,000,000 | ---D | M]

 

[2013/04/27 19:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

 

========== Chrome ==========

 

CHR - default_search_provider: Web Search (Enabled)

CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll

CHR - plugin: Chrome NaCl (Disabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gears.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Client Gateway 4.1.16 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: SiteAdvisor = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\

CHR - Extension: vshare plugin = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Radialpoint SPD Extension = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\

 

O1 HOSTS File: ([2012/01/20 22:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PCMService] c:\apps\Powercinema\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)

O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe ()

O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKCU..\Run: [smpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365692516062 (WUWebControl Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDA3FEC-98C4-4888-880B-B2077EF2D21C}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2027/03/30 21:52:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\PCHealth

[2027/03/24 23:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp

[2013/07/07 18:24:50 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2013/07/07 18:24:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2013/07/07 18:24:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013/07/07 18:24:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013/07/07 18:24:42 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013/07/02 15:14:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2013/07/02 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/07/02 15:06:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2013/07/02 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2013/07/02 13:49:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Applications

[2013/07/01 18:36:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\My Documents\Nokia Suite

[2013/07/01 18:33:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia Suite

[2013/07/01 18:32:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia

[2013/07/01 18:30:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2013/07/01 18:29:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\NokiaAccount

[2013/06/30 20:03:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\Nokia

[2013/06/30 20:02:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\PC Suite

[2013/06/30 20:02:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Suite

[2013/06/30 19:58:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Nokia

[2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Nokia

[2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia

[2013/06/30 19:54:12 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2013/06/30 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2013/06/30 19:53:26 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys

[2013/06/30 19:53:25 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys

[2013/06/30 19:53:20 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys

[2013/06/30 19:53:17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys

[2013/06/30 19:53:15 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys

[2013/06/30 19:53:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll

[2013/06/30 19:53:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll

[2013/06/30 19:53:10 | 000,069,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll

[2013/06/30 19:53:10 | 000,018,560 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys

[2013/06/30 19:53:08 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll

[2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

 

========== Files - Modified Within 30 Days ==========

 

[2013/07/10 13:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/07/10 13:39:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/07/10 13:39:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/10 13:14:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/07/10 13:02:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job

[2013/07/10 13:01:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/07/10 13:01:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/07/10 13:01:52 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2013/07/07 18:24:30 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll

[2013/07/07 18:24:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2013/07/07 18:24:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2013/07/07 18:24:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2013/07/07 18:24:23 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2013/07/07 18:24:21 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2013/07/07 18:24:21 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2013/07/07 14:42:45 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/07/07 14:37:31 | 000,564,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/07/07 14:37:31 | 000,113,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/07/07 14:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/07/07 13:53:18 | 000,650,027 | ---- | M] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe

[2013/07/02 15:14:52 | 000,001,463 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2013/07/02 15:06:28 | 000,001,501 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2013/07/02 14:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/07/01 18:29:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2013/07/01 18:29:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2013/07/01 18:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2013/06/30 19:58:53 | 000,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk

 

========== Files Created - No Company Name ==========

 

[2013/07/07 13:52:48 | 000,650,027 | ---- | C] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe

[2013/07/02 15:14:52 | 000,001,463 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2013/07/02 15:06:28 | 000,001,501 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2013/07/01 18:29:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2013/07/01 18:29:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2013/07/01 18:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2013/06/30 19:58:52 | 000,001,636 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk

[2013/04/11 14:42:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/10/13 13:41:20 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2012/02/15 09:48:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/14 14:34:01 | 000,008,704 | ---- | C] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/02/11 20:57:31 | 000,058,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/12/29 23:00:59 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe

[2011/12/29 21:32:27 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe

[2011/12/29 21:32:21 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys

[2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/12/29 17:40:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/12/29 17:39:22 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/07/24 14:56:21 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2011/07/24 14:56:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2011/07/24 14:52:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2011/07/22 20:54:16 | 000,113,032 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

[2011/07/22 20:54:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

[2007/05/20 19:38:23 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

 

========== ZeroAccess Check ==========

 

[2013/04/11 14:34:37 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\L

[2013/04/11 15:47:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\U

[2013/04/11 15:46:43 | 000,000,804 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\L\00000004.@

[2006/07/01 08:42:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

"ThreadingModel" = Both

"" = shell32.dll -- [2012/06/08 15:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

 

< End of report >

Posted

extrasOTL Extras logfile created on: 10/07/2013 14:29:07 - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\neil fulton\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1022.48 Mb Total Physical Memory | 320.48 Mb Available Physical Memory | 31.34% Memory free

2.40 Gb Paging File | 1.73 Gb Available in Paging File | 71.96% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.80 Gb Total Space | 16.54 Gb Free Space | 43.75% Space Free | Partition Type: NTFS

Drive D: | 111.24 Gb Total Space | 79.48 Gb Free Space | 71.45% Space Free | Partition Type: NTFS

 

Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:*:Enabled:Wireless Manager Application -- (Affinegy, Inc.)

"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player

"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help

"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E17C94B-913A-48A4-B1A8-8CE25157C170}" = Media Player Product Tool 5.30

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin

"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete

"{ECDD5C30-074C-4586-80BC-1FD0F2E9AAD7}" = SM56Tester

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect

"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)

"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager

"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Chronicles of Mystery HO2/EN-English_is1" = Chronicles of Mystery: Secret of the Lost Kingdom

"ESET Online Scanner" = ESET Online Scanner v3

"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"HPExtendedCapabilities" = HP Extended Capabilities 5.3

"ie8" = Windows Internet Explorer 8

"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)

"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nokia Suite" = Nokia Suite

"RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.16

"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27

"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.23

"Secunia PSI" = Secunia PSI (3.0.0.2004)

"Smart Defrag 2_is1" = Smart Defrag 2

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Speccy" = Speccy

"Steam App 71270" = Football Manager 2012

"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

"UPCShell" = LeapFrog Connect

"vShare.tv plugin" = vShare.tv plugin 1.3

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winusb0100" = Microsoft WinUsb 1.0

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 07/07/2013 13:24:28 | Computer Name = SN049765120045 | Source = MsiInstaller | ID = 10005

Description = Product: Windows Phone app for desktop -- We can't install the Windows

Phone app for desktop on server operating systems.

 

[ System Events ]

Error - 05/07/2013 12:15:35 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Google Software Updater

service to connect.

 

Error - 06/07/2013 12:45:15 | Computer Name = SN049765120045 | Source = DCOM | ID = 10005

Description = DCOM got error "%1053" attempting to start the service gusvc with

arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

 

Error - 06/07/2013 12:45:28 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the Google Software Updater

service to connect.

 

Error - 07/07/2013 08:42:39 | Computer Name = SN049765120045 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.2 for the Network Card with network

address 0016E6106FFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 07/07/2013 08:59:05 | Computer Name = SN049765120045 | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.153.1421.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

 

 

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

 

Error - 07/07/2013 08:59:05 | Computer Name = SN049765120045 | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.153.1421.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

 

 

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

 

Error - 07/07/2013 08:59:05 | Computer Name = SN049765120045 | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.153.1421.0 Update Source: %%859 Update Stage:

%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

 

 

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error

code: 0x80240016 Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

 

Error - 07/07/2013 12:33:13 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

ViaIde

 

Error - 07/07/2013 13:00:04 | Computer Name = SN049765120045 | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume D:.

 

Error - 07/07/2013 13:23:00 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

 

 

< End of report >

Posted

Hi suarezlfc

 

 

Step 1

Did you purposely install:

McAfee Security Scan Plus

 

It can be installed when installing other programs, it's not really doing much good.

MSSE will work well without this.

 

Radialpoint Security Advisor 2.5.23

I'd recommend this is removed.

It's part of the Virgin Media security.... but it doesn't work well with some Anti Virus programs and isn't needed for Virgin Media to work on your system.

If you installed the Virgin Media software from the disc they supplied, it would have been added.

Most people don't realise that you don't need to install the Virgin Media software for the connection to work.

 

 

Step 2

If the OTL fix freezes, you will need to uninstall MalwareBytes Antimalware..... run the OTL fix and then reinstall it again after the fix has completed.

This is a known issue on some Win XP systems.

 

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you also include the Commands section )

:otl
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKCU..\Run: [] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RealTray - hkey= - key= - Reg Error: Value error. File not found
[2013/06/06 19:57:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG2013
[2010/08/05 10:51:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BabylonIM
[2013/04/11 22:17:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\AVG2013
[2012/12/12 21:31:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Azureus
[2012/12/03 00:05:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\BitLord

:Files
C:\Program Files\AVG
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

Step 3

Download RogueKiller and save it to your desktop.

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

 

Note:

If RogueKiller is blocked, do not hesitate to try running it again.

If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

 

 

In your next reply, please submit:

Otl fix report

RKreport.txt

 

 

Thanks.

Member of:

UNITE

Posted

hi starbuck were will i find radialpoint security advisor had a look on my programmes but couldnt see it

here is the new otl log

All processes killed

========== OTL ==========

No active process named AOLacsd.exe was found!

Service AOL ACS stopped successfully!

Service AOL ACS deleted successfully!

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe moved successfully.

Service AFGMp50 stopped successfully!

Service AFGMp50 deleted successfully!

File System32\Drivers\AFGMp50.sys File not found not found.

Error: No service named wanatw) WAN Miniport (ATW was found to stop!

Service\Driver key wanatw) WAN Miniport (ATW not found.

C:\WINDOWS\system32\drivers\wanatw4.sys moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CTFMON.EXE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HP Software Update\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\nwiz\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QuickTime Task\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RealTray\ deleted successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013\log folder moved successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013\IDS\quarantine folder moved successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013\IDS\config folder moved successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013\IDS folder moved successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013\DB folder moved successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013\Cfg folder moved successfully.

D:\Documents and Settings\All Users\Application Data\AVG2013 folder moved successfully.

D:\Documents and Settings\All Users\Application Data\BabylonIM folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\AVG2013\cfgall folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\AVG2013 folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\torrents folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\tmp folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\shares folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\rss folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins\mlab folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins\azupnpav folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\net folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\logs folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\dht folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\devices folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus\active folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\Azureus folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord\state folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord\plugins folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord\ipc folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord\icons folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord\favicons folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord\BrowserCache folder moved successfully.

D:\Documents and Settings\neil fulton\Application Data\BitLord folder moved successfully.

========== FILES ==========

File\Folder C:\Program Files\AVG not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

D:\Documents and Settings\neil fulton\My Documents\Downloads\cmd.bat deleted successfully.

D:\Documents and Settings\neil fulton\My Documents\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: lindsay fulton

->Temp folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Flash cache emptied: 10119 bytes

 

User: LocalService.NT AUTHORITY

->Temp folder emptied: 0 bytes

 

User: neil fulton

->Temp folder emptied: 458255348 bytes

->Temporary Internet Files folder emptied: 1999219 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 106479904 bytes

->Flash cache emptied: 3362 bytes

 

User: NetworkService

->Temp folder emptied: 1244344 bytes

->Temporary Internet Files folder emptied: 93357272 bytes

 

User: NetworkService.NT AUTHORITY

->Temp folder emptied: 0 bytes

 

User: ShopperReports3

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 88087050 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 212322870 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 1500546 bytes

 

Total Files Cleaned = 919.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

 

OTL by OldTimer - Version 3.2.69.0 log created on 07142013_215745

 

 

Files\Folders moved on Reboot...

 

 

PendingFileRenameOperations files...

 

 

Registry entries deleted on Reboot...

Posted

rogue killer log

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : neil fulton [Admin rights]

Mode : Scan -- Date : 07/14/2013 22:21:52

| ARK || FAK || MBR |

 

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] sm56hlpr.exe -- C:\WINDOWS\sm56hlpr.exe [7] -> KILLED [TermProc]

 

 

¤¤¤ Registry Entries : 5 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[EXT RUN][sUSP PATH] HKCU\lindsay fulton_ON_D:\[...]\Run : M5T8QL3YW3 (D:\DOCUME~1\LINDSA~1\LOCALS~1\Temp\Shl.exe [x]) -> FOUND

[EXT RUNONCE][sUSP PATH] HKCU\lindsay fulton_ON_D:\[...]\RunOnce : cN01803FfCfF01803 (D:\Documents and Settings\All Users\Application Data\cN01803FfCfF01803\cN01803FfCfF01803.exe [x][x]) -> FOUND

 

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

 

¤¤¤ Web browsers : 0 ¤¤¤

 

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\U [-] --> FOUND

[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-21-2908480339-1261026855-1997213502-1006\$0714c658809f9a76d159c2750deb5544\U [-] --> FOUND

[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\L [-] --> FOUND

[ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-21-2908480339-1261026855-1997213502-1006\$0714c658809f9a76d159c2750deb5544\L [-] --> FOUND

 

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

 

¤¤¤ External Hives: ¤¤¤

-> D:\Documents and Settings\All Users\NTUSER.DAT

 

 

-> D:\Documents and Settings\Default User\NTUSER.DAT

 

D:\Documents and Settings\Owner\Start Menu\Programs\Startup

-> D:\Documents and Settings\lindsay fulton\NTUSER.DAT

 

D:\Documents and Settings\lindsay fulton\Start Menu\Programs\Startup

-> D:\Documents and Settings\LocalService\NTUSER.DAT

 

 

-> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT

 

D:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu\Programs\Startup

-> D:\Documents and Settings\neil fulton\NTUSER.DAT

 

 

-> D:\Documents and Settings\NetworkService\NTUSER.DAT

 

 

-> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT

 

D:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu\Programs\Startup

-> D:\Documents and Settings\ShopperReports3\NTUSER.DAT

 

 

-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

 

 

 

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

ÿþ1

 

 

¤¤¤ MBR Check: ¤¤¤

 

 

+++++ PhysicalDrive0: ST3160812AS +++++

--- User ---

[MBR] ecea8916f5ebeec9b928740ac0421e1a

[bSP] 987cf5983f07a295a06cf311d092e291 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38703 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 79280775 | Size: 113906 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

 

Finished : << RKreport[0]_S_07142013_222152.txt >>

Posted

Hi suarezlfc

 

were will i find radialpoint security advisor had a look on my programmes but couldnt see it

It should be showing in the add/remove list:

"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.23

 

 

Step 1

Thanks for the RogueKiller report.

 

¤¤¤ Infection : ZeroAccess ¤¤¤

I thought that was the case, but wanted to double check.

 

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Delete button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

 

 

Step 2

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
     
    Then:
     
    Double click on Combo-Fix.exe & follow the prompts.
     
    Vista/Win7 users should right click on the icon and select Run as Administrator.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

In your next reply, please submit:

New RKreport.txt

Combofix.txt

 

Thanks.

Member of:

UNITE

Posted

ComboFix 13-07-25.02 - neil fulton 22/07/2013 17:19:04.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.294 [GMT 1:00]

Running from: d:\documents and settings\neil fulton\My Documents\Downloads\ComboFix.exe

AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\windows\ime\shared\imepadsv.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\075884af680ff6dc.fb

c:\windows\system32\Cache\227113dfa1ca894d.fb

c:\windows\system32\Cache\33c3d8fb31f8c0f0.fb

c:\windows\system32\Cache\49fbbc5a8678d502.fb

c:\windows\system32\Cache\5c54eb1a1655b076.fb

c:\windows\system32\Cache\613e8ce7ab7106af.fb

c:\windows\system32\Cache\633a76311867bd11.fb

c:\windows\system32\Cache\691f14230153a9e1.fb

c:\windows\system32\Cache\6cb409d7ac73d9f1.fb

c:\windows\system32\Cache\7614bd6cfa99e546.fb

c:\windows\system32\Cache\77664b6ccc36be9f.fb

c:\windows\system32\Cache\881b3593316772f0.fb

c:\windows\system32\Cache\98657d0579ae1930.fb

c:\windows\system32\Cache\ad188cdd908eace9.fb

c:\windows\system32\Cache\c4e10d1be905349b.fb

c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb

c:\windows\system32\Cache\d9ca663388d21ec0.fb

c:\windows\system32\Cache\f2cda51fd108941f.fb

c:\windows\system32\Cache\f34d8db84131d925.fb

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

c:\windows\tmp

c:\windows\tmp\system.bak

d:\documents and settings\All Users\Application Data\TEMP

D:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2013-06-22 to 2013-07-22 )))))))))))))))))))))))))))))))

.

.

2027-03-30 20:52 . 2027-03-30 20:52 -------- d-----w- d:\documents and settings\neil fulton\Local Settings\Application Data\PCHealth

2013-07-22 16:06 . 2013-07-22 16:06 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05034046-188B-4444-9C4F-31B1EBFDFD84}\MpKsl654e3556.sys

2013-07-17 22:54 . 2013-07-02 06:54 7143960 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05034046-188B-4444-9C4F-31B1EBFDFD84}\mpengine.dll

2013-07-12 16:40 . 2013-07-02 06:54 7143960 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-07 17:24 . 2013-07-07 17:24 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-07 17:24 . 2013-07-07 17:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-02 14:13 . 2013-07-02 14:13 -------- d-----w- c:\program files\iPod

2013-07-02 14:13 . 2013-07-02 14:14 -------- d-----w- d:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-07-02 14:13 . 2013-07-02 14:14 -------- d-----w- c:\program files\iTunes

2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2013-07-02 14:05 . 2013-07-02 14:06 -------- d-----w- c:\program files\QuickTime

2013-07-02 12:49 . 2013-07-02 12:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Applications

2013-07-01 17:33 . 2013-07-02 12:31 -------- d-----w- d:\documents and settings\neil fulton\Application Data\Nokia Suite

2013-07-01 17:32 . 2013-07-01 17:33 -------- d-----w- d:\documents and settings\neil fulton\Application Data\Nokia

2013-07-01 17:30 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys

2013-07-01 17:30 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys

2013-06-30 19:03 . 2013-07-01 17:29 -------- d-----w- d:\documents and settings\neil fulton\Local Settings\Application Data\Nokia

2013-06-30 19:02 . 2013-07-01 17:32 -------- d-----w- d:\documents and settings\neil fulton\Application Data\PC Suite

2013-06-30 19:02 . 2013-06-30 19:02 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite

2013-06-30 18:55 . 2013-06-30 19:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Nokia

2013-06-30 18:55 . 2013-06-30 18:57 -------- d-----w- c:\program files\Common Files\Nokia

2013-06-30 18:54 . 2012-10-17 13:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2013-06-30 18:53 . 2013-06-30 18:53 -------- d-----w- c:\program files\PC Connectivity Solution

2013-06-30 18:53 . 2013-01-23 09:31 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys

2013-06-30 18:53 . 2013-01-23 09:31 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys

2013-06-30 18:53 . 2013-01-23 09:31 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2013-06-30 18:53 . 2013-01-23 09:31 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2013-06-30 18:53 . 2013-01-23 09:31 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2013-06-30 18:53 . 2013-01-23 09:31 69632 ----a-w- c:\windows\system32\nmwcdcocls.dll

2013-06-30 18:53 . 2013-01-23 09:31 18560 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2013-06-30 18:53 . 2013-01-23 09:31 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll

2013-06-30 18:53 . 2012-06-11 12:04 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2013-06-30 18:53 . 2013-01-23 09:31 75264 ----a-w- c:\windows\system32\nmwcdcls.dll

2013-06-30 18:45 . 2013-06-30 18:55 -------- d-----w- c:\program files\Nokia

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-07 17:24 . 2012-01-21 09:01 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-07-07 17:24 . 2011-05-10 12:46 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-08 10:41 . 2012-03-28 09:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-08 10:41 . 2011-05-18 10:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-07 22:55 . 2004-08-10 15:37 385024 ----a-w- c:\windows\system32\html.iec

2013-06-07 21:56 . 2004-08-10 15:38 920064 ----a-w- c:\windows\system32\wininet.dll

2013-06-07 21:56 . 2004-08-10 15:37 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-06-07 21:56 . 2004-08-10 15:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-06-04 07:23 . 2004-08-10 15:38 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40 . 2004-08-10 15:38 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-05-08 23:28 . 2006-10-18 21:47 1543680 ------w- c:\windows\system32\wmvdecod.dll

2013-05-03 01:30 . 2004-08-10 15:38 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-03 00:38 . 2004-08-03 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 01:06 . 2011-11-05 11:48 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 02:59 . 2013-05-01 02:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2013-05-01 02:59 . 2013-05-01 02:59 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]

"Steam"="c:\program files\Steam\Steam.exe" [2013-07-10 1672616]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-26 39408]

"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-19 1090912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]

"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 143360]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-11-16 10200376]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

d:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Virgin Broadband Wireless\\Wireless Manager.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [29/12/2011 21:32 14776]

R1 MpKsl654e3556;MpKsl654e3556;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05034046-188B-4444-9C4F-31B1EBFDFD84}\MpKsl654e3556.sys [22/07/2013 17:06 29904]

R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [09/05/2011 16:02 1406264]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [06/06/2011 17:47 101552]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [27/06/2012 08:25 1326176]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [27/06/2012 08:25 681056]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [19/12/2011 19:51 10310968]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16/12/2011 15:19 15544]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [26/02/2008 20:33 18560]

S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [20/11/2011 16:33 33792]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [30/06/2013 19:53 137600]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [30/06/2013 19:53 8576]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:41]

.

2013-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 14:49]

.

2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 14:49]

.

2013-07-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]

.

2013-07-22 c:\windows\Tasks\SmartDefrag_Startup.job

- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-12-29 10:35]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

mStart Page = hxxp://www.google.com

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe

AddRemove-{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1 - c:\program files\VshareComplete\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-07-22 17:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4276)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Virgin Broadband Wireless\AffinegyService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe

c:\apps\Powercinema\Kernel\CLML_NTService\CLMLService.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

c:\windows\sm56hlpr.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Virgin Broadband Wireless\ndis_events.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

.

**************************************************************************

.

Completion time: 2013-07-22 17:43:02 - machine was rebooted

ComboFix-quarantined-files.txt 2013-07-22 16:42

.

Pre-Run: 17,595,707,392 bytes free

Post-Run: 17,406,660,608 bytes free

.

- - End Of File - - B62D83D00918E2D627C84C0B30032B0F

8F558EB6672622401DA993E1E865C861

Posted

Hi suarezlfc

 

There's still some AVG references in the WMI ( not really anything to worry about but we may as well clean them out).

 

Close any open browsers.

Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

 

Open Notepad - it must be Notepad, not Wordpad.

Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

SecCenter::
AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Go to the Notepad window and click Edit >> Paste

Then click File >> Save

Name the file "CFScript.txt" (including the quote marks)

Save the file to your Desktop

 

The main ComboFix.exe program should be on your Desktop

Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon

as below.

http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif

 

Now please wait for ComboFix to finish running.

 

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

 

In your next reply, please submit:

New Combofix.txt

and let me know how the system is running now.

 

 

Thanks.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...