suarezlfc Posted July 9, 2013 Posted July 9, 2013 hi guys im having a few issues with my pc im wondering if anyone could help,i seem to be getting alot of pop ups lately when i open a new web browser page,im getting alot of gambling sites and also keep getting a page that flashes up bizcoaching!! im pretty sure this is an infection can anybody help me out? Quote
seedy21 Posted July 9, 2013 Posted July 9, 2013 Hi Suarezlfc can you run this for me please. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:\AdwCleaner[s1].txt as well. Then can you go to this post and reply back with all the Logs for are security team to review them Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
suarezlfc Posted July 11, 2013 Author Posted July 11, 2013 hi seedy here is the log # AdwCleaner v2.304 - Logfile created 07/07/2013 at 13:56:26 # Updated 03/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : neil fulton - SN049765120045 # Boot Mode : Normal # Running from : D:\Documents and Settings\neil fulton\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda File Deleted : D:\DOCUME~1\NEILFU~1\LOCALS~1\Temp\Uninstall.exe File Deleted : D:\Documents and Settings\All Users\Desktop\RebateGiant.com.url File Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage File Deleted : D:\END Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\DomaIQ Uninstaller Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\Program Files\Supreme Savings Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\Program Files\vShare.tv plugin Folder Deleted : C:\Program Files\VshareComplete Folder Deleted : D:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : D:\Documents and Settings\All Users\Application Data\Bandoo Folder Deleted : D:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : D:\Documents and Settings\All Users\Application Data\iMesh Folder Deleted : D:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : D:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : D:\Documents and Settings\All Users\Start Menu\Programs\RebateInformer Folder Deleted : D:\Documents and Settings\neil fulton\Application Data\Babylon Folder Deleted : D:\Documents and Settings\neil fulton\Application Data\PriceGong Folder Deleted : D:\Documents and Settings\neil fulton\Application Data\VshareComplete Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Conduit Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Ilivid Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\PackageAware Folder Deleted : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Updater19962 Folder Deleted : D:\Documents and Settings\neil fulton\Start Menu\Programs\Video Downloader ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\DomaIQ Key Deleted : HKLM\SOFTWARE\e2db88e76aee10 Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Supreme Savings Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\SimplyGen Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=120519&babsrc=NT_ss&mntrId=F86A0016E6106FFB --> hxxp://www.google.com -\\ Google Chrome v11.0.696.65 File : D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.31] : keyword = "startsear.ch", Deleted [l.34] : search_url = "hxxp://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={se[...] ************************* AdwCleaner[R1].txt - [9074 octets] - [07/07/2013 13:55:09] AdwCleaner[s1].txt - [8932 octets] - [07/07/2013 13:56:26] ########## EOF - D:\AdwCleaner[s1].txt - [8992 octets] ########## Quote
suarezlfc Posted July 11, 2013 Author Posted July 11, 2013 malware log Malwarebytes Anti-Malware 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.07.11.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 neil fulton :: SN049765120045 [administrator] 07/07/2013 15:43:00 mbam-log-2013-07-07 (15-43-00).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 409829 Time elapsed: 1 hour(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.DomaIQ) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 D:\Documents and Settings\neil fulton\My Documents\Downloads\Setup.exe (Trojan.DomaIQ) -> Quarantined and deleted successfully. (end) Quote
suarezlfc Posted July 11, 2013 Author Posted July 11, 2013 OTL logfile created on: 07/07/2013 17:52:30 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = D:\Documents and Settings\neil fulton\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.48 Mb Total Physical Memory | 305.09 Mb Available Physical Memory | 29.84% Memory free 2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.89% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.80 Gb Total Space | 16.74 Gb Free Space | 44.28% Space Free | Partition Type: NTFS Drive D: | 111.24 Gb Total Space | 79.50 Gb Free Space | 71.47% Space Free | Partition Type: NTFS Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\neil fulton\Local Settings\temp\jre-7u25-windows-i586-iftw.exe (Oracle Corporation) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - D:\Documents and Settings\neil fulton\Desktop\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media) PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media) PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.) PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.) PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe () PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV) PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe () PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.) PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink) PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - D:\Documents and Settings\neil fulton\Application Data\Sun\Java\jre1.7.0_25\lzma.dll () MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll () MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll () MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppgooglenaclpluginchrome.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\Locales\en-US.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avutil-50.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avformat-52.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avcodec-52.dll () MOD - C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll () MOD - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe () MOD - C:\WINDOWS\system32\pthreadVC.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe () MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll () MOD - C:\WINDOWS\sm56spn.dll () MOD - C:\WINDOWS\sm56jpn.dll () MOD - C:\WINDOWS\sm56itl.dll () MOD - C:\WINDOWS\sm56eng.dll () MOD - C:\WINDOWS\sm56ger.dll () MOD - C:\WINDOWS\sm56fra.dll () MOD - C:\WINDOWS\sm56brz.dll () MOD - C:\WINDOWS\sm56cht.dll () MOD - C:\WINDOWS\sm56chs.dll () MOD - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () MOD - C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll () MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.) SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies) DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys () DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4E9D8D44-C087-446F-9AAF-32AED87212EA}: "URL" = http://www.bing.com/search?q={searchTerms}&r=468 IE - HKCU\..\SearchScopes\{601115BF-FE84-4E00-AAAE-281610222DF3}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/06/02 09:46:36 | 000,000,000 | ---D | M] [2013/04/27 19:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gears.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: vShare.tv plug-in (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: Client Gateway 4.1.16 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: SiteAdvisor = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\ CHR - Extension: vshare plugin = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Radialpoint SPD Extension = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\ O1 HOSTS File: ([2012/01/20 22:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PCMService] c:\apps\Powercinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media) O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [smpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV) O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365692516062 (WUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDA3FEC-98C4-4888-880B-B2077EF2D21C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: nwiz - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: RealTray - hkey= - key= - Reg Error: Value error. File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2027/03/30 21:52:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\PCHealth [2027/03/24 23:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp [2013/07/02 15:14:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2013/07/02 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/07/02 15:06:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2013/07/02 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/07/02 13:49:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Applications [2013/07/01 18:36:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\My Documents\Nokia Suite [2013/07/01 18:33:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia Suite [2013/07/01 18:32:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia [2013/07/01 18:30:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2013/07/01 18:29:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\NokiaAccount [2013/06/30 20:03:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\Nokia [2013/06/30 20:02:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\PC Suite [2013/06/30 20:02:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Suite [2013/06/30 19:58:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Nokia [2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Nokia [2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2013/06/30 19:54:12 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2013/06/30 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2013/06/30 19:53:26 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2013/06/30 19:53:25 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2013/06/30 19:53:20 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2013/06/30 19:53:17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2013/06/30 19:53:15 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2013/06/30 19:53:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll [2013/06/30 19:53:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll [2013/06/30 19:53:10 | 000,069,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2013/06/30 19:53:10 | 000,018,560 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2013/06/30 19:53:08 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia ========== Files - Modified Within 30 Days ========== [2013/07/07 17:44:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/07/07 17:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/07 17:34:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/07 17:32:37 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/07 17:32:37 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job [2013/07/07 17:32:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/07 17:32:27 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys [2013/07/07 14:42:45 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/07 14:37:31 | 000,564,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/07 14:37:31 | 000,113,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/07 14:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/07/07 13:53:18 | 000,650,027 | ---- | M] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe [2013/07/05 17:13:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/02 15:14:52 | 000,001,463 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/07/02 15:06:28 | 000,001,501 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2013/07/02 14:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/07/01 18:29:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2013/07/01 18:29:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2013/07/01 18:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2013/06/30 19:58:53 | 000,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2013/06/08 11:41:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/06/08 11:41:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/06/07 23:55:44 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2013/06/07 22:56:06 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013/06/07 22:56:06 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2013/06/07 22:56:06 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2013/06/07 22:56:06 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2013/06/07 22:56:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2013/06/07 22:56:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2013/06/07 22:56:06 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2013/06/07 22:56:06 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2013/06/07 22:56:06 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2013/06/07 22:56:06 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2013/06/07 22:56:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2013/06/07 22:56:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2013/06/07 22:56:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2013/06/07 22:56:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2013/06/07 22:56:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2013/06/07 22:56:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll [2013/06/07 22:56:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll [2013/06/07 22:56:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2013/06/07 22:56:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2013/06/07 22:56:05 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2013/06/07 22:56:05 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2013/06/07 22:56:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2013/06/07 22:56:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2013/06/07 22:56:05 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2013/06/07 22:56:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2013/06/07 22:56:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2013/06/07 22:56:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2013/06/07 22:56:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe ========== Files Created - No Company Name ========== [2013/07/07 13:52:48 | 000,650,027 | ---- | C] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe [2013/07/02 15:14:52 | 000,001,463 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/07/02 15:06:28 | 000,001,501 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2013/07/01 18:29:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2013/07/01 18:29:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2013/07/01 18:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2013/06/30 19:58:52 | 000,001,636 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2013/04/11 14:42:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/13 13:41:20 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2012/02/15 09:48:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 14:34:01 | 000,008,704 | ---- | C] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/11 20:57:31 | 000,058,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/12/29 23:00:59 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe [2011/12/29 21:32:27 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe [2011/12/29 21:32:21 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys [2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/12/29 17:40:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/12/29 17:39:22 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/07/24 14:56:21 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011/07/24 14:56:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2011/07/24 14:52:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2011/07/22 20:54:16 | 000,113,032 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2011/07/22 20:54:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2007/05/20 19:38:23 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ========== LOP Check ========== [2013/07/02 15:14:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2010/08/05 10:34:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\2032C [2011/09/04 16:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\2537A [2009/08/09 19:08:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AdventureChronicles1 [2012/10/13 13:41:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Affinegy [2013/07/02 13:49:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Applications [2013/06/06 19:57:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG2013 [2010/08/05 10:51:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BabylonIM [2009/07/14 18:06:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Beanbag Studios [2011/05/01 19:36:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Big Fish Games [2011/05/10 13:40:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\cN01803FfCfF01803 [2012/01/17 19:13:47 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\Common Files [2011/12/29 22:12:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IObit [2009/07/04 22:33:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\JollyBear [2011/11/13 14:47:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Leapfrog [2013/06/06 20:00:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MFAData [2009/03/07 13:42:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MGS [2009/03/07 13:39:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Microgaming [2013/06/30 20:01:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Nokia [2013/06/30 19:45:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2009/07/04 23:37:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Oberonv1005 [2006/04/20 16:49:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\OD2 [2013/06/30 20:02:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Suite [2009/07/14 17:54:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PlayFirst [2009/08/10 18:48:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Product [2009/08/10 18:48:02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\QuickClick [2013/07/07 17:35:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Radialpoint [2009/07/06 22:06:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SpinTop Games [2007/10/23 11:31:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\STOPzilla! [2011/05/02 18:41:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP [2009/07/13 00:20:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\The Game Equation [2009/10/16 15:20:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Ulead Systems [2006/07/01 08:57:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\VadeRetro [2012/01/19 20:39:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Virgin Media [2010/10/11 22:07:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Zylom [2010/08/05 09:24:33 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\{1A458D70-B989-4B6C-8D14-6475A477F678} [2011/09/11 16:22:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/05/15 21:23:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\asoftech [2013/04/11 22:17:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\AVG2013 [2012/12/12 21:31:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Azureus [2012/12/03 00:05:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\BitLord [2011/09/06 13:44:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\bsbandmltbpi [2011/12/29 21:47:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\IObit [2013/07/01 18:33:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Nokia [2013/07/02 13:31:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Nokia Suite [2011/09/04 17:07:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\OD2 [2013/07/01 18:32:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\PC Suite [2013/04/30 10:16:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\player [2012/12/02 23:57:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Python-Eggs [2013/06/29 20:05:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Radialpoint [2011/12/27 13:39:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Sports Interactive [2013/04/11 22:12:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\TuneUp Software [2011/05/10 16:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Ulead Systems [2011/05/09 17:09:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\VadeRetro [2012/01/19 14:01:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Virgin Media [2013/07/07 17:32:37 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3160812AS Partitions: 2 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Interface type: USB Media Type: Model: Generic USB SD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: Generic USB CF Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: Generic USB SM Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE4 - Interface type: USB Media Type: Model: Generic USB MS Reader USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 38.00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 111.00GB Starting Offset: 40591756800 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2006/07/01 08:53:44 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK [2006/07/01 09:28:19 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI [2004/08/04 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2006/07/01 08:10:44 | 000,006,053 | ---- | M] () -- C:\DWNLOG.TXT [2013/07/07 17:32:27 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys [2006/07/01 08:55:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/07/01 08:57:04 | 000,000,880 | -H-- | M] () -- C:\IPH.PH [2006/07/01 08:10:44 | 000,006,053 | ---- | M] () -- C:\MCDLOG.TXT [2006/07/01 08:55:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 14:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM [2011/11/20 20:07:59 | 000,250,048 | ---- | M] () -- C:\NTLDR [2013/07/07 17:32:26 | 1608,224,768 | -HS- | M] () -- C:\pagefile.sys [2006/04/20 11:01:26 | 000,001,128 | ---- | M] () -- C:\SAUDIT.TXT [2006/07/01 08:10:44 | 000,000,000 | ---- | M] () -- C:\UPDFLOP.TAG < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/10 16:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/10 16:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/10 16:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/03/08 06:02:40 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/03/08 06:03:18 | 000,038,000 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > Quote
Starbuck Posted July 11, 2013 Posted July 11, 2013 Hi suarezlfc OTL by OldTimer - Version 3.2.53.0 Folder = D:\Documents and Settings\neil fulton\Desktop This is an outdated version of OTL. Please remove it and download a fresh copy from ... OTL Double click on OTL to run it. Under the Extra Registry section, make sure that Use SafeList is selected. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. (the Main.txt and the Extras.txt) Thanks Quote Member of:UNITE
suarezlfc Posted July 14, 2013 Author Posted July 14, 2013 otl OTL logfile created on: 10/07/2013 14:29:06 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\neil fulton\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.48 Mb Total Physical Memory | 320.48 Mb Available Physical Memory | 31.34% Memory free 2.40 Gb Paging File | 1.73 Gb Available in Paging File | 71.96% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.80 Gb Total Space | 16.54 Gb Free Space | 43.75% Space Free | Partition Type: NTFS Drive D: | 111.24 Gb Total Space | 79.48 Gb Free Space | 71.45% Space Free | Partition Type: NTFS Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Documents and Settings\neil fulton\My Documents\Downloads\OTL (1).exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit) PRC - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media) PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media) PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.) PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.) PRC - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe () PRC - C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV) PRC - c:\APPS\Powercinema\Kernel\TV\CLSched.exe () PRC - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () PRC - C:\APPS\Powercinema\PCMService.exe (CyberLink Corp.) PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe (Cyberlink) PRC - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) PRC - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll () MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll () MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppgooglenaclpluginchrome.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\Locales\en-US.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avutil-50.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avformat-52.dll () MOD - D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\avcodec-52.dll () MOD - C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll () MOD - C:\Program Files\Virgin Broadband Wireless\ndis_events.exe () MOD - C:\WINDOWS\system32\pthreadVC.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLSched.exe () MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () MOD - c:\APPS\Powercinema\Kernel\TV\CLCapEngine.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLSchMgr.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLCapSvcps.dll () MOD - c:\APPS\Powercinema\Kernel\TV\CLSchedps.dll () MOD - C:\WINDOWS\sm56spn.dll () MOD - C:\WINDOWS\sm56jpn.dll () MOD - C:\WINDOWS\sm56itl.dll () MOD - C:\WINDOWS\sm56eng.dll () MOD - C:\WINDOWS\sm56ger.dll () MOD - C:\WINDOWS\sm56fra.dll () MOD - C:\WINDOWS\sm56brz.dll () MOD - C:\WINDOWS\sm56cht.dll () MOD - C:\WINDOWS\sm56chs.dll () MOD - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () MOD - C:\Program Files\Goto Software\Vade Retro\VrOe_hook.dll () MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.) SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.) SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (CLSched) -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe () SRV - (CyberLink Media Library Service) -- c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.) SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies) DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys () DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog) DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4E9D8D44-C087-446F-9AAF-32AED87212EA}: "URL" = http://www.bing.com/search?q={searchTerms}&r=468 IE - HKCU\..\SearchScopes\{601115BF-FE84-4E00-AAAE-281610222DF3}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7D1CC8B6-4271-40C8-BA9E-91854C72078F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_enGB466 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/06/02 09:46:36 | 000,000,000 | ---D | M] [2013/04/27 19:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = http://startsear.ch/?aff=1&src=sp&cf=697b68cc-191b-11e1-974c-0016e6106ffb&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\pdf.dll CHR - plugin: Chrome NaCl (Disabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\Application\11.0.696.65\gears.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: vShare.tv plug-in (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: Client Gateway 4.1.16 (Enabled) = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: SiteAdvisor = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\ CHR - Extension: vshare plugin = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Radialpoint SPD Extension = D:\Documents and Settings\neil fulton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\ O1 HOSTS File: ([2012/01/20 22:57:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PCMService] c:\apps\Powercinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media) O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Vade Retro Outlook Express] C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe () O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [smpcSys] C:\APPS\SMP\SMPSYS.EXE (Packard Bell BV) O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365692516062 (WUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDA3FEC-98C4-4888-880B-B2077EF2D21C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\APPS\DESKTOP\BG1280UK.bmp O24 - Desktop BackupWallPaper: C:\APPS\DESKTOP\BG1280UK.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2027/03/30 21:52:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\PCHealth [2027/03/24 23:04:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp [2013/07/07 18:24:50 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/07/07 18:24:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/07 18:24:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/07 18:24:42 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/07 18:24:42 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/07/02 15:14:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2013/07/02 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/07/02 15:13:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/07/02 15:06:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2013/07/02 15:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/07/02 13:49:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Applications [2013/07/01 18:36:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\My Documents\Nokia Suite [2013/07/01 18:33:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia Suite [2013/07/01 18:32:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\Nokia [2013/07/01 18:30:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2013/07/01 18:29:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\NokiaAccount [2013/06/30 20:03:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\Nokia [2013/06/30 20:02:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\neil fulton\Application Data\PC Suite [2013/06/30 20:02:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\PC Suite [2013/06/30 19:58:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Nokia [2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Nokia [2013/06/30 19:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2013/06/30 19:54:12 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2013/06/30 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2013/06/30 19:53:26 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2013/06/30 19:53:25 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2013/06/30 19:53:20 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2013/06/30 19:53:17 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2013/06/30 19:53:15 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2013/06/30 19:53:10 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll [2013/06/30 19:53:10 | 000,123,904 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll [2013/06/30 19:53:10 | 000,069,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2013/06/30 19:53:10 | 000,018,560 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2013/06/30 19:53:08 | 000,075,264 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll [2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2013/06/30 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia ========== Files - Modified Within 30 Days ========== [2013/07/10 13:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/10 13:39:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/10 13:39:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/10 13:14:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/07/10 13:02:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job [2013/07/10 13:01:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/10 13:01:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/10 13:01:52 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys [2013/07/07 18:24:30 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/07/07 18:24:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/07 18:24:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/07 18:24:23 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/07 18:24:23 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/07/07 18:24:21 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2013/07/07 18:24:21 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013/07/07 14:42:45 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/07 14:37:31 | 000,564,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/07 14:37:31 | 000,113,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/07 14:32:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/07/07 13:53:18 | 000,650,027 | ---- | M] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe [2013/07/02 15:14:52 | 000,001,463 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/07/02 15:06:28 | 000,001,501 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2013/07/02 14:37:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/07/01 18:29:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2013/07/01 18:29:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2013/07/01 18:29:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2013/06/30 19:58:53 | 000,001,636 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk ========== Files Created - No Company Name ========== [2013/07/07 13:52:48 | 000,650,027 | ---- | C] () -- D:\Documents and Settings\neil fulton\Desktop\adwcleaner (1).exe [2013/07/02 15:14:52 | 000,001,463 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/07/02 15:06:28 | 000,001,501 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2013/07/01 18:29:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2013/07/01 18:29:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2013/07/01 18:29:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2013/06/30 19:58:52 | 000,001,636 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2013/04/11 14:42:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/10/13 13:41:20 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2012/02/15 09:48:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/02/14 14:34:01 | 000,008,704 | ---- | C] () -- D:\Documents and Settings\neil fulton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/11 20:57:31 | 000,058,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/12/29 23:00:59 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe [2011/12/29 21:32:27 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe [2011/12/29 21:32:21 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys [2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/12/29 17:40:39 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/12/29 17:40:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/12/29 17:39:22 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/07/24 14:56:21 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011/07/24 14:56:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2011/07/24 14:52:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2011/07/22 20:54:16 | 000,113,032 | ---- | C] () -- C:\WINDOWS\hpoins07.dat [2011/07/22 20:54:16 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat [2007/05/20 19:38:23 | 000,001,755 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ========== ZeroAccess Check ========== [2013/04/11 14:34:37 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\L [2013/04/11 15:47:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\U [2013/04/11 15:46:43 | 000,000,804 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\L\00000004.@ [2006/07/01 08:42:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012/06/08 15:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Quote
suarezlfc Posted July 14, 2013 Author Posted July 14, 2013 extrasOTL Extras logfile created on: 10/07/2013 14:29:07 - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\neil fulton\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.48 Mb Total Physical Memory | 320.48 Mb Available Physical Memory | 31.34% Memory free 2.40 Gb Paging File | 1.73 Gb Available in Paging File | 71.96% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.80 Gb Total Space | 16.54 Gb Free Space | 43.75% Space Free | Partition Type: NTFS Drive D: | 111.24 Gb Total Space | 79.48 Gb Free Space | 71.45% Space Free | Partition Type: NTFS Computer Name: SN049765120045 | User Name: neil fulton | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:*:Enabled:Wireless Manager Application -- (Affinegy, Inc.) "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan "{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc "{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext "{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player "{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E17C94B-913A-48A4-B1A8-8CE25157C170}" = Media Player Product Tool 5.30 "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete "{ECDD5C30-074C-4586-80BC-1FD0F2E9AAD7}" = SM56Tester "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect "{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) "2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Chronicles of Mystery HO2/EN-English_is1" = Chronicles of Mystery: Secret of the Lost Kingdom "ESET Online Scanner" = ESET Online Scanner v3 "eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406 "HP Imaging Device Functions" = HP Imaging Device Functions 5.3 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "HPExtendedCapabilities" = HP Extended Capabilities 5.3 "ie8" = Windows Internet Explorer 8 "LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) "LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nokia Suite" = Nokia Suite "RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.16 "RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27 "RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.23 "Secunia PSI" = Secunia PSI (3.0.0.2004) "Smart Defrag 2_is1" = Smart Defrag 2 "SMSERIAL" = Motorola SM56 Data Fax Modem "Speccy" = Speccy "Steam App 71270" = Football Manager 2012 "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) "UPCShell" = LeapFrog Connect "vShare.tv plugin" = vShare.tv plugin 1.3 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07/07/2013 13:24:28 | Computer Name = SN049765120045 | Source = MsiInstaller | ID = 10005 Description = Product: Windows Phone app for desktop -- We can't install the Windows Phone app for desktop on server operating systems. [ System Events ] Error - 05/07/2013 12:15:35 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. Error - 06/07/2013 12:45:15 | Computer Name = SN049765120045 | Source = DCOM | ID = 10005 Description = DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} Error - 06/07/2013 12:45:28 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. Error - 07/07/2013 08:42:39 | Computer Name = SN049765120045 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.2 for the Network Card with network address 0016E6106FFB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 07/07/2013 08:59:05 | Computer Name = SN049765120045 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1421.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 07/07/2013 08:59:05 | Computer Name = SN049765120045 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1421.0 Update Source: %%859 Update Stage: %%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 07/07/2013 08:59:05 | Computer Name = SN049765120045 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.153.1421.0 Update Source: %%859 Update Stage: %%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9607.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 07/07/2013 12:33:13 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde Error - 07/07/2013 13:00:04 | Computer Name = SN049765120045 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:. Error - 07/07/2013 13:23:00 | Computer Name = SN049765120045 | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). < End of report > Quote
Starbuck Posted July 15, 2013 Posted July 15, 2013 Hi suarezlfc Step 1 Did you purposely install: McAfee Security Scan Plus It can be installed when installing other programs, it's not really doing much good. MSSE will work well without this. Radialpoint Security Advisor 2.5.23 I'd recommend this is removed. It's part of the Virgin Media security.... but it doesn't work well with some Anti Virus programs and isn't needed for Virgin Media to work on your system. If you installed the Virgin Media software from the disc they supplied, it would have been added. Most people don't realise that you don't need to install the Virgin Media software for the connection to work. Step 2 If the OTL fix freezes, you will need to uninstall MalwareBytes Antimalware..... run the OTL fix and then reinstall it again after the fix has completed. This is a known issue on some Win XP systems. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you also include the Commands section ) :otl PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.) DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKCU..\Run: [] File not found O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: nwiz - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: RealTray - hkey= - key= - Reg Error: Value error. File not found [2013/06/06 19:57:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVG2013 [2010/08/05 10:51:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\BabylonIM [2013/04/11 22:17:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\AVG2013 [2012/12/12 21:31:36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\Azureus [2012/12/03 00:05:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\neil fulton\Application Data\BitLord :Files C:\Program Files\AVG ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Download RogueKiller and save it to your desktop. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. Wait for the Prescan to finish. Now click the Scan button. Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again. In your next reply, please submit: Otl fix report RKreport.txt Thanks. Quote Member of:UNITE
suarezlfc Posted July 18, 2013 Author Posted July 18, 2013 hi starbuck were will i find radialpoint security advisor had a look on my programmes but couldnt see it here is the new otl log All processes killed ========== OTL ========== No active process named AOLacsd.exe was found! Service AOL ACS stopped successfully! Service AOL ACS deleted successfully! C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe moved successfully. Service AFGMp50 stopped successfully! Service AFGMp50 deleted successfully! File System32\Drivers\AFGMp50.sys File not found not found. Error: No service named wanatw) WAN Miniport (ATW was found to stop! Service\Driver key wanatw) WAN Miniport (ATW not found. C:\WINDOWS\system32\drivers\wanatw4.sys moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CTFMON.EXE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HP Software Update\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\nwiz\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\QuickTime Task\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\RealTray\ deleted successfully. D:\Documents and Settings\All Users\Application Data\AVG2013\log folder moved successfully. D:\Documents and Settings\All Users\Application Data\AVG2013\IDS\quarantine folder moved successfully. D:\Documents and Settings\All Users\Application Data\AVG2013\IDS\config folder moved successfully. D:\Documents and Settings\All Users\Application Data\AVG2013\IDS folder moved successfully. D:\Documents and Settings\All Users\Application Data\AVG2013\DB folder moved successfully. D:\Documents and Settings\All Users\Application Data\AVG2013\Cfg folder moved successfully. D:\Documents and Settings\All Users\Application Data\AVG2013 folder moved successfully. D:\Documents and Settings\All Users\Application Data\BabylonIM folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\AVG2013\cfgall folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\AVG2013 folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\torrents folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\tmp folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\shares folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\rss folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins\mlab folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins\azupnpav folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins\aefeatman_v folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\plugins folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\net folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\logs folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\dht folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\devices folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus\active folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\Azureus folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord\state folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord\plugins folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord\ipc folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord\icons folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord\favicons folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord\BrowserCache folder moved successfully. D:\Documents and Settings\neil fulton\Application Data\BitLord folder moved successfully. ========== FILES ========== File\Folder C:\Program Files\AVG not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. D:\Documents and Settings\neil fulton\My Documents\Downloads\cmd.bat deleted successfully. D:\Documents and Settings\neil fulton\My Documents\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes User: lindsay fulton ->Temp folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Flash cache emptied: 10119 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes User: neil fulton ->Temp folder emptied: 458255348 bytes ->Temporary Internet Files folder emptied: 1999219 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 106479904 bytes ->Flash cache emptied: 3362 bytes User: NetworkService ->Temp folder emptied: 1244344 bytes ->Temporary Internet Files folder emptied: 93357272 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes User: ShopperReports3 User: UpdatusUser ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 88087050 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 212322870 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1500546 bytes Total Files Cleaned = 919.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated. OTL by OldTimer - Version 3.2.69.0 log created on 07142013_215745 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
suarezlfc Posted July 18, 2013 Author Posted July 18, 2013 rogue killer log RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : neil fulton [Admin rights] Mode : Scan -- Date : 07/14/2013 22:21:52 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] sm56hlpr.exe -- C:\WINDOWS\sm56hlpr.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [EXT RUN][sUSP PATH] HKCU\lindsay fulton_ON_D:\[...]\Run : M5T8QL3YW3 (D:\DOCUME~1\LINDSA~1\LOCALS~1\Temp\Shl.exe [x]) -> FOUND [EXT RUNONCE][sUSP PATH] HKCU\lindsay fulton_ON_D:\[...]\RunOnce : cN01803FfCfF01803 (D:\Documents and Settings\All Users\Application Data\cN01803FfCfF01803\cN01803FfCfF01803.exe [x][x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\U [-] --> FOUND [ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-21-2908480339-1261026855-1997213502-1006\$0714c658809f9a76d159c2750deb5544\U [-] --> FOUND [ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-18\$0714c658809f9a76d159c2750deb5544\L [-] --> FOUND [ZeroAccess][Folder] L : C:\RECYCLER\S-1-5-21-2908480339-1261026855-1997213502-1006\$0714c658809f9a76d159c2750deb5544\L [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\Documents and Settings\All Users\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT D:\Documents and Settings\Owner\Start Menu\Programs\Startup -> D:\Documents and Settings\lindsay fulton\NTUSER.DAT D:\Documents and Settings\lindsay fulton\Start Menu\Programs\Startup -> D:\Documents and Settings\LocalService\NTUSER.DAT -> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT D:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu\Programs\Startup -> D:\Documents and Settings\neil fulton\NTUSER.DAT -> D:\Documents and Settings\NetworkService\NTUSER.DAT -> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT D:\Documents and Settings\NetworkService.NT AUTHORITY\Start Menu\Programs\Startup -> D:\Documents and Settings\ShopperReports3\NTUSER.DAT -> D:\Documents and Settings\UpdatusUser\NTUSER.DAT ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160812AS +++++ --- User --- [MBR] ecea8916f5ebeec9b928740ac0421e1a [bSP] 987cf5983f07a295a06cf311d092e291 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38703 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 79280775 | Size: 113906 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07142013_222152.txt >> Quote
Starbuck Posted July 18, 2013 Posted July 18, 2013 Hi suarezlfc were will i find radialpoint security advisor had a look on my programmes but couldnt see it It should be showing in the add/remove list: "RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.23 Step 1 Thanks for the RogueKiller report. ¤¤¤ Infection : ZeroAccess ¤¤¤ I thought that was the case, but wanted to double check. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. Wait for the Prescan to finish. Now click the Delete button. Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop. Step 2 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: New RKreport.txt Combofix.txt Thanks. Quote Member of:UNITE
suarezlfc Posted July 26, 2013 Author Posted July 26, 2013 ComboFix 13-07-25.02 - neil fulton 22/07/2013 17:19:04.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.294 [GMT 1:00] Running from: d:\documents and settings\neil fulton\My Documents\Downloads\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\windows\ime\shared\imepadsv.exe c:\windows\system32\Cache c:\windows\system32\Cache\075884af680ff6dc.fb c:\windows\system32\Cache\227113dfa1ca894d.fb c:\windows\system32\Cache\33c3d8fb31f8c0f0.fb c:\windows\system32\Cache\49fbbc5a8678d502.fb c:\windows\system32\Cache\5c54eb1a1655b076.fb c:\windows\system32\Cache\613e8ce7ab7106af.fb c:\windows\system32\Cache\633a76311867bd11.fb c:\windows\system32\Cache\691f14230153a9e1.fb c:\windows\system32\Cache\6cb409d7ac73d9f1.fb c:\windows\system32\Cache\7614bd6cfa99e546.fb c:\windows\system32\Cache\77664b6ccc36be9f.fb c:\windows\system32\Cache\881b3593316772f0.fb c:\windows\system32\Cache\98657d0579ae1930.fb c:\windows\system32\Cache\ad188cdd908eace9.fb c:\windows\system32\Cache\c4e10d1be905349b.fb c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb c:\windows\system32\Cache\d9ca663388d21ec0.fb c:\windows\system32\Cache\f2cda51fd108941f.fb c:\windows\system32\Cache\f34d8db84131d925.fb c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\tmp c:\windows\tmp\system.bak d:\documents and settings\All Users\Application Data\TEMP D:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-06-22 to 2013-07-22 ))))))))))))))))))))))))))))))) . . 2027-03-30 20:52 . 2027-03-30 20:52 -------- d-----w- d:\documents and settings\neil fulton\Local Settings\Application Data\PCHealth 2013-07-22 16:06 . 2013-07-22 16:06 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05034046-188B-4444-9C4F-31B1EBFDFD84}\MpKsl654e3556.sys 2013-07-17 22:54 . 2013-07-02 06:54 7143960 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05034046-188B-4444-9C4F-31B1EBFDFD84}\mpengine.dll 2013-07-12 16:40 . 2013-07-02 06:54 7143960 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-07 17:24 . 2013-07-07 17:24 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-07-07 17:24 . 2013-07-07 17:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-02 14:13 . 2013-07-02 14:13 -------- d-----w- c:\program files\iPod 2013-07-02 14:13 . 2013-07-02 14:14 -------- d-----w- d:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-07-02 14:13 . 2013-07-02 14:14 -------- d-----w- c:\program files\iTunes 2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2013-07-02 14:06 . 2013-07-02 14:06 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2013-07-02 14:05 . 2013-07-02 14:06 -------- d-----w- c:\program files\QuickTime 2013-07-02 12:49 . 2013-07-02 12:49 -------- d-----w- d:\documents and settings\All Users\Application Data\Applications 2013-07-01 17:33 . 2013-07-02 12:31 -------- d-----w- d:\documents and settings\neil fulton\Application Data\Nokia Suite 2013-07-01 17:32 . 2013-07-01 17:33 -------- d-----w- d:\documents and settings\neil fulton\Application Data\Nokia 2013-07-01 17:30 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2013-07-01 17:30 . 2008-04-13 17:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys 2013-06-30 19:03 . 2013-07-01 17:29 -------- d-----w- d:\documents and settings\neil fulton\Local Settings\Application Data\Nokia 2013-06-30 19:02 . 2013-07-01 17:32 -------- d-----w- d:\documents and settings\neil fulton\Application Data\PC Suite 2013-06-30 19:02 . 2013-06-30 19:02 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Suite 2013-06-30 18:55 . 2013-06-30 19:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Nokia 2013-06-30 18:55 . 2013-06-30 18:57 -------- d-----w- c:\program files\Common Files\Nokia 2013-06-30 18:54 . 2012-10-17 13:53 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2013-06-30 18:53 . 2013-06-30 18:53 -------- d-----w- c:\program files\PC Connectivity Solution 2013-06-30 18:53 . 2013-01-23 09:31 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys 2013-06-30 18:53 . 2013-01-23 09:31 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys 2013-06-30 18:53 . 2013-01-23 09:31 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2013-06-30 18:53 . 2013-01-23 09:31 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2013-06-30 18:53 . 2013-01-23 09:31 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2013-06-30 18:53 . 2013-01-23 09:31 69632 ----a-w- c:\windows\system32\nmwcdcocls.dll 2013-06-30 18:53 . 2013-01-23 09:31 18560 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2013-06-30 18:53 . 2013-01-23 09:31 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll 2013-06-30 18:53 . 2012-06-11 12:04 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2013-06-30 18:53 . 2013-01-23 09:31 75264 ----a-w- c:\windows\system32\nmwcdcls.dll 2013-06-30 18:45 . 2013-06-30 18:55 -------- d-----w- c:\program files\Nokia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-07 17:24 . 2012-01-21 09:01 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-07-07 17:24 . 2011-05-10 12:46 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-08 10:41 . 2012-03-28 09:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-08 10:41 . 2011-05-18 10:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-07 22:55 . 2004-08-10 15:37 385024 ----a-w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-10 15:38 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-10 15:37 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-10 15:37 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-10 15:38 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-10 15:38 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-08 23:28 . 2006-10-18 21:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30 . 2004-08-10 15:38 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-02 01:06 . 2011-11-05 11:48 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 02:59 . 2013-05-01 02:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 02:59 . 2013-05-01 02:59 69632 ----a-w- c:\windows\system32\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360] "Steam"="c:\program files\Steam\Steam.exe" [2013-07-10 1672616] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-26 39408] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2013-04-19 1090912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-11-16 143360] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640] "ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-11-16 10200376] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . d:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Virgin Broadband Wireless\\Wireless Manager.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [29/12/2011 21:32 14776] R1 MpKsl654e3556;MpKsl654e3556;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05034046-188B-4444-9C4F-31B1EBFDFD84}\MpKsl654e3556.sys [22/07/2013 17:06 29904] R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [09/05/2011 16:02 1406264] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [06/06/2011 17:47 101552] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [27/06/2012 08:25 1326176] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [27/06/2012 08:25 681056] R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [19/12/2011 19:51 10310968] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16/12/2011 15:19 15544] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [26/02/2008 20:33 18560] S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [20/11/2011 16:33 33792] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [30/06/2013 19:53 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [30/06/2013 19:53 8576] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:41] . 2013-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 14:49] . 2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 14:49] . 2013-07-22 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11] . 2013-07-22 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-12-29 10:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://www.google.com TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe AddRemove-{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1 - c:\program files\VshareComplete\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-22 17:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4276) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Virgin Broadband Wireless\AffinegyService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\apps\Powercinema\Kernel\CLML_NTService\CLMLService.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\windows\sm56hlpr.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\program files\Virgin Broadband Wireless\ndis_events.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe . ************************************************************************** . Completion time: 2013-07-22 17:43:02 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-22 16:42 . Pre-Run: 17,595,707,392 bytes free Post-Run: 17,406,660,608 bytes free . - - End Of File - - B62D83D00918E2D627C84C0B30032B0F 8F558EB6672622401DA993E1E865C861 Quote
Starbuck Posted July 28, 2013 Posted July 28, 2013 Hi suarezlfc There's still some AVG references in the WMI ( not really anything to worry about but we may as well clean them out). Close any open browsers. Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix: Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C SecCenter:: AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file "CFScript.txt" (including the quote marks) Save the file to your Desktop The main ComboFix.exe program should be on your Desktop Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash In your next reply, please submit: New Combofix.txt and let me know how the system is running now. Thanks. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.