etavares Posted July 26, 2013 Posted July 26, 2013 Hi slumdog, It definitely seems that flash player is the root cause here. Try this to manually remove: http://forums.adobe.com/thread/928315 Did that work? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 26, 2013 Author Posted July 26, 2013 I can't delete Flash this way, it says "permission is needed to do this". Quote
etavares Posted July 27, 2013 Posted July 27, 2013 Hello, Slumdog. Ok, we'll do it ourselves. :) Download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 If you have a 64-bit system, please download the 64 bit version from here: SystemLook (64-bit) Double-click SystemLook.exe to run it. A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff". Copy and Paste the content of the following codebox into the main textfield under "File": :folderfind *adobe* *flash* *macro* Please Confirm everything is copied and Pasted as I have provided above Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt 2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 27, 2013 Author Posted July 27, 2013 SystemLook 30.07.11 by jpshortstuff Log created at 01:35 on 27/07/2013 by garysmithafc Administrator - Elevation successful ========== folderfind ========== Searching for "*adobe*" C:\Program Files\Adobe d------ [15:15 06/04/2012] C:\Program Files\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe d------ [15:15 06/04/2012] C:\Program Files\Common Files\Adobe d------ [23:16 26/10/2010] C:\Program Files\Common Files\Adobe AIR d------ [19:21 19/11/2009] C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader d------ [15:15 06/04/2012] C:\ProgramData\Adobe d------ [19:21 24/07/2008] C:\ProgramData\NOS\Adobe_Downloads d------ [19:21 19/11/2009] C:\Users\All Users\Adobe d------ [19:21 24/07/2008] C:\Users\All Users\NOS\Adobe_Downloads d------ [19:21 19/11/2009] C:\Users\garysmithafc\AppData\Local\Adobe d------ [19:11 19/11/2009] C:\Users\garysmithafc\AppData\Local\Adobe\Updater5\Install\AdobeUpdater d------ [19:12 19/11/2009] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot d------ [13:13 06/08/2012] C:\Users\garysmithafc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\garysmithafc\AppData\Local\Adobe d------ [23:37 31/05/2012] C:\Users\garysmithafc\AppData\Local\temp\Adobe d------ [13:04 06/05/2012] C:\Users\garysmithafc\AppData\Local\temp\NeroInstallFiles\NERO20120627123537977\ISSetupPrerequisites\adobeflash d------ [20:28 27/08/2012] C:\Users\garysmithafc\AppData\Local\VirtualStore\Program Files\Adobe d------ [19:21 24/07/2008] C:\Users\garysmithafc\AppData\LocalLow\Adobe d------ [20:22 18/11/2009] C:\Users\garysmithafc\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated d------ [19:49 15/08/2012] C:\Users\garysmithafc\AppData\Roaming\Adobe d------ [18:32 18/11/2009] C:\Users\garysmithafc\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 d------ [19:27 19/11/2009] C:\Users\garysmithafc\AppData\Roaming\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary d------ [19:11 19/11/2009] C:\Windows\System32\Adobe d------ [20:22 18/11/2009] Searching for "*flash*" C:\Program Files\Google\Chrome\Application\28.0.1500.71\PepperFlash d------ [19:07 11/07/2013] C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash d------ [08:09 13/07/2013] C:\Program Files\Real\RealPlayer\Flash d------ [16:50 02/04/2013] C:\ProgramData\Nokia\Nokia Suite\NOSSU2\Flash d------ [17:54 06/05/2013] C:\ProgramData\Real\RealShare\Flash d------ [16:50 02/04/2013] C:\ProgramData\RealNetworks\RealDownloader\Flash d------ [16:51 02/04/2013] C:\Users\All Users\Nokia\Nokia Suite\NOSSU2\Flash d------ [17:54 06/05/2013] C:\Users\All Users\Real\RealShare\Flash d------ [16:50 02/04/2013] C:\Users\All Users\RealNetworks\RealDownloader\Flash d------ [16:51 02/04/2013] C:\Users\Default\AppData\Roaming\Macromedia\Flash Player d------ [19:21 19/11/2009] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\PepperFlash d------ [12:08 09/04/2012] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash d------ [13:13 06/08/2012] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\E6D4SXTD\macromedia.com\support\flashplayer d------ [11:32 10/10/2012] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer d------ [13:13 06/08/2012] C:\Users\garysmithafc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player d------ [16:12 23/08/2012] C:\Users\garysmithafc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer d------ [18:10 24/08/2012] C:\Users\garysmithafc\AppData\Local\temp\NeroInstallFiles\NERO20120627123537977\ISSetupPrerequisites\adobeflash d------ [20:28 27/08/2012] C:\Users\garysmithafc\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FlashAsset d------ [19:50 15/08/2012] C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player d------ [18:32 18/11/2009] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player d------ [18:36 18/11/2009] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cdn.flashtalking.com d------ [12:21 24/07/2013] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03\lib\flash d------ [22:23 26/07/2013] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects\allprojects\Flash d------ [14:13 23/07/2013] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects\allprojects\Flash\Engine\FlashSurveyEngine_3.0.swf d------ [14:13 23/07/2013] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer d------ [19:23 20/07/2013] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.flashtalking.com d------ [12:21 24/07/2013] C:\Users\garysmithafc\Music\iTunes\iTunes Media\Music\Grandmaster Flash d------ [16:13 23/10/2012] C:\Users\garysmithafc\Music\iTunes\iTunes Media\Music\Compilations\Grandmaster Flash & The Sugarhill Gang d------ [15:30 20/11/2012] C:\Windows\System32\Macromed\Flash d------ [19:04 24/07/2008] Searching for "*macro*" C:\Users\Default\AppData\Roaming\Macromedia d------ [19:21 19/11/2009] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com d------ [13:13 06/08/2012] C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\E6D4SXTD\macromedia.com d------ [11:32 10/10/2012] C:\Users\garysmithafc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\garysmithafc\AppData\Roaming\Macromedia d------ [16:12 23/08/2012] C:\Users\garysmithafc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com d------ [18:10 24/08/2012] C:\Users\garysmithafc\AppData\LocalLow\Macromedia d------ [00:28 11/09/2010] C:\Users\garysmithafc\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MacroMix d------ [19:50 15/08/2012] C:\Users\garysmithafc\AppData\Roaming\Macromedia d------ [18:36 18/11/2009] C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com d------ [19:23 20/07/2013] C:\Windows\System32\Macromed d------ [19:04 24/07/2008] C:\Windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_5b761551c05a7af8 d------ [11:18 02/11/2006] -= EOF =- Quote
etavares Posted July 27, 2013 Posted July 27, 2013 Hello, Slumdog. 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open Notepad and copy/paste the text in the codebox below into Notepad: Folder:: C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player C:\Users\Default\AppData\Roaming\Macromedia\Flash Player C:\Windows\System32\Macromed Save this as CFScript.txt, in the same location as ComboFix.exe http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 27, 2013 Author Posted July 27, 2013 Sorry etavares, you have totally lost me! Should the above be on my pc already? I.E Notepad and combofix? Quote
etavares Posted July 27, 2013 Posted July 27, 2013 Hello, Slumdog. My bad...I was going to run combofix before but decided against it, but I left it in my notes about your issues. We'll run OTL instead. We need run an OTL ScriptPlease download OTL from one of the following mirrors if you do not still have it. This is first Mirror This is the second mirror [*]Save it to your desktop. [*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. [*]Paste the following code under the Custom Scans/Fixes box at the bottom. :files C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player C:\Users\Default\AppData\Roaming\Macromedia\Flash Player C:\Windows\System32\Macromed [*]Click the Run Fix button at the top. [*]let the program run unhindered and reboot when it is done. [*]You will get a log when it is done, please post that in your reply. [*]Please then create a new OTL report.... [*]Click the "Scan All Users" checkbox. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button. [*]A report will open, copy and paste it in a reply here. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 28, 2013 Author Posted July 28, 2013 Thanks, thought I had missed something! ========== FILES ========== C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www1.gfk-wi.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.tripadvisor.co.uk folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.thedarewall.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.samplicio.us folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.optimusid.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.opinionshere.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.ipoll.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.bet365.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.bbc.co.uk folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ups.surveyrouter.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tag.ybrant.hiro.tv folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#surveys.relevantid.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.eplayer.performgroup.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sq.ktrmr.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#software.hiro.tv folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#service.maxymiser.net folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sensic.net folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#securesuite.co.uk folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secure-uk.imrworldwide.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#relevantid.imperium.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mr1mr.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#members.bet365.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media5.wgt.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#live.brainjuicer.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#jgschi.srv232.dedi64.de folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#hiro.viewster.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cint.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdns.gigya.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.flashtalking.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics\esolutions\lib\flash\alekto\v3\alekto.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics\esolutions\lib\flash\alekto\v3 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics\esolutions\lib\flash\alekto folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics\esolutions\lib\flash folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics\esolutions\lib folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics\esolutions folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com\pics folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\www1.gfk-wi.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.tripadvisor.co.uk folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.thedarewall.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.samplicio.us folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.optimusid.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.opinionshere.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.ipoll.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bet365.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk\emp\releases\iplayer\revisions\617463_618125_4\617463_618125_4_emp.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk\emp\releases\iplayer\revisions\617463_618125_4 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk\emp\releases\iplayer\revisions folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk\emp\releases\iplayer folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk\emp\releases folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk\emp folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\http://www.bbc.co.uk folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\ups.surveyrouter.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\tag.ybrant.hiro.tv\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\tag.ybrant.hiro.tv\iframes\scripts\flow folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\tag.ybrant.hiro.tv\iframes\scripts folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\tag.ybrant.hiro.tv\iframes folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\tag.ybrant.hiro.tv folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\surveys.relevantid.com\dedupe-s.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\surveys.relevantid.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\static.eplayer.performgroup.com\ptvFlash\eplayer2\Eplayer.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\static.eplayer.performgroup.com\ptvFlash\eplayer2 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\static.eplayer.performgroup.com\ptvFlash folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\static.eplayer.performgroup.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects\allprojects\Flash\Engine\FlashSurveyEngine_3.0.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects\allprojects\Flash\Engine folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects\allprojects\Flash folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects\allprojects folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com\projects folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sq.ktrmr.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\software.hiro.tv folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\service.maxymiser.net\cdn\paddypower\swfstorage\storage.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\service.maxymiser.net\cdn\paddypower\swfstorage folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\service.maxymiser.net\cdn\paddypower folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\service.maxymiser.net\cdn folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\service.maxymiser.net folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sensic.net\jsf\vis_lso.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sensic.net\jsf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\sensic.net folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\securesuite.co.uk\generic\stats\cyota.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\securesuite.co.uk\generic\stats folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\securesuite.co.uk\generic folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\securesuite.co.uk folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\secure-uk.imrworldwide.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\s.ytimg.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\relevantid.imperium.com\dedupe.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\relevantid.imperium.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\mr1mr.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\mpsnare.iesnare.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\members.bet365.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\media5.wgt.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\live.brainjuicer.com\Juicer_6741\Libraries\flowplayer\flowplayer.commercial-3.2.15.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\live.brainjuicer.com\Juicer_6741\Libraries\flowplayer folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\live.brainjuicer.com\Juicer_6741\Libraries folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\live.brainjuicer.com\Juicer_6741 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\live.brainjuicer.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\l.yimg.com\rx\builds\3.8.14.10108\assets\player.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\l.yimg.com\rx\builds\3.8.14.10108\assets folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\l.yimg.com\rx\builds\3.8.14.10108 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\l.yimg.com\rx\builds folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\l.yimg.com\rx folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\l.yimg.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03\lib\flash\alekto\v3\alekto.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03\lib\flash\alekto\v3 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03\lib\flash\alekto folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03\lib\flash folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03\lib folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de\digitalresearch2012_v03 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\jgschi.srv232.dedi64.de folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\images-na.ssl-images-amazon.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\hiro.viewster.com\iframes\scripts\flow\flowplayer.commercial-3.2.7.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\hiro.viewster.com\iframes\scripts\flow folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\hiro.viewster.com\iframes\scripts folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\hiro.viewster.com\iframes folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\hiro.viewster.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cint.com\cpx\cfp.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cint.com\cpx folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cint.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cdns.gigya.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cdn.flashtalking.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\cdn-static.liverail.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\as1.suitesmart.com\_f5e.swf folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX\as1.suitesmart.com folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MWTQ2FCX folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Macromedia\Flash Player folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\NativeCache\5653293ACD1712899E1B1A3058366DA5\5d31b760 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\NativeCache\5653293ACD1712899E1B1A3058366DA5 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\NativeCache folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\AssetCache\X66Z3UWV folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\AssetCache folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\drm-ax-win-x86\ZnGMKsdP3Hvynjl2CSoE0ekS5u8= folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\drm-ax-win-x86 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\5d31b760\ZnGMKsdP3Hvynjl2CSoE0ekS5u8= folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0\5d31b760 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\APSPrivateData2\0 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\APSPrivateData2 folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player\AFCache folder moved successfully. C:\Users\garysmithafc\AppData\Roaming\Adobe\Flash Player folder moved successfully. C:\Users\Default\AppData\Roaming\Macromedia\Flash Player folder moved successfully. C:\Windows\System32\Macromed\Shockwave 10\Xtras folder moved successfully. C:\Windows\System32\Macromed\Shockwave 10 folder moved successfully. Folder move failed. C:\Windows\System32\Macromed\Flash scheduled to be moved on reboot. C:\Windows\System32\Macromed\Director folder moved successfully. Folder move failed. C:\Windows\System32\Macromed scheduled to be moved on reboot. OTL by OldTimer - Version 3.2.69.0 log created on 07282013_100507 Files\Folders moved on Reboot... C:\Windows\System32\Macromed\Flash folder moved successfully. C:\Windows\System32\Macromed folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
Slumdog Posted July 28, 2013 Author Posted July 28, 2013 OTL logfile created on: 28/07/2013 10:14:02 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\garysmithafc\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.24% Memory free 6.19 Gb Paging File | 5.21 Gb Available in Paging File | 84.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.26 Gb Total Space | 126.50 Gb Free Space | 57.43% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 4.71 Gb Free Space | 47.06% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: garysmithafc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\garysmithafc\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\ProgramData\DataCardService\HWDeviceService.exe () PRC - C:\ProgramData\DataCardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File not found SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (HWDeviceService.exe) -- C:\ProgramData\DataCardService\HWDeviceService.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.) DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYGAGB&apn_uid=F0D5B4F9-D54E-470E-B071-EE74952B1678&apn_sauid=908C6D78-5285-449A-8AD4-D369965D2873 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK_en-GBGB354 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{96A9E1EC-B58E-4562-BAE7-F79E71ACEF34}: "URL" = https://www.flickr.com/search/?q=%7BsearchTerms%7D IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{9BCE324A-85C7-4461-A177-5C43111827FD}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18827" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012/05/26 17:50:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/02 17:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/02 17:50:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/25 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/25 13:29:34 | 000,000,000 | ---D | M] [2010/04/01 12:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Extensions [2013/07/18 09:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions [2010/09/20 19:05:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\searchplugins\askcom.xml [2013/04/11 19:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/07/06 13:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012/09/05 00:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF File not found (No name found) -- C:\USERS\GARYSMITHAFC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8LQR85O.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM [2013/04/10 07:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/19 01:33:11 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/10/19 01:33:18 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2013/04/02 17:49:17 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011/05/08 12:14:24 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/04/10 07:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/10 07:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: InstaTwit = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhalcamddihdpdgdjkjbgikgobnbbpif\1.4_0\ CHR - Extension: RealDownloader = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ O1 HOSTS File: ([2013/07/20 20:04:25 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found O4 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000..\Run: [] File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..Trusted Domains: blank ([]about in Trusted sites) O15 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..Trusted Domains: eset.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-3510410515-3114074607-2372607737-1000\..Trusted Domains: eset.eu ([www] https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE50384C-B309-483F-BD71-F3BFC7743A08}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/26 21:04:15 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/26 21:04:15 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/07/26 20:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013/07/23 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/07/20 20:04:19 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/13 01:43:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/12 09:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp36166A73-3FC9-2B9B-FD84-F3920972C80F-Signatures [2013/07/11 12:01:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/07/11 12:01:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/07/11 12:01:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/07/11 12:01:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/07/11 12:01:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/07/11 12:01:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/07/11 12:01:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/07/11 12:01:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/07/11 09:19:20 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/07/11 09:19:07 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/07/11 09:19:06 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/07/11 09:19:06 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/07/11 09:19:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/07/11 09:19:06 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/07/11 09:19:05 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/07/11 09:19:05 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/07/11 09:19:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/07/11 09:19:04 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013/07/11 09:19:03 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/07/06 00:06:46 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/06 00:06:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/06 00:06:25 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/03 15:23:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/28 10:16:51 | 016,354,596 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/28 10:16:51 | 008,329,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/28 10:09:31 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013/07/28 10:09:31 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013/07/28 10:09:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/28 10:09:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/28 10:09:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/28 10:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/28 10:09:02 | 3219,193,856 | -HS- | M] () -- C:\hiberfil.sys [2013/07/28 10:08:20 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/07/28 10:03:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/07/28 10:03:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/07/28 10:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/26 21:05:46 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/26 20:10:21 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/07/20 20:04:25 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013/07/13 09:09:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/12 19:09:19 | 000,007,808 | ---- | M] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat [2013/07/12 19:08:52 | 000,000,199 | ---- | M] () -- C:\Users\garysmithafc\Desktop\bet365 - Online Sports Betting.url [2013/07/12 14:03:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job [2013/07/12 09:14:47 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/07/06 00:06:13 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/07/06 00:06:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/07/06 00:06:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/07/06 00:06:06 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/07/06 00:06:05 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/07/05 21:43:23 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/26 21:43:07 | 3219,193,856 | -HS- | C] () -- C:\hiberfil.sys [2013/07/26 21:04:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/26 20:10:21 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/07/12 14:03:50 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job [2013/07/05 21:43:23 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013/06/25 13:29:32 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys [2013/05/20 16:22:51 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll [2013/05/20 16:22:51 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll [2013/05/20 16:09:59 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2013/05/20 16:09:59 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin [2013/05/20 16:09:59 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2012/05/24 13:23:28 | 000,000,033 | ---- | C] () -- C:\Windows\System32\machine.ini [2010/07/22 20:39:28 | 000,000,642 | ---- | C] () -- C:\Users\garysmithafc\AppData\Roaming\wklnhst.dat [2010/06/28 00:04:39 | 000,052,942 | ---- | C] () -- C:\Program Files\EULA.eng [2009/11/19 13:36:07 | 000,007,808 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat [2009/11/18 21:02:09 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/18 21:02:08 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/11/18 20:22:47 | 000,029,184 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A2947BEA < End of report > Quote
etavares Posted July 28, 2013 Posted July 28, 2013 OK, at this point, please go ahead and reinstall flash from the Adobe website: http://get.adobe.com/flashplayer/ (PS> we got a part of shockwave, so you may need to reinstall that) Try to shut it down and see if it just ends up restarting or if it's working OK now. I think the flash player 11 was causing errors since 10 was still installed. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 28, 2013 Author Posted July 28, 2013 I mentioned this before, any ideas? I have also been prompted to do a microsoft security essentials full scan which I have attempted four times. The scan freezes after appx 17 minutes in the same place which is----------C:\Windows\System32\CodeIntegrity\Driver.Stl I have waited for hours to see if it will proceed but it doesn't. In fact the icon is still showing that it is scanning even though i cancelled the scan five hours ago! They sent me this to try but i haven't done anything yet as we were still doing my closing down problem. Step 1: Online Scans Restart your computer. After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. Instead of Windows loading as normal, Windows Advanced Options menu Now select the safe mode with networking mode and login to the system. Run the below online scanners to check if there is any virus infection happened in the system Download, install Hitman Pro click on this link http://www.surfright.nl/en/downloads perform full computer scan using it and delete the detected virus. Download and install Super antispyware scanner click on this: http://www.superantispyware.com/portablescanner.html perform full computer scan using it and delete the detected virus. Restart the computer and check for the issue. Now try to scan With MSE and check if the scan is complete. This could happen if the virus has disabled MSE from working, this is when MSE scan stuck and fails. If the issue still persist, Please send a screenshot of the issue (with error, if any) Please notify the result of the issue accordingly. Quote
etavares Posted July 29, 2013 Posted July 29, 2013 Hi Slumdog, That's not an uncommon issue. Open Microsoft Security Essentials Select the Settings tab Next, select: Excluded files and locations Use the Browse button to select C:/windows/system32/codeintegrity/driver.stl Click: Add Click: Save changes Now, run a full scan with MSE. Does it stall or complete? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 29, 2013 Author Posted July 29, 2013 (edited) Unfortunately still stopping at the same place. Also it doesn't let me cancel the scan, it just keeps running and does not go away unless I completely shut down. Edited July 29, 2013 by Slumdog Quote
etavares Posted July 30, 2013 Posted July 30, 2013 So it shows in the exclusion list? Try rebooting, then try to run a full scan again. Does it still hang after the reboot? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 30, 2013 Author Posted July 30, 2013 (edited) Yes, I added it to the exclusion list. It still stops at that point after reboot and/or shutdown. Would SpywareBlaster be conflicting? Edited July 30, 2013 by Slumdog Quote
etavares Posted July 31, 2013 Posted July 31, 2013 Likely not. MSSE is an antivirus, SpywareBlaster is an anti-spyware program. There's lots of instances of this issue occuring. Do you have a Windows CD we can use? Needs to be the same version of Windows that is running on this machine. Please let me know. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted July 31, 2013 Author Posted July 31, 2013 I have a Reinstallation DVD for Windows Vista Home Premium 32 BIT SP1? If I run this do I lose everything and have to start again? Quote
etavares Posted August 1, 2013 Posted August 1, 2013 Hi, Nope. I don't want to reinstall it...but folks have had success with this issue by running a system file check. This scans system files to make sure they're not corrupted, if they are it tries to replace it from the installation CD. No change to your data. But, we need to have a Windows DVD. But, you called it "reinstallation". THat means it could be an image of your computer from the manufacturer which wouldn't work. We'll try anyway and assume it's the Windows CD. The trick is that you are running SP2 and this is SP1. We need to update it. Do you have a DVD burner? IF so, please follow these instructions to create a 'slipstream' SP2 disk...(It combines your SP1 disk with the SP2 update and you end up with a new Vista SP2 installation CD). http://www.vistax64.com/tutorials/230249-sliptream-vista-sp2.html If not, please let me know and I'll think of a way around this. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted August 1, 2013 Author Posted August 1, 2013 Sorry etavares, looking at the instructions in the above link, I am not confident/computer savvy enough to try such a process!! I uninstalled and reinstalled MSE though and thought I had cracked it because the scan ran for 1hr 13mins. But then it found the same old problem and stalled. Apologies again for me not trying the above. Quote
Slumdog Posted August 1, 2013 Author Posted August 1, 2013 Or could I just get rid of MSE altogether and use some other free security? If so, what do you recommend? Thanks. Quote
etavares Posted August 2, 2013 Posted August 2, 2013 We can try removing MSE. Or, I can break up the instructions in smaller chunks with extra detail. If you want to try a new one, I'd recommend Avast or AVG. They both make free versions; don't download the trial version by mistake. Download it first, then disconnect from the internet by turning off WiFi or unplugging the internet cable. Next, uninstall MSE via the add/remove programs wizard. Next, reboot. Then, install the new antivirus and connect and immediately update the definitions. Then, try a scan. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Slumdog Posted August 2, 2013 Author Posted August 2, 2013 Ok, now I don't know what to do!! whether to use a new one or toil on with mse. Please tell me what you think is best to do and I will go with that. Quote
etavares Posted August 2, 2013 Posted August 2, 2013 disregard - cross post Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
etavares Posted August 2, 2013 Posted August 2, 2013 OK, it's up to you. If the computer is running fine, it's likely nothing serious. That file is outdated for 5+ years. We can solve the symptom by changing to a new antivirus. If you want to fix the root cause, we can try the system file check scan. I would recommend the SFC scan just in case. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.