macp Posted July 23, 2013 Posted July 23, 2013 Good afternoon I have searched the forums and could not find anything so thought I would post. I cannot find & remove this awful popup PricePeep using Google Chrome on my XP professional PC. I have run Adwcleaner (see results) and Combofix (see results) but no joy im afraid. Any help appreciated. # AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:59:12 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : p.macfarlane - PPC003449-PETER # Boot Mode : Normal # Running from : \\Lserver\Users\p.macfarlane\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Found : C:\Documents and Settings\p.macfarlane\Application Data\adawaretb Folder Found : C:\Documents and Settings\p.macfarlane\Application Data\DriverCure Folder Found : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Folder Found : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Folder Found : C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Free Ride Games Folder Found : C:\Program Files\adawaretb Folder Found : C:\Program Files\Free Ride Games ***** [Registry] ***** Key Found : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Found : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Found : HKLM\Software\adawaretb Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2799 octets] - [23/07/2013 11:59:12] AdwCleaner[s1].txt - [39186 octets] - [16/04/2013 15:24:14] AdwCleaner[s2].txt - [1615 octets] - [01/05/2013 15:24:12] ########## EOF - C:\AdwCleaner[R1].txt - [2980 octets] ########## Combo-fix ComboFix 13-07-22.01 - p.macfarlane 23/07/2013 12:06:33.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1878 [GMT 1:00] Running from: c:\documents and settings\p.macfarlane\Desktop\Combo-Fix.exe AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2013-06-23 to 2013-07-23 ))))))))))))))))))))))))))))))) . . 2013-07-23 10:32 . 2013-07-23 10:32 -------- d-----w- c:\documents and settings\p.macfarlane\Application Data\smkits 2013-07-23 09:23 . 2013-07-23 09:23 -------- d-----w- c:\documents and settings\p.macfarlane\Application Data\LavasoftStatistics 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\program files\adawaretb 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\documents and settings\p.macfarlane\Application Data\adawaretb 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\program files\Toolbar Cleaner 2013-07-23 09:18 . 2013-07-23 09:18 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-07-23 09:18 . 2013-07-23 09:18 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-07-11 07:34 . 2013-07-11 07:34 -------- d-----w- c:\documents and settings\p.macfarlane\Local Settings\Application Data\PCHealth 2013-07-10 07:39 . 2013-06-27 08:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-10 07:39 . 2013-06-27 08:39 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-10 07:39 . 2013-06-27 08:39 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-06-27 07:27 . 2013-06-27 07:35 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-06-27 07:27 . 2013-06-27 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2013-06-27 07:27 . 2013-06-27 07:27 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat 2013-06-25 07:37 . 2013-06-25 07:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-24 15:06 . 2013-06-24 15:07 -------- d-----w- c:\documents and settings\p.macfarlane\Application Data\VDownloader 2013-06-24 15:05 . 2013-06-24 15:06 -------- d-----w- c:\documents and settings\p.macfarlane\Local Settings\Application Data\VDownloader 2013-06-24 15:05 . 2013-06-27 07:29 -------- d-----w- C:\ProgramData 2013-06-24 15:05 . 2010-01-26 09:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-15 07:39 . 2012-04-12 07:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-15 07:39 . 2011-05-19 07:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 08:39 . 2011-01-13 14:54 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-06-27 08:39 . 2011-01-13 14:54 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 08:39 . 2012-07-12 13:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 08:39 . 2011-01-13 14:54 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-06-27 08:39 . 2012-07-12 13:31 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-06-27 08:39 . 2011-01-13 14:54 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-06-27 08:37 . 2012-07-12 13:31 41664 ----a-w- c:\windows\avastSS.scr 2013-06-27 08:37 . 2011-01-13 14:54 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-06-25 07:37 . 2013-02-19 13:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-06-25 07:37 . 2007-10-05 07:29 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-06-25 07:37 . 2010-10-01 11:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-07 22:55 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-11 16:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-11 16:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-11 16:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-08 23:28 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30 . 2004-08-11 16:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-30 09:05 . 2010-06-30 09:05 2242863 ----a-w- c:\program files\DesktopReminderSetup.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-06-27 08:36 121968 ----a-w- c:\program files\AVAST Software\Avast Business\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432] "GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "IBM Lotus Notes Preloader"="c:\program files\lotus\notes\nntspreld.exe" [2011-09-16 25480] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 98304] "avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2013-06-27 4769352] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Peter\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe [2013-5-25 27776968] . c:\documents and settings\p.macfarlane\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-23 25214] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-19 12:37 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\windows\system32\pwhttyyp.exe"= c:\windows\system32\pwh "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\windows\system32\cbvmbuqf.exe"= c:\windows\system32\cbv "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Documents and Settings\\Peter\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\p.macfarlane\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Documents and Settings\\p.macfarlane\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [12/07/2012 14:31 21576] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10/07/2013 08:39 49248] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [23/07/2013 10:18 13560] R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [20/01/2012 16:05 149376] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/07/2012 14:31 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/01/2011 15:54 368176] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 17:00 14336] R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2011 15:54 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/07/2013 08:39 66336] R2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe [12/07/2012 14:31 201296] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [01/10/2010 10:58 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28/02/2008 15:31 12856] R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\program files\lotus\notes\SUService.exe [16/09/2011 08:31 191664] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [16/09/2011 08:28 4455600] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 03:09 50704] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [09/03/2010 00:40 144672] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [05/04/2013 12:50 266240] S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys --> c:\windows\system32\Drivers\mfpec.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/06/2013 09:53 162408] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10/07/2013 08:39 175176] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [17/12/2007 15:01 44928] S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys --> c:\windows\system32\DRIVERS\mfpvbus.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-15 07:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:40] . 2013-07-23 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast Business\AvastEmUpdate.exe [2012-07-12 08:37] . 2013-07-23 c:\windows\Tasks\CCleaner.job - c:\ccleaner\CCleaner.exe [2013-05-24 14:03] . 2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 10:25] . 2013-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 10:25] . 2012-05-25 c:\windows\Tasks\photostageShakeIcon.job - c:\program files\NCH Software\PhotoStage\photostage.exe [2011-10-04 14:38] . 2013-07-23 c:\windows\Tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . 2013-07-23 c:\windows\Tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . 2013-07-23 c:\windows\Tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.4.253 192.168.4.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-23 12:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi] "ImagePath"="\*" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3660) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-07-23 12:15:02 ComboFix-quarantined-files.txt 2013-07-23 11:14 ComboFix2.txt 2013-06-14 10:10 ComboFix3.txt 2013-05-01 14:46 ComboFix4.txt 2013-04-16 15:13 . Pre-Run: 109,233,430,528 bytes free Post-Run: 109,298,757,632 bytes free . - - End Of File - - 3C5E717FB594AD35CFC6C74626F639A3 8F558EB6672622401DA993E1E865C861 Quote
macp Posted July 23, 2013 Author Posted July 23, 2013 Sorry just read the sticky so below is the malwarebytes & OTL reports, only 1 report from OTL ? Malwarebytes Anti-Malware 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.07.23.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 p.macfarlane :: PPC003449-PETER [administrator] 23/07/2013 13:59:00 mbam-log-2013-07-23 (13-59-00).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 542287 Time elapsed: 1 hour(s), 18 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP86\A0094890.dll (Adware.Agent) -> Quarantined and deleted successfully. (end) OTL logfile created on: 23/07/2013 15:29:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.16% Memory free 4.33 Gb Paging File | 3.50 Gb Available in Paging File | 80.92% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.81 Gb Free Space | 68.35% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.60 Gb Free Space | 68.58% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.60 Gb Free Space | 68.58% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.60 Gb Free Space | 68.58% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\AVAST Software\Avast Business\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\lotus\notes\SUService.exe (IBM Corp) PRC - C:\Program Files\lotus\notes\nsd.exe (IBM) PRC - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Program Files\Rainmeter\Rainmeter.exe () PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll () MOD - C:\Program Files\AVAST Software\Avast Business\defs\13070902\algo.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\libcef.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.exe () MOD - C:\Program Files\Rainmeter\Plugins\RecycleManager.dll () MOD - C:\Program Files\Rainmeter\Plugins\WebParser.dll () MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files\Rainmeter\Plugins\InputText.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\WINDOWS\system32\neeviaprtntwt.dll () ========== Services (SafeList) ========== SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe File not found SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll () SRV - (avast! Net Client Service) -- C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (LNSUSvc) -- C:\Program Files\lotus\notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\lotus\notes\nsd.exe (IBM) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WUSBVBus) -- system32\DRIVERS\mfpvbus.sys File not found DRV - (WDICA) -- File not found DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\P6B39~1.MAC\LOCALS~1\Temp\catchme.sys File not found DRV - (ALIWEHCD) -- System32\Drivers\mfpec.sys File not found DRV - (.imapi) -- File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.) DRV - (BASFND) -- C:\Program Files\Broadcom\WMI\BASFND.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}: "URL" = http://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enGB544 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2013/06/27 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2013/07/10 08:38:53 | 000,000,000 | ---D | M] [2013/05/01 14:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions [2011/11/15 16:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions\uploadr@flickr.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Google Docs = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: IMVU Inc = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb\10.16.70.501_0\ CHR - Extension: YouTube = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Select Links App = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbnkookackmdofjmjkbfliamcjdkccda\4.3_0\ CHR - Extension: Planetarium = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1490_0\ CHR - Extension: Google Maps = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: FlashControl = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.2.12_0\ CHR - Extension: Harvard Referencing = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Lavasoft NewTab = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.9_0\ CHR - Extension: Gmail = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/14 11:08:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast Business\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iBM Lotus Notes Preloader] C:\Program Files\lotus\notes\nntspreld.exe (IBM Corp) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control) O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294928563967 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LAFERTUK.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D71D3998-90AF-47AE-A4D5-3B38CD3FBC8E}: DhcpNameServer = 192.168.4.253 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/19 12:01:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/08/24 14:22:59 | 000,000,042 | R--- | M] () - Z:\AUTORUN.INF -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/23 15:22:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\p.macfarlane\Recent [2013/07/23 14:00:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/07/23 10:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\LavasoftStatistics [2013/07/23 10:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/07/23 10:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/07/23 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2013/07/23 10:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\adawaretb [2013/07/23 10:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013/07/23 10:18:09 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/16 14:08:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/12 11:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/07/11 08:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\PCHealth [2013/07/10 08:39:02 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/06/27 08:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/06/27 08:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton [2013/06/27 08:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2013/06/25 08:37:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/06/24 16:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\VDownloader [2013/06/24 16:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\VDownloader [2013/06/24 16:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader [2013/06/24 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/30 10:05:34 | 002,242,863 | ---- | C] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe ========== Files - Modified Within 30 Days ========== [2013/07/23 15:31:01 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job [2013/07/23 15:30:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job [2013/07/23 15:26:28 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/23 15:25:49 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job [2013/07/23 15:23:58 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013/07/23 15:21:50 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013/07/23 15:21:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/23 15:21:37 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/07/23 15:21:32 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/23 15:21:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/23 14:38:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/23 14:35:40 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job [2013/07/23 12:02:25 | 005,091,940 | R--- | M] (Swearware) -- C:\Documents and Settings\p.macfarlane\Desktop\Combo-Fix.exe [2013/07/23 10:18:08 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:08 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/19 09:45:28 | 002,651,907 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/15 08:44:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/15 08:39:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/07/15 08:39:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/07/15 08:26:30 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/11 08:28:17 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/10 17:06:53 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/10 17:06:53 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/10 09:11:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/07/10 08:39:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/06/28 16:19:51 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/27 09:39:39 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/06/27 09:39:39 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013/06/27 09:39:38 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013/06/27 09:39:37 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013/06/27 09:39:37 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013/06/27 09:39:37 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/27 09:39:36 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/06/27 09:39:35 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013/06/27 09:39:35 | 000,021,576 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys [2013/06/27 09:37:46 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013/06/27 09:37:09 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013/06/27 08:29:18 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk [2013/06/27 08:29:18 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2013/06/27 08:27:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013/06/25 08:37:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/06/25 08:37:07 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013/06/25 08:37:07 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/06/25 08:37:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/06/25 08:37:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/06/25 08:37:07 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/06/25 08:37:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2013/07/19 09:44:33 | 002,651,907 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/12 11:27:21 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/12 11:27:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/12 11:25:55 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:25:55 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/10 08:39:03 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/07/10 08:39:03 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/27 08:27:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013/06/24 16:05:32 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013/06/24 16:05:32 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk [2013/06/24 16:05:32 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2013/04/29 10:54:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2013/04/16 15:40:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/04/16 15:40:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/04/16 15:40:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/04/16 15:40:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/04/16 15:40:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/04/05 12:50:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/04/05 12:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012/07/12 13:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/12 13:27:08 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/12 13:13:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/11 10:43:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/07/11 10:43:14 | 000,000,125 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/07/11 10:13:56 | 000,005,897 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/06/19 11:03:04 | 000,049,547 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\install.xml [2012/02/27 16:42:55 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/02/27 16:42:55 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/02/15 09:34:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/05 11:59:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/12/05 11:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2011/11/16 12:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/11/16 11:28:34 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/16 11:28:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/16 11:28:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/16 11:28:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/16 11:28:34 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/16 11:28:34 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/16 11:28:34 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/16 11:28:34 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/16 11:28:34 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/16 11:28:34 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/16 11:28:34 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/16 11:28:34 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/11/16 11:28:34 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/11/16 11:28:34 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/16 11:28:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/10/05 12:32:41 | 000,385,663 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\VideoPad.dmp [2011/01/19 17:17:56 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/17 18:42:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/09/26 08:26:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/07/31 12:08:37 | 000,003,088 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/09/20 11:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2012/07/12 14:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/07/23 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/04/05 12:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2013/07/23 10:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2012/02/28 16:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emicsoft Studio [2011/11/18 12:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/03/01 12:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2007/08/09 09:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2012/07/11 10:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2012/07/11 10:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2012/07/11 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2013/07/23 10:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\adawaretb [2011/05/19 12:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Autodesk [2013/04/05 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\ControlCenter4 [2011/02/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DesktopReminder [2011/09/15 09:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DriverCure [2013/07/23 15:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Dropbox [2012/02/28 17:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DVDVideoSoft [2012/09/12 12:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Easy Thumbnails [2011/11/18 12:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\EPSON [2011/07/12 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Equisys [2011/11/15 16:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Flickr [2011/09/20 11:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Image Zone Express [2012/07/11 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Nuance [2012/07/11 10:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\PC-FAX TX [2012/02/06 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Rainmeter [2012/07/12 14:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\TeamViewer [2013/06/24 16:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\VDownloader [2012/07/11 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Zeon ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3160815AS Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 47.00MB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 149.00GB Starting Offset: 49351680 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2010/09/29 14:55:51 | 000,001,024 | ---- | M] () -- C:\.rnd [2007/06/20 14:14:02 | 000,000,191 | ---- | M] () -- C:\0 [2007/12/17 19:29:12 | 000,000,365 | ---- | M] () -- C:\aaw7boot.log [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/03/01 12:21:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2013/05/09 13:41:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2013/07/23 12:15:05 | 000,019,750 | ---- | M] () -- C:\ComboFix.txt [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/06/20 13:52:48 | 000,005,345 | RH-- | M] () -- C:\dell.sdr [2007/07/31 13:32:16 | 000,000,906 | ---- | M] () -- C:\docuPrinter.log [2007/12/17 17:21:00 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe [2007/12/17 17:21:00 | 000,000,291 | ---- | M] () -- C:\HijackThis.lnk [2007/07/31 15:58:59 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/01 08:42:47 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/18 11:47:25 | 000,262,144 | ---- | M] () -- C:\ntuser.dat [2011/07/18 11:47:25 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG [2010/06/01 08:39:50 | 000,061,690 | ---- | M] () -- C:\ow_reindex.txt [2013/07/23 15:21:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2012/11/20 16:15:21 | 000,002,938 | ---- | M] () -- C:\removeContacts.vbs [2013/07/23 15:21:29 | 000,131,598 | ---- | M] () -- C:\SUService.log [2007/12/21 15:27:27 | 000,003,063 | ---- | M] () -- C:\VundoFix.txt [2007/12/17 16:51:52 | 000,240,904 | ---- | M] () -- C:\ZonedOut.zip < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2008/10/23 13:51:42 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL [2011/07/19 13:37:06 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2010/06/30 10:05:34 | 002,242,863 | ---- | M] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > Quote
seedy21 Posted July 23, 2013 Posted July 23, 2013 Hi Macp Looks like youhave used it before. Step 1 Open Up OTL and click on CleanUP Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check . . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. DRIVES netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Note: Running the above script with OTL will : turn on your system restore and set a new restore point (XP only) set a new restore point (if system restore is turned on) Vista & Win7 Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
macp Posted July 23, 2013 Author Posted July 23, 2013 Thanks seedy21 Everything I know is down to you guys thankyou. I am a little confused though because step 2 looks like what I have already done ? Quote
seedy21 Posted July 23, 2013 Posted July 23, 2013 hi yes step 2 is the same as what yoi have completed, but this time should give you both logs that we need Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
etavares Posted July 24, 2013 Posted July 24, 2013 Hi macp, In addition, please run adwCleaner again. It detected some adware, but it was only in 'search mode'. This time, run it, click "Delete" and click "OK" for each item. It should reboot..please post the log that will pop up and let us know if that add on is gone. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted July 24, 2013 Author Posted July 24, 2013 Thanks all I am still getting popups also from Google asking me to complete a survey and when I bootup my PC first thing in the morning the browser opens on an Avast page asking me to sign up with Google Chrome ?? So here are the logs, OTL first OTL logfile created on: 24/07/2013 08:45:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.42% Memory free 4.33 Gb Paging File | 3.30 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.74 Gb Free Space | 68.30% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\AVAST Software\Avast Business\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\lotus\notes\SUService.exe (IBM Corp) PRC - C:\Program Files\lotus\notes\nsd.exe (IBM) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Program Files\Rainmeter\Rainmeter.exe () PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\616fa195ca93638850a119a54171dac1\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll () MOD - C:\Program Files\AVAST Software\Avast Business\defs\13070902\algo.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\libcef.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.exe () MOD - C:\Program Files\Rainmeter\Plugins\RecycleManager.dll () MOD - C:\Program Files\Rainmeter\Plugins\WebParser.dll () MOD - C:\Program Files\Rainmeter\Plugins\InputText.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\WINDOWS\system32\neeviaprtntwt.dll () ========== Services (SafeList) ========== SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe File not found SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll () SRV - (avast! Net Client Service) -- C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (LNSUSvc) -- C:\Program Files\lotus\notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\lotus\notes\nsd.exe (IBM) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WUSBVBus) -- system32\DRIVERS\mfpvbus.sys File not found DRV - (WDICA) -- File not found DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found DRV - (Changer) -- File not found DRV - (ALIWEHCD) -- System32\Drivers\mfpec.sys File not found DRV - (.imapi) -- File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.) DRV - (BASFND) -- C:\Program Files\Broadcom\WMI\BASFND.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}: "URL" = http://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enGB544 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2013/06/27 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2013/07/10 08:38:53 | 000,000,000 | ---D | M] [2013/05/01 14:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions [2011/11/15 16:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions\uploadr@flickr.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Google Docs = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: IMVU Inc = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb\10.16.70.501_0\ CHR - Extension: YouTube = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Select Links App = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbnkookackmdofjmjkbfliamcjdkccda\4.3_0\ CHR - Extension: Planetarium = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1490_0\ CHR - Extension: Google Maps = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: FlashControl = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.2.12_0\ CHR - Extension: Harvard Referencing = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Lavasoft NewTab = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.9_0\ CHR - Extension: Gmail = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/14 11:08:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast Business\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iBM Lotus Notes Preloader] C:\Program Files\lotus\notes\nntspreld.exe (IBM Corp) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control) O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294928563967 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LAFERTUK.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D71D3998-90AF-47AE-A4D5-3B38CD3FBC8E}: DhcpNameServer = 192.168.4.253 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/19 12:01:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/08/24 14:22:59 | 000,000,042 | R--- | M] () - Z:\AUTORUN.INF -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/24 08:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/24 08:31:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\p.macfarlane\Recent [2013/07/23 14:00:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/07/23 10:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\LavasoftStatistics [2013/07/23 10:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/07/23 10:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/07/23 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2013/07/23 10:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\adawaretb [2013/07/23 10:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013/07/23 10:18:09 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/16 14:08:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/12 11:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/07/11 08:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\PCHealth [2013/07/10 08:39:02 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/06/27 08:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/06/27 08:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton [2013/06/27 08:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2013/06/25 08:37:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/06/24 16:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\VDownloader [2013/06/24 16:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\VDownloader [2013/06/24 16:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader [2013/06/24 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/30 10:05:34 | 002,242,863 | ---- | C] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe ========== Files - Modified Within 30 Days ========== [2013/07/24 08:50:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job [2013/07/24 08:46:01 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job [2013/07/24 08:41:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/24 08:40:16 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job [2013/07/24 08:39:05 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/07/24 08:38:41 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/24 08:38:38 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/24 08:33:29 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013/07/24 08:31:45 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013/07/24 08:31:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/24 08:31:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/24 08:31:04 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/24 08:27:10 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job [2013/07/24 08:26:39 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/23 10:18:08 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:08 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/19 09:45:28 | 002,651,907 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/15 08:44:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/15 08:39:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/07/15 08:39:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/07/15 08:26:30 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/10 17:06:53 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/10 17:06:53 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/10 09:11:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/07/10 08:39:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/06/28 16:19:51 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/27 09:39:39 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/06/27 09:39:39 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013/06/27 09:39:38 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013/06/27 09:39:37 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013/06/27 09:39:37 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013/06/27 09:39:37 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/27 09:39:36 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/06/27 09:39:35 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013/06/27 09:39:35 | 000,021,576 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys [2013/06/27 09:37:46 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013/06/27 09:37:09 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013/06/27 08:29:18 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk [2013/06/27 08:29:18 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2013/06/27 08:27:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013/06/25 08:37:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/06/25 08:37:07 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013/06/25 08:37:07 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/06/25 08:37:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/06/25 08:37:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/06/25 08:37:07 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/06/25 08:37:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2013/07/19 09:44:33 | 002,651,907 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/12 11:27:21 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/12 11:27:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/12 11:25:55 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:25:55 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/10 08:39:03 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/07/10 08:39:03 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/27 08:27:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013/06/24 16:05:32 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013/06/24 16:05:32 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk [2013/06/24 16:05:32 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2013/04/29 10:54:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2013/04/05 12:50:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/04/05 12:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012/07/12 13:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/12 13:27:08 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/12 13:13:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/11 10:43:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/07/11 10:43:14 | 000,000,125 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/07/11 10:13:56 | 000,005,897 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/06/19 11:03:04 | 000,049,547 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\install.xml [2012/02/27 16:42:55 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/02/27 16:42:55 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/02/15 09:34:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/05 11:59:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/12/05 11:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2011/11/16 12:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/11/16 11:28:34 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/16 11:28:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/16 11:28:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/16 11:28:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/16 11:28:34 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/16 11:28:34 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/16 11:28:34 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/16 11:28:34 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/16 11:28:34 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/16 11:28:34 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/16 11:28:34 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/16 11:28:34 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/11/16 11:28:34 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/11/16 11:28:34 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/16 11:28:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/10/05 12:32:41 | 000,385,663 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\VideoPad.dmp [2011/01/19 17:17:56 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/17 18:42:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/09/26 08:26:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/07/31 12:08:37 | 000,003,088 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/09/20 11:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2012/07/12 14:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/07/23 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/04/05 12:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2013/07/23 10:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2012/02/28 16:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emicsoft Studio [2011/11/18 12:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/03/01 12:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2007/08/09 09:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2012/07/11 10:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2012/07/11 10:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2012/07/11 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2013/07/23 10:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\adawaretb [2011/05/19 12:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Autodesk [2013/04/05 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\ControlCenter4 [2011/02/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DesktopReminder [2011/09/15 09:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DriverCure [2013/07/24 08:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Dropbox [2012/02/28 17:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DVDVideoSoft [2012/09/12 12:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Easy Thumbnails [2011/11/18 12:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\EPSON [2011/07/12 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Equisys [2011/11/15 16:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Flickr [2011/09/20 11:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Image Zone Express [2012/07/11 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Nuance [2012/07/11 10:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\PC-FAX TX [2012/02/06 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Rainmeter [2012/07/12 14:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\TeamViewer [2013/06/24 16:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\VDownloader [2012/07/11 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Zeon ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3160815AS Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 47.00MB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 149.00GB Starting Offset: 49351680 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2010/09/29 14:55:51 | 000,001,024 | ---- | M] () -- C:\.rnd [2007/06/20 14:14:02 | 000,000,191 | ---- | M] () -- C:\0 [2007/12/17 19:29:12 | 000,000,365 | ---- | M] () -- C:\aaw7boot.log [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/03/01 12:21:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2013/05/09 13:41:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/06/20 13:52:48 | 000,005,345 | RH-- | M] () -- C:\dell.sdr [2007/07/31 13:32:16 | 000,000,906 | ---- | M] () -- C:\docuPrinter.log [2007/12/17 17:21:00 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe [2007/12/17 17:21:00 | 000,000,291 | ---- | M] () -- C:\HijackThis.lnk [2007/07/31 15:58:59 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/01 08:42:47 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/18 11:47:25 | 000,262,144 | ---- | M] () -- C:\ntuser.dat [2011/07/18 11:47:25 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG [2010/06/01 08:39:50 | 000,061,690 | ---- | M] () -- C:\ow_reindex.txt [2013/07/24 08:31:03 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2012/11/20 16:15:21 | 000,002,938 | ---- | M] () -- C:\removeContacts.vbs [2013/07/24 08:31:23 | 000,132,478 | ---- | M] () -- C:\SUService.log [2007/12/17 16:51:52 | 000,240,904 | ---- | M] () -- C:\ZonedOut.zip < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2008/10/23 13:51:42 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL [2011/07/19 13:37:06 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2010/06/30 10:05:34 | 002,242,863 | ---- | M] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > Quote
macp Posted July 24, 2013 Author Posted July 24, 2013 Here is the OTL extras log OTL Extras logfile created on: 24/07/2013 08:45:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.42% Memory free 4.33 Gb Paging File | 3.30 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.74 Gb Free Space | 68.30% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "FirewallDisableNotify" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "16109:TCP" = 16109:TCP:*:Enabled:avast! NetAgent "Apply To" feature "16108:TCP" = 16108:TCP:*:Enabled:avast! NetAgent "Remote Chest" feature "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "14135:UDP" = 14135:UDP:*:Enabled:Server Application "14135:TCP" = 14135:TCP:*:Enabled:Server Application "13621:UDP" = 13621:UDP:*:Enabled:MFP Setup Wizard "13878:UDP" = 13878:UDP:*:Enabled:MFP Manager "13364:UDP" = 13364:UDP:*:Enabled:MFP Server Manager "69:UDP" = 69:UDP:*:Enabled:MFP Server Manager TFTP "25322:TCP" = 25322:TCP:*:Enabled:avast! SBC "25322:UDP" = 25322:UDP:*:Enabled:avast! SBC "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner "1147:TCP" = 1147:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Program Files\Alwil Software\Avast4\AvAgent.exe" = C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "C:\Program Files\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "C:\Program Files\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "C:\Program Files\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "C:\Program Files\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "C:\Program Files\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "C:\Program Files\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "C:\Program Files\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "C:\Program Files\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "C:\Program Files\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "C:\Program Files\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "C:\Program Files\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "C:\Program Files\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "C:\Program Files\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Documents and Settings\p.macfarlane\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.) "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application "\\lserver\Common Files\IT Support\Brother scanner\install\Data\Disk1\Setup.exe" = \\lserver\Common Files\IT Support\Brother scanner\install\Data\Disk1\Setup.exe:*:Enabled:Setup.exe "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "C:\Documents and Settings\p.macfarlane\Local Settings\Temporary Internet Files\Content.IE5\JRSNAHZ7\AA_v3[1].exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Temporary Internet Files\Content.IE5\JRSNAHZ7\AA_v3[1].exe:*:Enabled:Ammyy Admin "\\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport.exe" = \\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport.exe:*:Enabled:Ammyy Admin "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "\\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport (1).exe" = \\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport (1).exe:*:Enabled:Ammyy Admin "C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe:*:Enabled:Lotus Notes -- (IBM) "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "C:\Program Files\Brother\Brmfl11b\FAXRX.exe" = C:\Program Files\Brother\Brmfl11b\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\WINDOWS\system32\pwhttyyp.exe" = C:\WINDOWS\system32\pwh "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\cbvmbuqf.exe" = C:\WINDOWS\system32\cbv "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.) "C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0200EE92-FABA-4D77-B5E6-1FDD7868A48E}" = Zetafax Client Applications "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0540D7A3-EC2A-800A-9556-CA8BE5890158}" = CCC Help French "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications "{09D537B4-89F1-5879-92C6-58F572DE3294}" = CCC Help Italian "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D0A39F8-726A-1694-B925-05F6CDDB84A4}" = CCC Help Korean "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{119F847C-7E3D-2382-9CE1-32EA384B9411}" = CCC Help Turkish "{161A1AA3-9989-00C5-9F92-D436CB9B2323}" = Catalyst Control Center "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 21 "{26A24AE4-039D-4CA4-87B4-2F83217021F0}" = Java 7 Update 21 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2F00946A-5A04-0BF8-044E-DCF9C170E50B}" = CCC Help Chinese Standard "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{369B36BE-3D64-4641-9AEA-808D436FE133}" = Microsoft Picture It! Photo Standard 7.0 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{41DD2E27-8C34-11D5-AD21-00E098869716}" = OrderWise "{42B4A23D-81A0-3FE1-3950-17500B8778AE}" = CCC Help German "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{47F29647-21AF-2155-8979-01F09BDEB840}" = CCC Help Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50D71DAA-99DD-0DC7-57C3-D33AA6C84D2F}" = CCC Help Chinese Traditional "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{56616E6D-BCFF-C547-CDE1-FC3F3243B62D}" = CCC Help Danish "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{66362A0A-199D-C7F9-075B-317945011832}" = CCC Help Dutch "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773410C0-7622-4949-A598-2F671CF337EA}" = avast! Antivirus "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C972873-8A9E-A6FD-B704-141E77662B2D}" = ccc-utility "{7DB6717B-8F45-2F44-F3D2-680B319BA9AC}" = CCC Help Hungarian "{81D5607E-35BE-8FB5-54F7-05D9F81CA8B2}" = CCC Help Swedish "{830F55B6-4398-4B72-A0D8-66397B902C0E}" = Brother MFL-Pro Suite MFC-J5910DW "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010 "{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4FC4416-1BE2-D4D3-02F3-8E7E8F999AD4}" = CCC Help Thai "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1475 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE6D82C4-DD50-275D-A61A-C8901390ED54}" = CCC Help Finnish "{BEA2143E-CDEA-EAA6-0D8F-384F46309E8E}" = CCC Help Japanese "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C877FC4D-3733-8FB1-D41D-7B2A1B6C5161}" = Catalyst Control Center Localization All "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB716B84-167F-4AC7-B492-03170D45B7DF}" = showhome3D Interior Design "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1" = STP Viewer 2.3 "{D50B0249-70A8-1310-61FD-F812F4653C7E}" = Catalyst Control Center Graphics Previews Common "{E0B58D68-DE7E-F1B8-6089-4BD0B7D67ECD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E36FB5F6-94FE-47BF-9FBE-6D8CBCFB0269}" = Lotus Notes 8.5.3 "{E45230A6-0921-D383-6EF2-32326408627C}" = CCC Help Czech "{E9DAE705-1659-E8AD-2F63-4E392BB59569}" = CCC Help Greek "{EB0C9EFE-8CE4-43D1-8458-B1AB396DC3BD}" = Brother HL-2150N "{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn "{ED9E9F59-5730-BDBD-E5C3-F6A7097A4CFF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3E08709-43B4-7FB7-D2D8-A8EACB2FA184}" = CCC Help Russian "{F7C3F48F-CC54-61E0-2361-EB60621092EE}" = CCC Help Portuguese "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs "{FBB46D7B-ABA2-B8BC-8271-565C230BA5F4}" = CCC Help Spanish "{FC08ABD7-20E4-806B-7762-1D454F8A52E2}" = CCC Help Polish "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements "Adobe SVG Viewer" = Adobe SVG Viewer "Akamai" = Akamai NetSession Interface Service "avast" = avast! Endpoint Protection Suite "CCleaner" = CCleaner "CutePDF Writer Installation" = CutePDF Writer 2.8 "Defraggler" = Defraggler "Flickr Uploadr" = Flickr Uploadr 3.2.1 "Free Video to GIF Converter_is1" = 2.0 "getPlus®_ocx" = getPlus®_ocx "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{CB716B84-167F-4AC7-B492-03170D45B7DF}" = showhome3D Interior Design "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Neevia docuPrinter LT_is1" = docuPrinter LT v5.1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Office14.PUBLISHERR" = Microsoft Publisher 2010 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "PhotoStage" = PhotoStage Slideshow Producer "Rainmeter" = Rainmeter "Recuva" = Recuva "Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only) "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Antivirus Events ] Error - 16/05/2012 04:05:18 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 16/05/2012 04:05:32 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 16/05/2012 05:24:27 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 22/05/2012 09:42:38 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 21/06/2012 08:03:55 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 21/06/2012 08:32:00 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 26/06/2012 07:42:15 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 05/07/2012 06:28:35 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 06/07/2012 10:40:46 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 11/07/2012 10:24:07 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 22/07/2013 11:36:58 | Computer Name = PPC003449-PETER | Source = NativeWrapper | ID = 5000 Description = Error - 23/07/2013 05:00:39 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:00:39.904]: [00002328]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 23/07/2013 05:00:39 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:00:39.904]: [00002328]: Initialize TwdsMain Class failed! Error - 23/07/2013 05:03:08 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:03:08.921]: [00002328]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 23/07/2013 05:03:08 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:03:08.921]: [00002328]: Initialize TwdsMain Class failed! Error - 23/07/2013 05:10:21 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:10:21.640]: [00002328]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 23/07/2013 05:10:21 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:10:21.640]: [00002328]: Initialize TwdsMain Class failed! Error - 23/07/2013 11:39:22 | Computer Name = PPC003449-PETER | Source = MsiInstaller | ID = 11706 Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue. Error - 23/07/2013 11:39:23 | Computer Name = PPC003449-PETER | Source = MsiInstaller | ID = 1023 Description = Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log. Error - 23/07/2013 11:39:24 | Computer Name = PPC003449-PETER | Source = NativeWrapper | ID = 5000 Description = [ System Events ] Error - 23/07/2013 06:30:14 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 23/07/2013 06:30:14 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 23/07/2013 10:23:23 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 23/07/2013 10:23:23 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 23/07/2013 11:39:24 | Computer Name = PPC003449-PETER | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941). Error - 24/07/2013 03:23:47 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 24/07/2013 03:23:47 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 24/07/2013 03:33:17 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 24/07/2013 03:33:17 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 24/07/2013 03:35:12 | Computer Name = PPC003449-PETER | Source = DCOM | ID = 10010 Description = The server {CC957078-B838-47C4-A7CF-626E7A82FC58} did not register with DCOM within the required timeout. < End of report > Quote
macp Posted July 24, 2013 Author Posted July 24, 2013 And finally adwCleaner log # AdwCleaner v2.306 - Logfile created 07/24/2013 at 09:04:11 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : p.macfarlane - PPC003449-PETER # Boot Mode : Normal # Running from : C:\Documents and Settings\p.macfarlane\Local Settings\temp\setup.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater Service for AMZN ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Deleted on reboot : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Deleted : C:\Documents and Settings\p.macfarlane\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\p.macfarlane\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Amazon Browser Bar Folder Deleted : C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Program Files\adawaretb Folder Deleted : C:\Program Files\Amazon Browser Bar Folder Deleted : C:\Program Files\Free Ride Games ***** [Registry] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2859 octets] - [24/07/2013 09:04:11] ########## EOF - C:\AdwCleaner[s1].txt - [2919 octets] ########## Quote
etavares Posted July 25, 2013 Posted July 25, 2013 Hello, macp. Next, please download ComboFix from one of these locations: Bleepingcomputer InfoSpyware * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on etavaresCF.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted July 25, 2013 Author Posted July 25, 2013 Thanks again below is the combofix log. Unfortunately I am still seeing the same popups as mentioned above. ComboFix 13-07-24.03 - p.macfarlane 25/07/2013 9:39.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1937 [GMT 1:00] Running from: c:\documents and settings\p.macfarlane\Desktop\etavaresCF.exe AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 ))))))))))))))))))))))))))))))) . . 2013-07-24 08:01 . 2013-07-24 08:01 -------- d-----w- c:\program files\Amazon 2013-07-23 09:23 . 2013-07-23 09:23 -------- d-----w- c:\documents and settings\p.macfarlane\Application Data\LavasoftStatistics 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\program files\Toolbar Cleaner 2013-07-23 09:18 . 2013-07-23 09:18 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-07-23 09:18 . 2013-07-23 09:18 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-07-11 07:34 . 2013-07-11 07:34 -------- d-----w- c:\documents and settings\p.macfarlane\Local Settings\Application Data\PCHealth 2013-07-10 07:39 . 2013-06-27 08:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-10 07:39 . 2013-06-27 08:39 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-10 07:39 . 2013-06-27 08:39 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-06-27 07:27 . 2013-06-27 07:35 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-06-27 07:27 . 2013-06-27 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2013-06-27 07:27 . 2013-06-27 07:27 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-15 07:39 . 2012-04-12 07:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-15 07:39 . 2011-05-19 07:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 08:39 . 2011-01-13 14:54 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-06-27 08:39 . 2011-01-13 14:54 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 08:39 . 2012-07-12 13:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 08:39 . 2011-01-13 14:54 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-06-27 08:39 . 2012-07-12 13:31 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-06-27 08:39 . 2011-01-13 14:54 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-06-27 08:37 . 2012-07-12 13:31 41664 ----a-w- c:\windows\avastSS.scr 2013-06-27 08:37 . 2011-01-13 14:54 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-06-25 07:37 . 2013-06-25 07:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-25 07:37 . 2013-02-19 13:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-06-25 07:37 . 2007-10-05 07:29 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-06-25 07:37 . 2010-10-01 11:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-07 22:55 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-11 16:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-11 16:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-11 16:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-08 23:28 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30 . 2004-08-11 16:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-30 09:05 . 2010-06-30 09:05 2242863 ----a-w- c:\program files\DesktopReminderSetup.exe 2010-01-26 09:11 . 2013-06-24 15:05 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-06-27 08:36 121968 ----a-w- c:\program files\AVAST Software\Avast Business\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432] "GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "IBM Lotus Notes Preloader"="c:\program files\lotus\notes\nntspreld.exe" [2011-09-16 25480] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 98304] "avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2013-06-27 4769352] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Peter\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe [2013-5-25 27776968] . c:\documents and settings\p.macfarlane\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-23 25214] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-19 12:37 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\windows\system32\pwhttyyp.exe"= c:\windows\system32\pwh "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\windows\system32\cbvmbuqf.exe"= c:\windows\system32\cbv "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Documents and Settings\\Peter\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\p.macfarlane\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Documents and Settings\\p.macfarlane\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [12/07/2012 14:31 21576] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10/07/2013 08:39 49248] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [23/07/2013 10:18 13560] R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [20/01/2012 16:05 149376] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/07/2012 14:31 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/01/2011 15:54 368176] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 17:00 14336] R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2011 15:54 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/07/2013 08:39 66336] R2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe [12/07/2012 14:31 201296] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [01/10/2010 10:58 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28/02/2008 15:31 12856] R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\program files\lotus\notes\SUService.exe [16/09/2011 08:31 191664] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [16/09/2011 08:28 4455600] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 03:09 50704] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [09/03/2010 00:40 144672] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [05/04/2013 12:50 266240] S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys --> c:\windows\system32\Drivers\mfpec.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/06/2013 09:53 162408] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10/07/2013 08:39 175176] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [17/12/2007 15:01 44928] S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys --> c:\windows\system32\DRIVERS\mfpvbus.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-15 07:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:40] . 2013-07-25 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast Business\AvastEmUpdate.exe [2012-07-12 08:37] . 2013-07-25 c:\windows\Tasks\CCleaner.job - c:\ccleaner\CCleaner.exe [2013-05-24 14:03] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 10:25] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 10:25] . 2012-05-25 c:\windows\Tasks\photostageShakeIcon.job - c:\program files\NCH Software\PhotoStage\photostage.exe [2011-10-04 14:38] . 2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . 2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . 2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.4.253 192.168.4.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-25 09:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi] "ImagePath"="\*" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(5480) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-07-25 09:48:45 ComboFix-quarantined-files.txt 2013-07-25 08:48 . Pre-Run: 108,968,529,920 bytes free Post-Run: 108,988,985,344 bytes free . - - End Of File - - 3FA515D48701785559DF4A400130EB6B 8F558EB6672622401DA993E1E865C861 Quote
etavares Posted July 26, 2013 Posted July 26, 2013 Hello, macp. We need run an OTL ScriptPlease download OTL from one of the following mirrors if you do not still have it. This is first Mirror This is the second mirror [*]Save it to your desktop. [*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. [*]Paste the following code under the Custom Scans/Fixes box at the bottom. :OTL SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe File not found SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found DRV - (WUSBVBus) -- system32\DRIVERS\mfpvbus.sys File not found DRV - (WDICA) -- File not found DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found DRV - (Changer) -- File not found DRV - (ALIWEHCD) -- System32\Drivers\mfpec.sys File not found DRV - (.imapi) -- File not found IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } IE - HKCU\..\SearchScopes\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}: "URL" = http://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC397 9EC7B] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) :files C:\Documents and Settings\All Users\Application Data\blekko toolbars [*]Click the Run Fix button at the top. [*]let the program run unhindered and reboot when it is done. [*]You will get a log when it is done, please post that in your reply. [*]Please then create a new OTL report.... [*]Click the "Scan All Users" checkbox. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button. [*]A report will open, copy and paste it in a reply here. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted July 29, 2013 Author Posted July 29, 2013 Thankyou etavares Here is the run fix log: ========== OTL ========== Service Brother XP spl Service stopped successfully! Service Brother XP spl Service deleted successfully! File C:\WINDOWS\system32\brsvc01a.exe File not found not found. Service avast! Mail Scanner stopped successfully! Service avast! Mail Scanner deleted successfully! File C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found not found. Error: No service named aswUpdSv was found to stop! Unable to delete service\driver key aswUpdSv. File C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found not found. Service WUSBVBus stopped successfully! Service WUSBVBus deleted successfully! File system32\DRIVERS\mfpvbus.sys File not found not found. Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Service VMnetAdapter stopped successfully! Service VMnetAdapter deleted successfully! File system32\DRIVERS\vmnetadapter.sys File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service DSproct stopped successfully! Service DSproct deleted successfully! File C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Service ALIWEHCD stopped successfully! Service ALIWEHCD deleted successfully! File System32\Drivers\mfpec.sys File not found not found. Error: No service named .imapi was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.imapi deleted successfully. File File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC397 9EC7B not found. C:\Program Files\Google\Chrome\Application\chrome.exe moved successfully. ========== FILES ========== File\Folder C:\Documents and Settings\All Users\Application Data\blekko toolbars not found. OTL by OldTimer - Version 3.2.69.0 log created on 07292013_115927 And the resulting new scan: OTL logfile created on: 29/07/2013 12:06:47 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.27% Memory free 4.33 Gb Paging File | 3.52 Gb Available in Paging File | 81.38% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.50 Gb Free Space | 68.14% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.44 Gb Free Space | 68.53% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.44 Gb Free Space | 68.53% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.44 Gb Free Space | 68.53% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast Business\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\lotus\notes\SUService.exe (IBM Corp) PRC - C:\Program Files\lotus\notes\nsd.exe (IBM) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Program Files\Rainmeter\Rainmeter.exe () PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\616fa195ca93638850a119a54171dac1\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll () MOD - C:\Program Files\AVAST Software\Avast Business\defs\13070902\algo.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\libcef.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.exe () MOD - C:\Program Files\Rainmeter\Plugins\RecycleManager.dll () MOD - C:\Program Files\Rainmeter\Plugins\WebParser.dll () MOD - C:\Program Files\Rainmeter\Plugins\InputText.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\WINDOWS\system32\neeviaprtntwt.dll () ========== Services (SafeList) ========== SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll () SRV - (avast! Net Client Service) -- C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (LNSUSvc) -- C:\Program Files\lotus\notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\lotus\notes\nsd.exe (IBM) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\DOCUME~1\P6B39~1.MAC\LOCALS~1\Temp\catchme.sys File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.) DRV - (BASFND) -- C:\Program Files\Broadcom\WMI\BASFND.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enGB544 IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2013/06/27 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2013/07/10 08:38:53 | 000,000,000 | ---D | M] [2013/05/01 14:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions [2011/11/15 16:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions\uploadr@flickr.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Google Docs = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.2_0\ CHR - Extension: Google Search = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Select Links App = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbnkookackmdofjmjkbfliamcjdkccda\4.3_0\ CHR - Extension: Planetarium = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1490_0\ CHR - Extension: Google Maps = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: FlashControl = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.2.12_0\ CHR - Extension: Harvard Referencing = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Amazon 1Button App for Chrome = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\3.2013.715.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/14 11:08:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast Business\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iBM Lotus Notes Preloader] C:\Program Files\lotus\notes\nntspreld.exe (IBM Corp) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [Akamai NetSession Interface] C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window File not found O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control) O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294928563967 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LAFERTUK.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D71D3998-90AF-47AE-A4D5-3B38CD3FBC8E}: DhcpNameServer = 192.168.4.253 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/19 12:01:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/08/24 14:22:59 | 000,000,042 | R--- | M] () - Z:\AUTORUN.INF -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/29 12:01:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\p.macfarlane\Recent [2013/07/29 11:59:27 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/29 08:56:32 | 000,000,000 | ---D | C] -- \\Lserver\Users\p.macfarlane\My Documents\New Folder [2013/07/25 09:49:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/07/25 09:36:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/07/25 09:36:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/07/25 09:36:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/07/25 09:36:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/07/25 09:36:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/25 09:33:08 | 005,094,311 | R--- | C] (Swearware) -- C:\Documents and Settings\p.macfarlane\Desktop\etavaresCF.exe [2013/07/24 09:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2013/07/24 08:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/23 10:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\LavasoftStatistics [2013/07/23 10:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/07/23 10:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013/07/23 10:18:09 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/16 14:08:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/12 11:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/07/11 08:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\PCHealth [2013/07/10 08:39:02 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2010/06/30 10:05:34 | 002,242,863 | ---- | C] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe ========== Files - Modified Within 30 Days ========== [2013/07/29 12:11:03 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job [2013/07/29 12:10:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job [2013/07/29 12:02:37 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job [2013/07/29 12:00:23 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013/07/29 11:58:24 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013/07/29 11:58:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/29 11:58:16 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/07/29 11:58:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/29 11:57:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/29 11:38:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/29 11:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/29 08:28:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job [2013/07/25 09:35:51 | 005,094,311 | R--- | M] (Swearware) -- C:\Documents and Settings\p.macfarlane\Desktop\etavaresCF.exe [2013/07/24 08:41:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/24 08:31:04 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/23 10:18:08 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:08 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/19 09:45:28 | 002,651,907 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/15 08:44:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/15 08:39:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/07/15 08:39:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/07/15 08:26:30 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/10 17:06:53 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/10 17:06:53 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/10 09:11:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/07/10 08:39:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT ========== Files Created - No Company Name ========== [2013/07/25 09:36:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/07/25 09:36:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/07/25 09:36:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/07/25 09:36:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/07/25 09:36:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/07/19 09:44:33 | 002,651,907 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/12 11:27:21 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/12 11:27:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/12 11:25:55 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:25:55 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/10 08:39:03 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/07/10 08:39:03 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/24 16:05:32 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013/04/29 10:54:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2013/04/05 12:50:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/04/05 12:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012/07/12 13:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/12 13:27:08 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/12 13:13:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/11 10:43:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/07/11 10:43:14 | 000,000,125 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/07/11 10:13:56 | 000,005,897 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/06/19 11:03:04 | 000,049,547 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\install.xml [2012/02/27 16:42:55 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/02/27 16:42:55 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/02/15 09:34:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/05 11:59:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/12/05 11:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2011/11/16 12:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/11/16 11:28:34 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/16 11:28:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/16 11:28:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/16 11:28:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/16 11:28:34 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/16 11:28:34 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/16 11:28:34 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/16 11:28:34 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/16 11:28:34 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/16 11:28:34 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/16 11:28:34 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/16 11:28:34 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/11/16 11:28:34 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/11/16 11:28:34 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/16 11:28:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/10/05 12:32:41 | 000,385,663 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\VideoPad.dmp [2011/01/19 17:17:56 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/17 18:42:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/09/26 08:26:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/07/31 12:08:37 | 000,003,088 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Quote
macp Posted July 29, 2013 Author Posted July 29, 2013 Im not sure if linked to my problem but I have also been getting ndp1.1sp1 error - KB2833941 - x86 It happens on startup - Microsoft Error Reporting. Quote
etavares Posted July 29, 2013 Posted July 29, 2013 I'll reply later today when I'm home from work with more instructions. But, I meant to remove chrome startup entry that was popping up that tab, but it also got the file: C:\Program Files\Google\Chrome\Application\chrome.exe You can go to C:\_OTL\Moved Files\ find the date/time, then C\program files\google\chrome\application and copy/paste chrome.exe from there to C:\Program Files\Google\Chrome\Application\chrome.exe And it should work fine. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted July 29, 2013 Author Posted July 29, 2013 Please ignore my last comment regarding ndp1.1sp1 Thanks I have put Chrome back in place but strangely after a reboot my PC automatically opens a browser and goes to a page which says Welcome To Chrome "your using a fast new browser, you can search directly from the address bar try it now". But below that it says [h=2]Looking for more great products from Avast?[/h]This is the address in the browser: http://www.avast.com/chrome-browser-welcome Also I accidentally clicked on a blank area and another window popped up trying to redirect to surfaccuracy Quote
etavares Posted July 30, 2013 Posted July 30, 2013 Click the top right button in Chrome underneath the X to close it. It looks like 3 horizontal lines. This will bring up the menu. Click settings. Under Appearance, is the box for "Show Home Button" checked or not? If you close the avast tab, does it reopen? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted July 30, 2013 Author Posted July 30, 2013 Hi etavares thanks for the prompt reply The 'show home button' was indeed ticked so I have unticked it and no the Avast tab does not reopen. Quote
etavares Posted July 31, 2013 Posted July 31, 2013 Great! How is everything else running at this point? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted July 31, 2013 Author Posted July 31, 2013 Generally the PC seems to run ok but still have the popus in Chrome (see below). "Also I accidentally clicked on a blank area and another window popped up trying to redirect to surfaccuracy" When I open a new browser in Chrome it says "Google Chrome didnt shut down correctly. To open the pages you had open click restore" I dont why this is especially when you click restore it does nothing ? Unfortunately I am, also still getting the original problem of the PricePeeps popup. Quote
etavares Posted August 1, 2013 Posted August 1, 2013 OK, first, go to Add/Remove Programs. If you see PricePeep there, click Uninstall and follow the prompts. Next, launch Chrome. Click the menu button (3 horizontal bars at the top right), click Settings --> Extensions, is PricePeep in the list? If so, click the trash icon on the right of it. Reboot and let me know if that issue is resolved. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted August 1, 2013 Author Posted August 1, 2013 Good morning No its not in Google extensions and not shown in add/remove programs ? Quote
etavares Posted August 2, 2013 Posted August 2, 2013 When do you get the PricePeep pop ups? As soon as Chrome opens? Or when you click something? Try opening a new incognito window in Chrome by launching Chrome and pressing Ctrl-Shift-N...a new window should open and in the top left of the window in the title bar you should see an icon of a guy in a hat and glasses. Close the original Chrome window and leave the incognito window open. Use the incognito window to surf...are you getting the pop ups that way? THat disables extensions and add-ons. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
macp Posted August 2, 2013 Author Posted August 2, 2013 Morning So surfing incognito and I am not getting popups. Is their something I need to do next ? Quote
etavares Posted August 2, 2013 Posted August 2, 2013 OK, launch Chrome. Click the menu button --> Tools --> Extensions. You'll see a list of extensions. On the right of each one will be a checkbox with a check in it saying 'enabled'. We need to figure out which of those is causing the issue. So, uncheck one and try surfing. If still popups, enable that extension and disable the next one. Repeat until you find which extension, when not enabled, results in no popups. Let me know the name of it. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.