Jump to content

macp

Members
  • Posts

    35
  • Joined

  • Last visited

Personal Information

  • Occupation
    Motor specialist
  • Real Name
    Peter

Tech Info

  • Experience
    some_experience
  • System: some_experience

macp's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. Good morning I copied everything and just tried it again and got the following results SystemLook 30.07.11 by jpshortstuff Log created at 08:51 on 13/08/2013 by p.macfarlane Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist] (No values found) -= EOF =- I note I am not getting the pricepeep popus now though :D However Google Chrome is still opening automatically on startup ??
  2. Good morning Unusually it worked very fast ? SystemLook 30.07.11 by jpshortstuff Log created at 09:47 on 08/08/2013 by p.macfarlane Administrator - Elevation successful No Context: HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist -= EOF =-
  3. Good morning So the ID is as follows: dbnkookackmdofjmjkbfliamcjdkccda
  4. Hello again So the only extensions I have are Adblock Plus which I disabled and still got the popus. I also have google docs so I doubt it is that but I notice there is an extension called 'Select Links App' which under permissions it says it can access your data on all websites, read & modify your browsing history, access your tabs & browsing history. The prolems is it is not possible to disable it as the tickbox is greyed out. I am now suspecting this is the culprit but dont know how to disable it ?
  5. Morning So surfing incognito and I am not getting popups. Is their something I need to do next ?
  6. Good morning No its not in Google extensions and not shown in add/remove programs ?
  7. Generally the PC seems to run ok but still have the popus in Chrome (see below). "Also I accidentally clicked on a blank area and another window popped up trying to redirect to surfaccuracy" When I open a new browser in Chrome it says "Google Chrome didnt shut down correctly. To open the pages you had open click restore" I dont why this is especially when you click restore it does nothing ? Unfortunately I am, also still getting the original problem of the PricePeeps popup.
  8. Hi etavares thanks for the prompt reply The 'show home button' was indeed ticked so I have unticked it and no the Avast tab does not reopen.
  9. Please ignore my last comment regarding ndp1.1sp1 Thanks I have put Chrome back in place but strangely after a reboot my PC automatically opens a browser and goes to a page which says Welcome To Chrome "your using a fast new browser, you can search directly from the address bar try it now". But below that it says [h=2]Looking for more great products from Avast?[/h]This is the address in the browser: http://www.avast.com/chrome-browser-welcome Also I accidentally clicked on a blank area and another window popped up trying to redirect to surfaccuracy
  10. Im not sure if linked to my problem but I have also been getting ndp1.1sp1 error - KB2833941 - x86 It happens on startup - Microsoft Error Reporting.
  11. Thankyou etavares Here is the run fix log: ========== OTL ========== Service Brother XP spl Service stopped successfully! Service Brother XP spl Service deleted successfully! File C:\WINDOWS\system32\brsvc01a.exe File not found not found. Service avast! Mail Scanner stopped successfully! Service avast! Mail Scanner deleted successfully! File C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found not found. Error: No service named aswUpdSv was found to stop! Unable to delete service\driver key aswUpdSv. File C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found not found. Service WUSBVBus stopped successfully! Service WUSBVBus deleted successfully! File system32\DRIVERS\mfpvbus.sys File not found not found. Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Service VMnetAdapter stopped successfully! Service VMnetAdapter deleted successfully! File system32\DRIVERS\vmnetadapter.sys File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service DSproct stopped successfully! Service DSproct deleted successfully! File C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Service ALIWEHCD stopped successfully! Service ALIWEHCD deleted successfully! File System32\Drivers\mfpec.sys File not found not found. Error: No service named .imapi was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.imapi deleted successfully. File File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC397 9EC7B not found. C:\Program Files\Google\Chrome\Application\chrome.exe moved successfully. ========== FILES ========== File\Folder C:\Documents and Settings\All Users\Application Data\blekko toolbars not found. OTL by OldTimer - Version 3.2.69.0 log created on 07292013_115927 And the resulting new scan: OTL logfile created on: 29/07/2013 12:06:47 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 71.27% Memory free 4.33 Gb Paging File | 3.52 Gb Available in Paging File | 81.38% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.50 Gb Free Space | 68.14% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.44 Gb Free Space | 68.53% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.44 Gb Free Space | 68.53% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.44 Gb Free Space | 68.53% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast Business\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\lotus\notes\SUService.exe (IBM Corp) PRC - C:\Program Files\lotus\notes\nsd.exe (IBM) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Program Files\Rainmeter\Rainmeter.exe () PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\616fa195ca93638850a119a54171dac1\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll () MOD - C:\Program Files\AVAST Software\Avast Business\defs\13070902\algo.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\libcef.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.exe () MOD - C:\Program Files\Rainmeter\Plugins\RecycleManager.dll () MOD - C:\Program Files\Rainmeter\Plugins\WebParser.dll () MOD - C:\Program Files\Rainmeter\Plugins\InputText.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\WINDOWS\system32\neeviaprtntwt.dll () ========== Services (SafeList) ========== SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll () SRV - (avast! Net Client Service) -- C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (LNSUSvc) -- C:\Program Files\lotus\notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\lotus\notes\nsd.exe (IBM) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\DOCUME~1\P6B39~1.MAC\LOCALS~1\Temp\catchme.sys File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.) DRV - (BASFND) -- C:\Program Files\Broadcom\WMI\BASFND.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enGB544 IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2013/06/27 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2013/07/10 08:38:53 | 000,000,000 | ---D | M] [2013/05/01 14:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions [2011/11/15 16:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions\uploadr@flickr.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Google Docs = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.2_0\ CHR - Extension: Google Search = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Select Links App = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbnkookackmdofjmjkbfliamcjdkccda\4.3_0\ CHR - Extension: Planetarium = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1490_0\ CHR - Extension: Google Maps = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: FlashControl = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.2.12_0\ CHR - Extension: Harvard Referencing = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Amazon 1Button App for Chrome = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\3.2013.715.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/14 11:08:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast Business\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iBM Lotus Notes Preloader] C:\Program Files\lotus\notes\nntspreld.exe (IBM Corp) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [Akamai NetSession Interface] C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window File not found O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Documents and Settings\Peter\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-4071411845-3140684167-3319561543-1108\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control) O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294928563967 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LAFERTUK.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D71D3998-90AF-47AE-A4D5-3B38CD3FBC8E}: DhcpNameServer = 192.168.4.253 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/19 12:01:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/08/24 14:22:59 | 000,000,042 | R--- | M] () - Z:\AUTORUN.INF -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/29 12:01:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\p.macfarlane\Recent [2013/07/29 11:59:27 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/29 08:56:32 | 000,000,000 | ---D | C] -- \\Lserver\Users\p.macfarlane\My Documents\New Folder [2013/07/25 09:49:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/07/25 09:36:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/07/25 09:36:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/07/25 09:36:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/07/25 09:36:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/07/25 09:36:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/25 09:33:08 | 005,094,311 | R--- | C] (Swearware) -- C:\Documents and Settings\p.macfarlane\Desktop\etavaresCF.exe [2013/07/24 09:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2013/07/24 08:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/23 10:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\LavasoftStatistics [2013/07/23 10:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/07/23 10:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013/07/23 10:18:09 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/16 14:08:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/12 11:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/07/11 08:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\PCHealth [2013/07/10 08:39:02 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2010/06/30 10:05:34 | 002,242,863 | ---- | C] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe ========== Files - Modified Within 30 Days ========== [2013/07/29 12:11:03 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job [2013/07/29 12:10:40 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job [2013/07/29 12:02:37 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job [2013/07/29 12:00:23 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013/07/29 11:58:24 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013/07/29 11:58:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/29 11:58:16 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/07/29 11:58:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/29 11:57:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/29 11:38:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/29 11:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/29 08:28:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job [2013/07/25 09:35:51 | 005,094,311 | R--- | M] (Swearware) -- C:\Documents and Settings\p.macfarlane\Desktop\etavaresCF.exe [2013/07/24 08:41:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/24 08:31:04 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/23 10:18:08 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:08 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/19 09:45:28 | 002,651,907 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/15 08:44:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/15 08:39:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/07/15 08:39:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/07/15 08:26:30 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/10 17:06:53 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/10 17:06:53 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/10 09:11:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/07/10 08:39:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT ========== Files Created - No Company Name ========== [2013/07/25 09:36:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/07/25 09:36:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/07/25 09:36:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/07/25 09:36:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/07/25 09:36:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/07/19 09:44:33 | 002,651,907 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/12 11:27:21 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/12 11:27:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/12 11:25:55 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:25:55 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/10 08:39:03 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/07/10 08:39:03 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/24 16:05:32 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013/04/29 10:54:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2013/04/05 12:50:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/04/05 12:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012/07/12 13:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/12 13:27:08 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/12 13:13:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/11 10:43:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/07/11 10:43:14 | 000,000,125 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/07/11 10:13:56 | 000,005,897 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/06/19 11:03:04 | 000,049,547 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\install.xml [2012/02/27 16:42:55 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/02/27 16:42:55 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/02/15 09:34:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/05 11:59:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/12/05 11:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2011/11/16 12:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/11/16 11:28:34 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/16 11:28:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/16 11:28:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/16 11:28:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/16 11:28:34 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/16 11:28:34 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/16 11:28:34 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/16 11:28:34 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/16 11:28:34 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/16 11:28:34 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/16 11:28:34 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/16 11:28:34 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/11/16 11:28:34 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/11/16 11:28:34 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/16 11:28:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/10/05 12:32:41 | 000,385,663 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\VideoPad.dmp [2011/01/19 17:17:56 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/17 18:42:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/09/26 08:26:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/07/31 12:08:37 | 000,003,088 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  12. Thanks again below is the combofix log. Unfortunately I am still seeing the same popups as mentioned above. ComboFix 13-07-24.03 - p.macfarlane 25/07/2013 9:39.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1937 [GMT 1:00] Running from: c:\documents and settings\p.macfarlane\Desktop\etavaresCF.exe AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 ))))))))))))))))))))))))))))))) . . 2013-07-24 08:01 . 2013-07-24 08:01 -------- d-----w- c:\program files\Amazon 2013-07-23 09:23 . 2013-07-23 09:23 -------- d-----w- c:\documents and settings\p.macfarlane\Application Data\LavasoftStatistics 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2013-07-23 09:21 . 2013-07-23 09:21 -------- d-----w- c:\program files\Toolbar Cleaner 2013-07-23 09:18 . 2013-07-23 09:18 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-07-23 09:18 . 2013-07-23 09:18 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-07-11 07:34 . 2013-07-11 07:34 -------- d-----w- c:\documents and settings\p.macfarlane\Local Settings\Application Data\PCHealth 2013-07-10 07:39 . 2013-06-27 08:39 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-10 07:39 . 2013-06-27 08:39 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-10 07:39 . 2013-06-27 08:39 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-06-27 07:27 . 2013-06-27 07:35 -------- d-----w- c:\program files\Common Files\Symantec Shared 2013-06-27 07:27 . 2013-06-27 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2013-06-27 07:27 . 2013-06-27 07:27 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-15 07:39 . 2012-04-12 07:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-15 07:39 . 2011-05-19 07:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-27 08:39 . 2011-01-13 14:54 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-06-27 08:39 . 2011-01-13 14:54 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 08:39 . 2012-07-12 13:31 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 08:39 . 2011-01-13 14:54 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-06-27 08:39 . 2012-07-12 13:31 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-06-27 08:39 . 2011-01-13 14:54 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-06-27 08:37 . 2012-07-12 13:31 41664 ----a-w- c:\windows\avastSS.scr 2013-06-27 08:37 . 2011-01-13 14:54 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-06-25 07:37 . 2013-06-25 07:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-25 07:37 . 2013-02-19 13:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-06-25 07:37 . 2007-10-05 07:29 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-06-25 07:37 . 2010-10-01 11:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-07 22:55 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-11 16:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-11 16:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-11 16:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-11 16:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-08 23:28 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-05-03 01:30 . 2004-08-11 16:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-03 00:38 . 2004-08-03 21:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-30 09:05 . 2010-06-30 09:05 2242863 ----a-w- c:\program files\DesktopReminderSetup.exe 2010-01-26 09:11 . 2013-06-24 15:05 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-06-27 08:36 121968 ----a-w- c:\program files\AVAST Software\Avast Business\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\documents and settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432] "GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104] "Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "IBM Lotus Notes Preloader"="c:\program files\lotus\notes\nntspreld.exe" [2011-09-16 25480] "IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 98304] "avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2013-06-27 4769352] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Peter\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe [2013-5-25 27776968] . c:\documents and settings\p.macfarlane\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-23 25214] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 105160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-07-19 12:37 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\windows\system32\pwhttyyp.exe"= c:\windows\system32\pwh "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\windows\system32\cbvmbuqf.exe"= c:\windows\system32\cbv "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Documents and Settings\\Peter\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\p.macfarlane\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Documents and Settings\\p.macfarlane\\Application Data\\Dropbox\\bin\\Dropbox.exe"= . R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [12/07/2012 14:31 21576] R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10/07/2013 08:39 49248] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [23/07/2013 10:18 13560] R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [20/01/2012 16:05 149376] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/07/2012 14:31 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/01/2011 15:54 368176] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 17:00 14336] R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [17/03/2006 17:25 65536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2011 15:54 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/07/2013 08:39 66336] R2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe [12/07/2012 14:31 201296] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [01/10/2010 10:58 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [28/02/2008 15:31 12856] R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\program files\lotus\notes\SUService.exe [16/09/2011 08:31 191664] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [16/09/2011 08:28 4455600] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 03:09 50704] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [09/03/2010 00:40 144672] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [05/04/2013 12:50 266240] S2 ALIWEHCD;MFP Server Enhanced Controller;c:\windows\system32\Drivers\mfpec.sys --> c:\windows\system32\Drivers\mfpec.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [21/06/2013 09:53 162408] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10/07/2013 08:39 175176] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [17/12/2007 15:01 44928] S3 WUSBVBus;MFP Server Detector;c:\windows\system32\DRIVERS\mfpvbus.sys --> c:\windows\system32\DRIVERS\mfpvbus.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-15 07:38 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:40] . 2013-07-25 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast Business\AvastEmUpdate.exe [2012-07-12 08:37] . 2013-07-25 c:\windows\Tasks\CCleaner.job - c:\ccleaner\CCleaner.exe [2013-05-24 14:03] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 10:25] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 10:25] . 2012-05-25 c:\windows\Tasks\photostageShakeIcon.job - c:\program files\NCH Software\PhotoStage\photostage.exe [2011-10-04 14:38] . 2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . 2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . 2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local> IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.4.253 192.168.4.254 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-25 09:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi] "ImagePath"="\*" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(5480) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\documents and settings\p.macfarlane\Application Data\Dropbox\bin\DropboxExt.19.dll c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-07-25 09:48:45 ComboFix-quarantined-files.txt 2013-07-25 08:48 . Pre-Run: 108,968,529,920 bytes free Post-Run: 108,988,985,344 bytes free . - - End Of File - - 3FA515D48701785559DF4A400130EB6B 8F558EB6672622401DA993E1E865C861
  13. And finally adwCleaner log # AdwCleaner v2.306 - Logfile created 07/24/2013 at 09:04:11 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : p.macfarlane - PPC003449-PETER # Boot Mode : Normal # Running from : C:\Documents and Settings\p.macfarlane\Local Settings\temp\setup.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater Service for AMZN ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Deleted on reboot : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Deleted : C:\Documents and Settings\p.macfarlane\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\p.macfarlane\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Amazon Browser Bar Folder Deleted : C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Free Ride Games Folder Deleted : C:\Program Files\adawaretb Folder Deleted : C:\Program Files\Amazon Browser Bar Folder Deleted : C:\Program Files\Free Ride Games ***** [Registry] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.72 File : C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [2859 octets] - [24/07/2013 09:04:11] ########## EOF - C:\AdwCleaner[s1].txt - [2919 octets] ##########
  14. Here is the OTL extras log OTL Extras logfile created on: 24/07/2013 08:45:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.42% Memory free 4.33 Gb Paging File | 3.30 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.74 Gb Free Space | 68.30% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "FirewallDisableNotify" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "16109:TCP" = 16109:TCP:*:Enabled:avast! NetAgent "Apply To" feature "16108:TCP" = 16108:TCP:*:Enabled:avast! NetAgent "Remote Chest" feature "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "14135:UDP" = 14135:UDP:*:Enabled:Server Application "14135:TCP" = 14135:TCP:*:Enabled:Server Application "13621:UDP" = 13621:UDP:*:Enabled:MFP Setup Wizard "13878:UDP" = 13878:UDP:*:Enabled:MFP Manager "13364:UDP" = 13364:UDP:*:Enabled:MFP Server Manager "69:UDP" = 69:UDP:*:Enabled:MFP Server Manager TFTP "25322:TCP" = 25322:TCP:*:Enabled:avast! SBC "25322:UDP" = 25322:UDP:*:Enabled:avast! SBC "54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner "1147:TCP" = 1147:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Program Files\Alwil Software\Avast4\AvAgent.exe" = C:\Program Files\Alwil Software\Avast4\AvAgent.exe:*:Enabled:avast! NetAgent service "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "C:\Program Files\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "C:\Program Files\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "C:\Program Files\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "C:\Program Files\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "C:\Program Files\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "C:\Program Files\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "C:\Program Files\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "C:\Program Files\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "C:\Program Files\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "C:\Program Files\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "C:\Program Files\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "C:\Program Files\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "C:\Program Files\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Documents and Settings\p.macfarlane\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Temp\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.) "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application "\\lserver\Common Files\IT Support\Brother scanner\install\Data\Disk1\Setup.exe" = \\lserver\Common Files\IT Support\Brother scanner\install\Data\Disk1\Setup.exe:*:Enabled:Setup.exe "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "C:\Documents and Settings\p.macfarlane\Local Settings\Temporary Internet Files\Content.IE5\JRSNAHZ7\AA_v3[1].exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Temporary Internet Files\Content.IE5\JRSNAHZ7\AA_v3[1].exe:*:Enabled:Ammyy Admin "\\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport.exe" = \\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport.exe:*:Enabled:Ammyy Admin "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "\\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport (1).exe" = \\Lserver\Users\p.macfarlane\My Documents\Downloads\remotesupport (1).exe:*:Enabled:Ammyy Admin "C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe" = C:\Program Files\lotus\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe:*:Enabled:Lotus Notes -- (IBM) "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk "C:\Program Files\Brother\Brmfl11b\FAXRX.exe" = C:\Program Files\Brother\Brmfl11b\FAXRX.exe:*:Enabled:FAXRX.EXE -- (Brother Industries, Ltd.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\WINDOWS\system32\pwhttyyp.exe" = C:\WINDOWS\system32\pwh "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\system32\cbvmbuqf.exe" = C:\WINDOWS\system32\cbv "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Peter\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.) "C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0200EE92-FABA-4D77-B5E6-1FDD7868A48E}" = Zetafax Client Applications "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0540D7A3-EC2A-800A-9556-CA8BE5890158}" = CCC Help French "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications "{09D537B4-89F1-5879-92C6-58F572DE3294}" = CCC Help Italian "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D0A39F8-726A-1694-B925-05F6CDDB84A4}" = CCC Help Korean "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{119F847C-7E3D-2382-9CE1-32EA384B9411}" = CCC Help Turkish "{161A1AA3-9989-00C5-9F92-D436CB9B2323}" = Catalyst Control Center "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 21 "{26A24AE4-039D-4CA4-87B4-2F83217021F0}" = Java 7 Update 21 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2F00946A-5A04-0BF8-044E-DCF9C170E50B}" = CCC Help Chinese Standard "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{369B36BE-3D64-4641-9AEA-808D436FE133}" = Microsoft Picture It! Photo Standard 7.0 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{41DD2E27-8C34-11D5-AD21-00E098869716}" = OrderWise "{42B4A23D-81A0-3FE1-3950-17500B8778AE}" = CCC Help German "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer "{47F29647-21AF-2155-8979-01F09BDEB840}" = CCC Help Norwegian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50D71DAA-99DD-0DC7-57C3-D33AA6C84D2F}" = CCC Help Chinese Traditional "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1 "{56616E6D-BCFF-C547-CDE1-FC3F3243B62D}" = CCC Help Danish "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{66362A0A-199D-C7F9-075B-317945011832}" = CCC Help Dutch "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{773410C0-7622-4949-A598-2F671CF337EA}" = avast! Antivirus "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78CCDC80-1C7A-B95F-9968-33B1897CC5C3}" = AMD Catalyst Install Manager "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C972873-8A9E-A6FD-B704-141E77662B2D}" = ccc-utility "{7DB6717B-8F45-2F44-F3D2-680B319BA9AC}" = CCC Help Hungarian "{81D5607E-35BE-8FB5-54F7-05D9F81CA8B2}" = CCC Help Swedish "{830F55B6-4398-4B72-A0D8-66397B902C0E}" = Brother MFL-Pro Suite MFC-J5910DW "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010 "{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4FC4416-1BE2-D4D3-02F3-8E7E8F999AD4}" = CCC Help Thai "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1475 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BE6D82C4-DD50-275D-A61A-C8901390ED54}" = CCC Help Finnish "{BEA2143E-CDEA-EAA6-0D8F-384F46309E8E}" = CCC Help Japanese "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C877FC4D-3733-8FB1-D41D-7B2A1B6C5161}" = Catalyst Control Center Localization All "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB716B84-167F-4AC7-B492-03170D45B7DF}" = showhome3D Interior Design "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1" = STP Viewer 2.3 "{D50B0249-70A8-1310-61FD-F812F4653C7E}" = Catalyst Control Center Graphics Previews Common "{E0B58D68-DE7E-F1B8-6089-4BD0B7D67ECD}" = CCC Help English "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E36FB5F6-94FE-47BF-9FBE-6D8CBCFB0269}" = Lotus Notes 8.5.3 "{E45230A6-0921-D383-6EF2-32326408627C}" = CCC Help Czech "{E9DAE705-1659-E8AD-2F63-4E392BB59569}" = CCC Help Greek "{EB0C9EFE-8CE4-43D1-8458-B1AB396DC3BD}" = Brother HL-2150N "{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn "{ED9E9F59-5730-BDBD-E5C3-F6A7097A4CFF}" = Catalyst Control Center InstallProxy "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3E08709-43B4-7FB7-D2D8-A8EACB2FA184}" = CCC Help Russian "{F7C3F48F-CC54-61E0-2361-EB60621092EE}" = CCC Help Portuguese "{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs "{FBB46D7B-ABA2-B8BC-8271-565C230BA5F4}" = CCC Help Spanish "{FC08ABD7-20E4-806B-7762-1D454F8A52E2}" = CCC Help Polish "Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements "Adobe SVG Viewer" = Adobe SVG Viewer "Akamai" = Akamai NetSession Interface Service "avast" = avast! Endpoint Protection Suite "CCleaner" = CCleaner "CutePDF Writer Installation" = CutePDF Writer 2.8 "Defraggler" = Defraggler "Flickr Uploadr" = Flickr Uploadr 3.2.1 "Free Video to GIF Converter_is1" = 2.0 "getPlus®_ocx" = getPlus®_ocx "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{CB716B84-167F-4AC7-B492-03170D45B7DF}" = showhome3D Interior Design "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Neevia docuPrinter LT_is1" = docuPrinter LT v5.1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Office14.PUBLISHERR" = Microsoft Publisher 2010 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "PhotoStage" = PhotoStage Slideshow Producer "Rainmeter" = Rainmeter "Recuva" = Recuva "Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only) "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Xvid Video Codec 1.3.2" = Xvid Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Antivirus Events ] Error - 16/05/2012 04:05:18 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 16/05/2012 04:05:32 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 16/05/2012 05:24:27 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 22/05/2012 09:42:38 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 21/06/2012 08:03:55 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 21/06/2012 08:32:00 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 26/06/2012 07:42:15 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 05/07/2012 06:28:35 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 06/07/2012 10:40:46 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = Error - 11/07/2012 10:24:07 | Computer Name = PPC003449-PETER | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 22/07/2013 11:36:58 | Computer Name = PPC003449-PETER | Source = NativeWrapper | ID = 5000 Description = Error - 23/07/2013 05:00:39 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:00:39.904]: [00002328]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 23/07/2013 05:00:39 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:00:39.904]: [00002328]: Initialize TwdsMain Class failed! Error - 23/07/2013 05:03:08 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:03:08.921]: [00002328]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 23/07/2013 05:03:08 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:03:08.921]: [00002328]: Initialize TwdsMain Class failed! Error - 23/07/2013 05:10:21 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:10:21.640]: [00002328]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 23/07/2013 05:10:21 | Computer Name = PPC003449-PETER | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/07/23 10:10:21.640]: [00002328]: Initialize TwdsMain Class failed! Error - 23/07/2013 11:39:22 | Computer Name = PPC003449-PETER | Source = MsiInstaller | ID = 11706 Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue. Error - 23/07/2013 11:39:23 | Computer Name = PPC003449-PETER | Source = MsiInstaller | ID = 1023 Description = Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log. Error - 23/07/2013 11:39:24 | Computer Name = PPC003449-PETER | Source = NativeWrapper | ID = 5000 Description = [ System Events ] Error - 23/07/2013 06:30:14 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 23/07/2013 06:30:14 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 23/07/2013 10:23:23 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 23/07/2013 10:23:23 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 23/07/2013 11:39:24 | Computer Name = PPC003449-PETER | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941). Error - 24/07/2013 03:23:47 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 24/07/2013 03:23:47 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 24/07/2013 03:33:17 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The MFP Server Enhanced Controller service failed to start due to the following error: %%2 Error - 24/07/2013 03:33:17 | Computer Name = PPC003449-PETER | Source = Service Control Manager | ID = 7000 Description = The BrSplService service failed to start due to the following error: %%2 Error - 24/07/2013 03:35:12 | Computer Name = PPC003449-PETER | Source = DCOM | ID = 10010 Description = The server {CC957078-B838-47C4-A7CF-626E7A82FC58} did not register with DCOM within the required timeout. < End of report >
  15. Thanks all I am still getting popups also from Google asking me to complete a survey and when I bootup my PC first thing in the morning the browser opens on an Avast page asking me to sign up with Google Chrome ?? So here are the logs, OTL first OTL logfile created on: 24/07/2013 08:45:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\p.macfarlane\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.42% Memory free 4.33 Gb Paging File | 3.30 Gb Available in Paging File | 76.32% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 101.74 Gb Free Space | 68.30% Space Free | Partition Type: NTFS Drive S: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive T: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive V: | 334.79 Gb Total Space | 229.57 Gb Free Space | 68.57% Space Free | Partition Type: NTFS Drive Z: | 565.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PPC003449-PETER | User Name: p.macfarlane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files\AVAST Software\Avast Business\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\lotus\notes\SUService.exe (IBM Corp) PRC - C:\Program Files\lotus\notes\nsd.exe (IBM) PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Program Files\Rainmeter\Rainmeter.exe () PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\616fa195ca93638850a119a54171dac1\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll () MOD - C:\Program Files\AVAST Software\Avast Business\defs\13070902\algo.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\libcef.dll () MOD - C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.dll () MOD - C:\Program Files\Rainmeter\Rainmeter.exe () MOD - C:\Program Files\Rainmeter\Plugins\RecycleManager.dll () MOD - C:\Program Files\Rainmeter\Plugins\WebParser.dll () MOD - C:\Program Files\Rainmeter\Plugins\InputText.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\WINDOWS\system32\neeviaprtntwt.dll () ========== Services (SafeList) ========== SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe File not found SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe /service File not found SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll () SRV - (avast! Net Client Service) -- C:\Program Files\AVAST Software\Avast Business\AvastNet.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe (AVAST Software) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (LNSUSvc) -- C:\Program Files\lotus\notes\SUService.exe (IBM Corp) SRV - (Lotus Notes Diagnostics) -- C:\Program Files\lotus\notes\nsd.exe (IBM) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (Multi-user Cleanup Service) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WUSBVBus) -- system32\DRIVERS\mfpvbus.sys File not found DRV - (WDICA) -- File not found DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys File not found DRV - (Changer) -- File not found DRV - (ALIWEHCD) -- System32\Drivers\mfpec.sys File not found DRV - (.imapi) -- File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SDTHOOK) -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS (Panda Software) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.) DRV - (BASFND) -- C:\Program Files\Broadcom\WMI\BASFND.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=4070620 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1363F946-B96F-41CD-A92D-BF8E7C24DA41}: "URL" = http://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enGB544 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2013/06/27 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2013/07/10 08:38:53 | 000,000,000 | ---D | M] [2013/05/01 14:10:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions [2011/11/15 16:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\p.macfarlane\Application Data\Mozilla\Extensions\uploadr@flickr.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VDownloader (Enabled) = C:\Program Files\VDownloader\Addons\npVDownloader.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Google Docs = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: IMVU Inc = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bcfjehbfanfhgoehogmbiebedkidedjb\10.16.70.501_0\ CHR - Extension: YouTube = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Select Links App = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbnkookackmdofjmjkbfliamcjdkccda\4.3_0\ CHR - Extension: Planetarium = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: avast! WebRep = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1490_0\ CHR - Extension: Google Maps = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: FlashControl = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe\3.2.12_0\ CHR - Extension: Harvard Referencing = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnbmlbimbgkpnhmfgcmooaedkjnbhbim\1.1_0\ CHR - Extension: Lavasoft NewTab = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.9_0\ CHR - Extension: Gmail = C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/06/14 11:08:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast Business\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [iBM Lotus Notes Preloader] C:\Program Files\lotus\notes\nntspreld.exe (IBM Corp) O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E23D33A965920CB3D90E10DC3979EC7B] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe () O4 - Startup: C:\Documents and Settings\p.macfarlane\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\p.macfarlane\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\p.macfarlane\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab (TraderMediaImgX Control) O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294928563967 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.4.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LAFERTUK.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D71D3998-90AF-47AE-A4D5-3B38CD3FBC8E}: DhcpNameServer = 192.168.4.253 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/05/19 12:01:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/08/24 14:22:59 | 000,000,042 | R--- | M] () - Z:\AUTORUN.INF -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/24 08:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/24 08:31:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\p.macfarlane\Recent [2013/07/23 14:00:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/07/23 10:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\LavasoftStatistics [2013/07/23 10:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/07/23 10:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/07/23 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2013/07/23 10:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\adawaretb [2013/07/23 10:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013/07/23 10:18:09 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/16 14:08:43 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/07/16 14:08:36 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/07/12 11:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/07/11 08:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\PCHealth [2013/07/10 08:39:02 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/06/27 08:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/06/27 08:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton [2013/06/27 08:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2013/06/25 08:37:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/06/24 16:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Application Data\VDownloader [2013/06/24 16:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\VDownloader [2013/06/24 16:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader [2013/06/24 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData [2010/06/30 10:05:34 | 002,242,863 | ---- | C] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe ========== Files - Modified Within 30 Days ========== [2013/07/24 08:50:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7902DDD9-8055-4B52-9D6F-D557C6D1300E}.job [2013/07/24 08:46:01 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF84751A-EA39-4E4F-BD38-0FFD9C1F0BD5}.job [2013/07/24 08:41:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\p.macfarlane\Desktop\OTL.scr [2013/07/24 08:40:16 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job [2013/07/24 08:39:05 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/07/24 08:38:41 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/24 08:38:38 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/24 08:33:29 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013/07/24 08:31:45 | 000,000,241 | ---- | M] () -- C:\WINDOWS\Brownie.ini [2013/07/24 08:31:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/07/24 08:31:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/07/24 08:31:04 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/07/24 08:27:10 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1485393A-DB41-4ADB-A97A-F449950520D1}.job [2013/07/24 08:26:39 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/07/23 10:18:08 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/07/23 10:18:08 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/07/19 09:45:28 | 002,651,907 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/15 08:44:55 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/15 08:39:55 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/07/15 08:39:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/07/15 08:26:30 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/10 17:06:53 | 000,507,056 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/07/10 17:06:53 | 000,089,850 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/07/10 09:11:24 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2013/07/10 08:39:02 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/06/28 16:19:51 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/27 09:39:39 | 000,175,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/06/27 09:39:39 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013/06/27 09:39:38 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013/06/27 09:39:37 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013/06/27 09:39:37 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013/06/27 09:39:37 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/27 09:39:36 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/06/27 09:39:35 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013/06/27 09:39:35 | 000,021,576 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys [2013/06/27 09:37:46 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013/06/27 09:37:09 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013/06/27 08:29:18 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk [2013/06/27 08:29:18 | 000,001,596 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2013/06/27 08:27:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013/06/25 08:37:10 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013/06/25 08:37:07 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013/06/25 08:37:07 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013/06/25 08:37:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013/06/25 08:37:07 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013/06/25 08:37:07 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013/06/25 08:37:06 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2013/07/19 09:44:33 | 002,651,907 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Desktop\2013-05-26 12.33.30.jpg [2013/07/12 11:27:21 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/07/12 11:27:21 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/07/12 11:25:55 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:25:55 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/07/10 08:39:03 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/07/10 08:39:03 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/06/27 08:27:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013/06/24 16:05:32 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2013/06/24 16:05:32 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk [2013/06/24 16:05:32 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VDownloader.lnk [2013/04/29 10:54:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2013/04/05 12:50:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2013/04/05 12:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012/07/12 13:27:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012/07/12 13:27:08 | 000,637,743 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2012/07/12 13:13:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/07/11 10:43:14 | 000,001,062 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012/07/11 10:43:14 | 000,000,125 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012/07/11 10:13:56 | 000,005,897 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012/06/19 11:03:04 | 000,049,547 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\install.xml [2012/02/27 16:42:55 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2012/02/27 16:42:55 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2012/02/15 09:34:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/05 11:59:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2011/12/05 11:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2011/11/16 12:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI [2011/11/16 11:28:34 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/16 11:28:34 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/16 11:28:34 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/16 11:28:34 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/16 11:28:34 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/16 11:28:34 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/16 11:28:34 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/16 11:28:34 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/16 11:28:34 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/16 11:28:34 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/16 11:28:34 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/16 11:28:34 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/16 11:28:34 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/16 11:28:34 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011/11/16 11:28:34 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011/11/16 11:28:34 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/16 11:28:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/10/05 12:32:41 | 000,385,663 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Application Data\VideoPad.dmp [2011/01/19 17:17:56 | 000,108,032 | ---- | C] () -- C:\Documents and Settings\p.macfarlane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/17 18:42:57 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/09/26 08:26:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007/07/31 12:08:37 | 000,003,088 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/09/20 11:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2012/07/12 14:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/07/23 10:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/04/05 12:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4 [2013/07/23 10:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2012/02/28 16:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emicsoft Studio [2011/11/18 12:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/03/01 12:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2007/08/09 09:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2012/07/11 10:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2012/07/11 10:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2012/07/11 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2013/07/23 10:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\adawaretb [2011/05/19 12:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Autodesk [2013/04/05 12:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\ControlCenter4 [2011/02/17 11:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DesktopReminder [2011/09/15 09:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DriverCure [2013/07/24 08:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Dropbox [2012/02/28 17:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\DVDVideoSoft [2012/09/12 12:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Easy Thumbnails [2011/11/18 12:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\EPSON [2011/07/12 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Equisys [2011/11/15 16:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Flickr [2011/09/20 11:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Image Zone Express [2012/07/11 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Nuance [2012/07/11 10:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\PC-FAX TX [2012/02/06 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Rainmeter [2012/07/12 14:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\TeamViewer [2013/06/24 16:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\VDownloader [2012/07/11 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\p.macfarlane\Application Data\Zeon ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3160815AS Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 47.00MB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 149.00GB Starting Offset: 49351680 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2010/09/29 14:55:51 | 000,001,024 | ---- | M] () -- C:\.rnd [2007/06/20 14:14:02 | 000,000,191 | ---- | M] () -- C:\0 [2007/12/17 19:29:12 | 000,000,365 | ---- | M] () -- C:\aaw7boot.log [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/03/01 12:21:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2013/05/09 13:41:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/06/20 13:52:48 | 000,005,345 | RH-- | M] () -- C:\dell.sdr [2007/07/31 13:32:16 | 000,000,906 | ---- | M] () -- C:\docuPrinter.log [2007/12/17 17:21:00 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe [2007/12/17 17:21:00 | 000,000,291 | ---- | M] () -- C:\HijackThis.lnk [2007/07/31 15:58:59 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1 [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/01 08:42:47 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/18 11:47:25 | 000,262,144 | ---- | M] () -- C:\ntuser.dat [2011/07/18 11:47:25 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG [2010/06/01 08:39:50 | 000,061,690 | ---- | M] () -- C:\ow_reindex.txt [2013/07/24 08:31:03 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2012/11/20 16:15:21 | 000,002,938 | ---- | M] () -- C:\removeContacts.vbs [2013/07/24 08:31:23 | 000,132,478 | ---- | M] () -- C:\SUService.log [2007/12/17 16:51:52 | 000,240,904 | ---- | M] () -- C:\ZonedOut.zip < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2008/10/23 13:51:42 | 000,273,408 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL [2011/07/19 13:37:06 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/11 17:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004/08/11 17:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004/08/11 17:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > [2010/06/30 10:05:34 | 002,242,863 | ---- | M] (Polenter ) -- C:\Program Files\DesktopReminderSetup.exe < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/07/12 19:49:47 | 000,846,288 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report >
×
×
  • Create New...