Trazza

Hi Starbuck I have tried several times to download the farbar recovery scan tool x64 but every time I click on it to open it removes itself from my downloads. I realised that I had put this question in the wrong place and had just done the antimalaware check which was on your sticky here are thoose results Malwarebytes Anti-Malware http://www.malwarebytes.org Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malware Protection, Starting, Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malware Protection, Started, Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Starting, Protection, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Started, Error, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Update, Bad md5 or size: akadomains, 11, Error, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Update, Bad md5 or size: akaips, 11, Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, AKA IP Database, 0.0.0.0, 2015.9.11.2, Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, Remediation Database, 2015.5.13.1, 2015.9.30.1, Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, AKA Domain Database, 0.0.0.0, 2015.9.11.2, Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, IP Database, 0.0.0.0, 2015.10.4.1, Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, Rootkit Database, 2015.6.2.1, 2015.10.2.1, Update, 04/10/2015 15:37, SYSTEM, TRACEY-PC, Manual, Domain Database, 0.0.0.0, 2015.10.3.2, Update, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Manual, Malware Database, 2015.6.3.3, 2015.10.4.2, Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Refresh, Starting, Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Stopping, Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Stopped, Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Refresh, Success, Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Starting, Protection, 04/10/2015 15:38, SYSTEM, TRACEY-PC, Protection, Malicious Website Protection, Started, Scan, 04/10/2015 15:52, SYSTEM, TRACEY-PC, Manual, Start:04/10/2015 15:38, Duration:14 min 11 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, (end) Thanks for your quick reply Tracey

Hi guys was wondering if anyone can help me. A couple of months ago I had to restore my laptop to factory settings and managed to do it with not much trouble. Since then I seem to have had nothing but trouble when surfing the net. Whichever search engine I use (google chrome, firefox and IE ) the laptop stops responding and it can take anything from 20 seconds to 5 minuets for it to start responding . Is there anything I can do? My laptop is an Acer Aspire 5742 with an i3cpu and 3gb Ram and I am using windows 7 home premium 64 bit operating system i have Norton gold antivirus . Hope someone can help. Many thanks Tracey

The computer seems to be running fine but today whilst on FB I got a message down the left hand side saying that there are several windows errors on the machine and to click here to fix them. I didn't do it though because it looked a lot like the other message I got when they wanted money to fix them, also sometimes get a message that flash isn't working properly but the programs load ok. Thanks Trazza

Hi etavares and thanks for you help. I have done the fix and the report is below. Will this stop all the messages that appear on certain sites telling me I have problems or are they sent to all computers to scare us in to spending money with them? Thanks again Trazza ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. ========== FILES ========== C:\Users\Tracey\AppData\Roaming\Systweak folder moved successfully. C:\Windows\SysNative\roboot64.exe moved successfully. OTL by OldTimer - Version 3.2.69.0 log created on 10232013_123540

Hi guys (and gals) I got this windows 7 laptop given to me by my daughter as my old desktop bit the bullet back in July. She said that sometimes it just freezes and you just have to wait for it to return to what you were doing. this has happened a couple of times a week but I was living with it as as I said it was a gift but the other day my hubby clicked on something and I suddenly get a message of someone called Reg-clean saying that there are more than 400 problems with the laptop. I do not know how he ended up downloading this program but as it said that they wanted money to fix it I uninstalled it and am coming to you to see if there are any problems that you can see or do you think I should purchase Reg-clean. I have done the Malware scan and OTL scan and will try to add them below. Thanks for taking the time to read this Trazza Malwarebytes Anti-Malware 1.75.0.1300 http://www.malwarebytes.org Database version: v2013.10.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Tracey :: LAPTOP [administrator] 22/10/2013 17:34:16 mbam-log-2013-10-22 (17-34-16).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 351909 Time elapsed: 58 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Tracey\AppData\Local\Temp\RmP5QekH.exe.part (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully. C:\Users\Tracey\Downloads\rcpsetupmapp1_mapp11660952(1).exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully. C:\Users\Tracey\Downloads\rcpsetupmapp1_mapp11660952.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully. (end) OTL logfile created on: 22/10/2013 18:43:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracey\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.26% Memory free 5.48 Gb Paging File | 3.92 Gb Available in Paging File | 71.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.99 Gb Total Space | 224.86 Gb Free Space | 78.90% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Tracey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tracey\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\cltlmh.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131018.001\IDSviA64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131022.001\ex64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131022.001\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131002.001\BHDrvx64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=GB&ver=20&locale=en_GB&gct=kwd&qsrc=2869 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "www.Google.com" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2013/05/03 16:41:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/10/22 18:38:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 18:28:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/03 19:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tracey\AppData\Roaming\Mozilla\Extensions [2013/09/18 10:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/09/18 10:36:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_S70AF.tmp" /EF "HKCU" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F7E08EE-9D6F-4AE9-9193-5DD54717694A}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 168.95.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/10/22 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Roaming\Malwarebytes [2013/10/22 17:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/10/22 17:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/10/22 17:32:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/10/22 17:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/10/21 20:26:16 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Roaming\Systweak [2013/10/21 20:26:14 | 000,020,312 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013/10/21 20:24:41 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Local\Programs [2013/10/10 22:40:31 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/10 22:40:31 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/10 22:40:30 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/10/10 22:40:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/10/10 22:40:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/10/10 22:40:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/10/10 22:40:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/10/10 22:40:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/10/10 22:40:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/10/10 22:40:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/10/10 22:40:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/10/10 22:40:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/10 22:40:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/10 22:40:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/10 22:40:27 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/10 14:46:02 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/10 14:46:01 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/10 14:46:01 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/10 14:46:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/10 14:46:01 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/10 14:46:01 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/10 14:46:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/10 14:46:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/10 14:46:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/10 14:45:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013/10/10 14:45:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/10 14:45:58 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidp****.sys [2013/10/10 14:45:56 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/10 14:45:56 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/10 14:45:56 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013/10/10 14:45:55 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/10 14:45:55 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/10 14:45:55 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013/10/10 14:45:55 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013/10/10 14:45:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/10 14:45:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/10 14:45:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/10 14:45:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/10 14:45:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/10 14:45:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/10 14:45:48 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 14:45:48 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/10 14:45:47 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll [2013/10/09 18:48:25 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe ========== Files - Modified Within 30 Days ========== [2013/10/22 18:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/22 18:43:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/22 18:43:57 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/22 18:36:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/22 18:36:36 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys [2013/10/22 17:32:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/10/22 17:22:01 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/22 17:22:01 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/22 17:22:01 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/11 08:44:36 | 000,417,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/10 08:48:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/10 08:48:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/10 08:48:27 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013/09/23 00:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/23 00:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/09/23 00:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/09/23 00:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/09/23 00:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/09/22 23:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/09/22 23:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/09/22 23:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/09/22 23:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/09/22 23:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/09/22 23:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/09/22 23:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll ========== Files Created - No Company Name ========== [2013/10/22 17:32:16 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/08/14 11:57:51 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2013/08/14 11:57:51 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2013/08/14 11:57:51 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2013/08/14 11:57:51 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2013/08/14 11:57:51 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2013/08/14 11:57:51 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2013/08/14 11:57:51 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2013/08/14 11:57:51 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2013/08/14 11:57:51 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2013/08/14 11:57:51 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2013/08/14 11:57:51 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2013/08/14 11:57:51 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2013/08/14 11:57:51 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2013/08/14 11:57:51 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2013/08/14 11:57:51 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2013/08/14 11:57:51 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2013/08/14 11:57:51 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2013/08/14 11:57:51 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2013/08/14 11:57:51 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2013/08/14 11:50:26 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini [2010/08/30 10:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/10/22 17:25:21 | 000,000,000 | ---D | M] -- C:\Users\Tracey\AppData\Roaming\Systweak ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media Interface type: IDE Media Type: Fixed hard disk media Model: WDC WD3200BPVT-22ZEST0 Partitions: 3 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 13.00GB Starting Offset: 1048576 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 100.00MB Starting Offset: 13959692288 Hidden sectors: 0 DeviceID: Disk #0, Partition #2 PartitionType: Installable File System Bootable: False BootPartition: False PrimaryPartition: True Size: 285.00GB Starting Offset: 14064549888 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2010/08/30 10:47:02 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2013/10/22 18:36:36 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys [2013/09/25 13:35:13 | 000,000,040 | ---- | M] () -- C:\log.txt [2013/10/22 18:36:41 | 2943,049,728 | -HS- | M] () -- C:\pagefile.sys [2013/05/03 16:20:27 | 000,003,161 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/17 09:25:29 | 000,869,656 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/17 09:25:29 | 000,869,656 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/17 09:25:29 | 000,869,656 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/08/17 09:25:29 | 000,276,376 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/08/17 09:25:29 | 000,276,376 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/17 09:25:29 | 000,276,376 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/08/17 09:25:29 | 000,869,656 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/08/17 09:25:29 | 000,869,656 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/08/17 09:25:29 | 000,869,656 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/08/17 09:25:29 | 000,276,376 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/08/17 09:25:29 | 000,276,376 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/08/17 09:25:29 | 000,276,376 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/23 02:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 22/10/2013 18:43:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracey\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.26% Memory free 5.48 Gb Paging File | 3.92 Gb Available in Paging File | 71.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284.99 Gb Total Space | 224.86 Gb Free Space | 78.90% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Tracey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0309C017-64C5-4769-ADFA-3EB6D4771DD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{0637F3D4-8D31-4BE8-BD9C-356B19998B57}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0F1F2372-9F9F-45B4-968E-BEA3C80F2E02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{369D38F3-2A03-4757-8577-4796F57734CC}" = lport=2869 | protocol=6 | dir=in | app=system | "{37A43F7A-062F-4F73-8A72-D8D0953E9E7E}" = lport=139 | protocol=6 | dir=in | app=system | "{3842F5A2-2AEF-4E1C-B1E9-1A664C504B77}" = rport=137 | protocol=17 | dir=out | app=system | "{3E115404-8DB9-4501-97ED-E34FEF7F260F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{443131C3-A0AB-48B6-87D6-82FCAC8DD228}" = lport=137 | protocol=17 | dir=in | app=system | "{540018DC-E7E0-4EA6-9CD5-90F14E624351}" = rport=138 | protocol=17 | dir=out | app=system | "{5EC49605-96BC-483A-B323-27B0ED2679AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{639E34C6-EF04-46BE-B711-2EB041B98622}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6A3CCB3B-2EFB-42DF-9379-CBDF9BFF118F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6DB1F1AB-5089-42F3-A457-915DA43515F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{898867D8-3E94-4D1B-9E8E-FDB58FB62345}" = rport=10243 | protocol=6 | dir=out | app=system | "{AF75C09A-4FB1-495D-98FC-86B4E5C24AF1}" = rport=139 | protocol=6 | dir=out | app=system | "{B1D1D3DA-0E63-488C-AC19-AC0FE94E5F7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B20AF650-7761-4CB9-868B-BD966A5914B7}" = lport=2869 | protocol=6 | dir=in | app=system | "{B7DFB97B-EEF2-41DB-9FFD-EFF2AA601A51}" = rport=445 | protocol=6 | dir=out | app=system | "{BAFD8FB3-B3D8-4F75-9477-BF8D68898DA3}" = lport=445 | protocol=6 | dir=in | app=system | "{C511CADD-8CDE-4909-BF1D-905435658818}" = lport=10243 | protocol=6 | dir=in | app=system | "{CA5A59B7-3995-462B-A103-6AD66CEEB905}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CC97EB66-6BBF-45A7-B985-B487FFB89ABC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D96A1DE4-3BE1-484C-9981-2F8548D66B27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D989C212-2EB6-4914-AD2F-4FD2006535E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F2213C36-5F5E-477C-A661-249F6DEC6C99}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{FB06CA88-F583-434D-91C9-ECFDC7B27B5A}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DDF194E-4DA1-4252-AB3E-345112F8A67A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{1D800A41-5CCE-41AA-A99D-99ECFBF1E2F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{245CD163-6CAB-4C8C-9447-6938FA9F578D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2A4A9CA5-CBA2-430C-8FAC-54A341CC7648}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2BC160FB-4871-4F51-9B67-AAD1761551AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3F364168-77CA-4F6D-BA98-63ED40F2B188}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F7448F4-7603-4123-BE88-8E6CCE49F803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42C82B4F-D3A4-4F3E-808C-A860DEED52F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{46E05DA3-EDEF-4E79-BD48-F7D9B1CB8137}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{4D39D589-FC9B-4389-8084-B82C92608627}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4DB57E89-EFC9-44B6-B221-DE8181D74E5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4ECA4698-F794-4972-AB54-CECD3D9E3916}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{518415A1-9FE2-4892-B324-CA64973DFB8E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{52EFA583-5C45-4816-8E90-911E8FF80A0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{74EA4FC4-773A-4831-A322-BD6CA06EBC02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{77E6F238-443E-4F88-AED3-09A37AB15DF9}" = protocol=6 | dir=out | app=system | "{7809E13F-32BA-4DD1-95DF-9082E7928B16}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{99421261-139E-4B93-9026-AD7949507890}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A9EF05C7-3F15-4A1F-82B2-961013E756D8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B18480EC-DE0B-425C-AAE3-CF65A4CA9B9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D7D2B3E1-8C07-4441-8E70-EBDA9CA332CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D94D8CC2-F0F0-4319-A5C7-FF539A3D3F73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9FBAD6A-7904-4D76-A6F0-EEDC7BF15ABA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DF8715B4-780C-432F-9B78-AE50B32C5E8B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{EC55FEA1-019B-4621-9B57-83ABDFBF6F74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FC481617-EF8A-45A0-8128-E0AB01C2FA9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "EPSON Printer and Utilities" = EPSON Printer Software "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "N360" = Norton 360 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/10/2013 06:25:00 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:00 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:01 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:01 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:01 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:02 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:02 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:02 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:03 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = Error - 11/10/2013 06:25:03 | Computer Name = laptop | Source = .NET Runtime Optimization Service | ID = 1101 Description = [ System Events ] Error - 09/07/2013 03:13:02 | Computer Name = laptop | Source = WMPNetworkSvc | ID = 866300 Description = Error - 14/07/2013 07:09:03 | Computer Name = laptop | Source = Service Control Manager | ID = 7043 Description = The Windows Update service did not shut down properly after receiving a preshutdown control. Error - 15/07/2013 17:54:05 | Computer Name = laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939). Error - 23/07/2013 02:09:22 | Computer Name = laptop | Source = DCOM | ID = 10010 Description = Error - 10/08/2013 19:18:15 | Computer Name = laptop | Source = Service Control Manager | ID = 7023 Description = The Windows Time service terminated with the following error: %%1115 Error - 15/08/2013 02:36:38 | Computer Name = laptop | Source = EventLog | ID = 6008 Description = The previous system shutdown at 00:36:48 on ?15/?08/?2013 was unexpected. Error - 31/08/2013 05:12:14 | Computer Name = laptop | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 31/08/2013 05:12:14 | Computer Name = laptop | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 31/08/2013 05:12:15 | Computer Name = laptop | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 11/10/2013 03:42:42 | Computer Name = laptop | Source = Service Control Manager | ID = 7024 Description = The Superfetch service terminated with service-specific error %%0. < End of report >

I have a cd/dvd rewrite and I have blank discs. Trazza

As I said in earlier post I tried system restore in safe mode 3 times and still no joy. Trazza

Doesn't work as in it goes trough all the process then when it reboots it says that it was unable to restore to the earlier date and no changes have been made. There are loads of restore points but none of them will take effect. Trazza

Have been trying different things to get a system restore, even tried a few times in safe mode but nothing doing. As well as the cpu issue (which it looks like I'll just have to live with) there is a problem with my system restore. Tried to go back as far as July but it still would'nt work.

Tried playing via IE, same problem. Computer does not seem to be hot, occasionally I hear the fan but not very often at all. Husband clears the dust away quite often as this is a dusty house. After reading your last post I went to the fix mozilla problem page and updated from 3.6.28 to 16 and also ran the fix tool. The games still show a high cpu usage but now ebay (which husband uses a lot) has started to play up, the pictures on the listings will not enlarge. Decided that I would try to go back to 3.6.28 after reading that some other people were having the same issues after upgrading but that didnt work so then decided to restore PC to an earlier time and that also would not work, it went through all the process then said system restore could not restore to an earlier time and no changes have been made. Trazza

Sorted the key issue out, buttons 3,6 and 9 were sticking. A good clean of the keyboard sorted that out. Everything else seems just as it was before. Does reset my browser mean what I think it does eg delete firefox then reinstall it again. I am more than happy to do that but will probably need a little direction. Thanks Trazza

By the way did as you said and disabled all my norton security but when I downloaded combofix a warning came on the screen saying that norton was still on. I double checked norton and it said it was all disabled so I dont know what was going on. I deleted the 2 posts relating to double posting - it tidies up the thread :) KenB

Oh dear did what you asked and reports will be added at the bottom of this post but after the combofix I tried my games and the computer response was very jerky. I then did the TDSS killer and now the number section of my keyboard is not working. It just feels like its one problem after another. Really sorry about this. The reports are ComboFix 12-10-12.01 - USER 12/10/2012 14:17:04.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.455 [GMT 1:00] Running from: c:\documents and settings\USER\My Documents\Downloads\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 ))))))))))))))))))))))))))))))) . . 2012-10-10 07:44 . 2012-10-11 14:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-10 07:44 . 2012-10-11 14:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-05 18:55 . 2012-10-05 18:55 -------- d-----w- C:\_OTL 2012-10-05 18:37 . 2012-10-05 18:37 -------- d-----w- c:\program files\ERUNT 2012-10-05 10:38 . 2012-10-05 10:38 -------- d-----w- c:\program files\Common Files\Nokia 2012-10-05 10:33 . 2012-06-27 14:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2012-10-05 10:31 . 2012-10-05 10:31 -------- d-----w- c:\program files\PC Connectivity Solution 2012-10-05 10:29 . 2012-01-09 16:28 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys 2012-10-05 10:28 . 2012-01-09 16:28 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys 2012-10-05 10:28 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2012-10-05 10:27 . 2012-01-09 16:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2012-10-05 10:27 . 2012-01-09 16:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2012-10-05 10:26 . 2012-01-09 16:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2012-10-02 07:46 . 2012-10-03 09:43 -------- d-----w- c:\windows\system32\drivers\NIS\1309000.009 2012-09-23 20:15 . 2012-09-23 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess 2012-09-23 20:10 . 2012-09-23 20:10 -------- d-----w- c:\documents and settings\USER\Application Data\FreeAudioPack 2012-09-23 20:10 . 2012-09-30 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software 2012-09-23 20:10 . 2012-09-30 18:32 -------- d-----w- c:\documents and settings\USER\Application Data\NCH Software 2012-09-23 19:23 . 2012-09-23 20:16 -------- d-----w- c:\documents and settings\USER\Application Data\DVDVideoSoft 2012-09-23 18:31 . 2012-09-23 20:10 -------- d-----w- c:\program files\NCH Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-07 16:04 . 2012-04-26 14:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 10:12 . 2012-09-06 10:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-06 10:12 . 2012-09-06 10:14 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-06 10:12 . 2012-07-29 11:30 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-06 10:12 . 2012-07-29 11:30 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-29 14:00 . 2012-07-18 11:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-27 19:12 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll 2012-08-27 19:12 . 2004-08-12 13:58 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-27 19:12 . 2011-02-16 13:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-08-27 19:12 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll 2012-08-24 13:53 . 2004-08-12 14:09 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2004-08-12 14:02 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-09-07 18:42 . 2012-09-07 18:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-08-29 14:01 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-29 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 67128] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-08-03 1086376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-18 282624] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-08 296056] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-29 947808] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\USER\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2004-10-1 565309] Logitech Desktop Messenger Agent.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-24 67128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2012-09-24 18:08 13672 ----a-w- c:\program files\Citrix\GoToAssist\830\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [02/10/2012 08:47 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [02/10/2012 08:47 924320] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [18/07/2012 12:29 27496] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [01/10/2012 19:54 995488] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [02/10/2012 08:47 132768] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [02/10/2012 08:47 149624] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [02/10/2012 08:46 138272] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [29/08/2012 15:00 722528] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/08/2012 19:17 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121011.001\IDSXpx86.sys [12/10/2012 08:48 373728] R3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [30/07/2012 16:29 987904] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25/02/2010 13:22 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/10/2012 08:44 250808] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25/02/2010 13:22 135664] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 23:38 114144] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/10/2012 11:28 137600] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/10/2012 11:29 8576] . Contents of the 'Scheduled Tasks' folder . 2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 14:41] . 2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 12:22] . 2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 12:22] . 2012-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21] . 2012-10-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21] . 2012-10-06 c:\windows\Tasks\SwitchReminder.job - c:\program files\NCH Software\Switch\switch.exe [2012-09-23 15:41] . 2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 11:58] . 2012-09-30 c:\windows\Tasks\WavePadReminder.job - c:\program files\NCH Software\WavePad\wavepad.exe [2012-09-23 18:32] . . ------- Supplementary Scan ------- . uStart Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29&v=12.2.5.32&sap=hp IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.1.254 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) AddRemove-DealPly - c:\program files\DealPly\uninst.exe AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-12 14:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(900) c:\program files\Citrix\GoToAssist\830\G2AWinLogon.dll . Completion time: 2012-10-12 14:37:51 ComboFix-quarantined-files.txt 2012-10-12 13:37 . Pre-Run: 130,782,941,184 bytes free Post-Run: 130,815,102,976 bytes free . - - End Of File - - 946247CEA9CEA860D0CEFB06722A482B The TDSS report is 15:09:30.0859 3460 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 15:09:32.0250 3460 ============================================================ 15:09:32.0250 3460 Current date / time: 2012/10/12 15:09:32.0250 15:09:32.0250 3460 SystemInfo: 15:09:32.0250 3460 15:09:32.0250 3460 OS Version: 5.1.2600 ServicePack: 3.0 15:09:32.0250 3460 Product type: Workstation 15:09:32.0250 3460 ComputerName: ANY-6C5E521BE98 15:09:32.0250 3460 UserName: USER 15:09:32.0250 3460 Windows directory: C:\WINDOWS 15:09:32.0250 3460 System windows directory: C:\WINDOWS 15:09:32.0250 3460 Processor architecture: Intel x86 15:09:32.0250 3460 Number of processors: 1 15:09:32.0250 3460 Page size: 0x1000 15:09:32.0250 3460 Boot type: Normal boot 15:09:32.0250 3460 ============================================================ 15:09:33.0000 3460 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:09:33.0031 3460 ============================================================ 15:09:33.0031 3460 \Device\Harddisk0\DR0: 15:09:33.0031 3460 MBR partitions: 15:09:33.0031 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 15:09:33.0031 3460 ============================================================ 15:09:33.0078 3460 C: <-> \Device\Harddisk0\DR0\Partition1 15:09:33.0078 3460 ============================================================ 15:09:33.0078 3460 Initialize success 15:09:33.0078 3460 ============================================================ 15:09:45.0203 3936 ============================================================ 15:09:45.0203 3936 Scan started 15:09:45.0203 3936 Mode: Manual; 15:09:45.0203 3936 ============================================================ 15:09:45.0453 3936 ================ Scan system memory ======================== 15:09:45.0453 3936 System memory - ok 15:09:45.0453 3936 ================ Scan services ============================= 15:09:45.0578 3936 Abiosdsk - ok 15:09:45.0578 3936 abp480n5 - ok 15:09:45.0640 3936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:09:45.0640 3936 ACPI - ok 15:09:45.0687 3936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 15:09:45.0687 3936 ACPIEC - ok 15:09:45.0750 3936 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:09:45.0765 3936 AdobeFlashPlayerUpdateSvc - ok 15:09:45.0765 3936 adpu160m - ok 15:09:45.0812 3936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 15:09:45.0812 3936 aec - ok 15:09:45.0875 3936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 15:09:45.0875 3936 AFD - ok 15:09:45.0890 3936 Aha154x - ok 15:09:45.0906 3936 aic78u2 - ok 15:09:45.0906 3936 aic78xx - ok 15:09:45.0953 3936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 15:09:45.0953 3936 Alerter - ok 15:09:46.0000 3936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 15:09:46.0000 3936 ALG - ok 15:09:46.0015 3936 AliIde - ok 15:09:46.0031 3936 amsint - ok 15:09:46.0031 3936 AppMgmt - ok 15:09:46.0046 3936 asc - ok 15:09:46.0062 3936 asc3350p - ok 15:09:46.0062 3936 asc3550 - ok 15:09:46.0171 3936 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:09:46.0171 3936 aspnet_state - ok 15:09:46.0218 3936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:09:46.0234 3936 AsyncMac - ok 15:09:46.0265 3936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 15:09:46.0265 3936 atapi - ok 15:09:46.0281 3936 Atdisk - ok 15:09:46.0328 3936 [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 15:09:46.0343 3936 Ati HotKey Poller - ok 15:09:46.0406 3936 [ 2BDD1D3403827CD1AF973A9CFAD4EDC7 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe 15:09:46.0421 3936 ATI Smart - ok 15:09:46.0500 3936 [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 15:09:46.0515 3936 ati2mtag - ok 15:09:46.0546 3936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:09:46.0546 3936 Atmarpc - ok 15:09:46.0593 3936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 15:09:46.0593 3936 AudioSrv - ok 15:09:46.0640 3936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 15:09:46.0640 3936 audstub - ok 15:09:46.0687 3936 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys 15:09:46.0718 3936 avgtp - ok 15:09:46.0750 3936 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 15:09:46.0750 3936 b57w2k - ok 15:09:46.0812 3936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 15:09:46.0812 3936 Beep - ok 15:09:47.0046 3936 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys 15:09:47.0109 3936 BHDrvx86 - ok 15:09:47.0171 3936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 15:09:47.0250 3936 BITS - ok 15:09:47.0375 3936 [ CC4E72A0FA7F62175C8BB42BA2CAA3D5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:09:47.0390 3936 Bonjour Service - ok 15:09:47.0437 3936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 15:09:47.0437 3936 Browser - ok 15:09:47.0484 3936 [ 1558A85F3F8108531C5BA376728905EF ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys 15:09:47.0484 3936 btaudio - ok 15:09:47.0500 3936 [ 420713AF4B17E2A2BFC8B3CCF8AA2B77 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys 15:09:47.0515 3936 BTDriver - ok 15:09:47.0546 3936 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys 15:09:47.0546 3936 BthEnum - ok 15:09:47.0578 3936 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 15:09:47.0578 3936 BthPan - ok 15:09:47.0625 3936 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys 15:09:47.0656 3936 BTHPORT - ok 15:09:47.0687 3936 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll 15:09:47.0687 3936 BthServ - ok 15:09:47.0703 3936 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys 15:09:47.0703 3936 BTHUSB - ok 15:09:47.0750 3936 [ 797107044955DFE31223EECE0B8D3A4A ] BTKRNL C:\WINDOWS\system32\drivers\btkrnl.sys 15:09:47.0796 3936 BTKRNL - ok 15:09:47.0828 3936 [ EA3CBF6EC25BEE3304557CEE21C8819C ] btwdins C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe 15:09:47.0828 3936 btwdins - ok 15:09:47.0937 3936 [ B0C1F4B04D2C4E5D0B161DE865AC88F6 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys 15:09:47.0953 3936 BTWDNDIS - ok 15:09:47.0984 3936 [ D61634722740421328973BB9F6AB6070 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 15:09:47.0984 3936 BTWUSB - ok 15:09:48.0031 3936 [ C945DC4EEE3F624DFD07788EA7F0DB0A ] bvrp_pci C:\WINDOWS\system32\drivers\bvrp_pci.sys 15:09:48.0031 3936 bvrp_pci - ok 15:09:48.0171 3936 catchme - ok 15:09:48.0187 3936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 15:09:48.0187 3936 cbidf2k - ok 15:09:48.0218 3936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:09:48.0218 3936 CCDECODE - ok 15:09:48.0328 3936 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys 15:09:48.0328 3936 ccSet_NIS - ok 15:09:48.0343 3936 cd20xrnt - ok 15:09:48.0390 3936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 15:09:48.0390 3936 Cdaudio - ok 15:09:48.0406 3936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 15:09:48.0406 3936 Cdfs - ok 15:09:48.0421 3936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:09:48.0437 3936 Cdrom - ok 15:09:48.0468 3936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 15:09:48.0468 3936 CiSvc - ok 15:09:48.0500 3936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 15:09:48.0500 3936 ClipSrv - ok 15:09:48.0531 3936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:09:48.0562 3936 clr_optimization_v2.0.50727_32 - ok 15:09:48.0578 3936 CmdIde - ok 15:09:48.0593 3936 COMSysApp - ok 15:09:48.0609 3936 Cpqarray - ok 15:09:48.0656 3936 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys 15:09:48.0671 3936 cpudrv - ok 15:09:48.0703 3936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 15:09:48.0703 3936 CryptSvc - ok 15:09:48.0718 3936 dac2w2k - ok 15:09:48.0718 3936 dac960nt - ok 15:09:48.0796 3936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 15:09:48.0796 3936 DcomLaunch - ok 15:09:48.0843 3936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 15:09:48.0859 3936 Dhcp - ok 15:09:48.0890 3936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 15:09:48.0890 3936 Disk - ok 15:09:48.0906 3936 dmadmin - ok 15:09:48.0953 3936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 15:09:48.0968 3936 dmboot - ok 15:09:48.0984 3936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 15:09:48.0984 3936 dmio - ok 15:09:49.0031 3936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 15:09:49.0031 3936 dmload - ok 15:09:49.0078 3936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 15:09:49.0093 3936 dmserver - ok 15:09:49.0109 3936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 15:09:49.0109 3936 DMusic - ok 15:09:49.0171 3936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 15:09:49.0171 3936 Dnscache - ok 15:09:49.0218 3936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 15:09:49.0218 3936 Dot3svc - ok 15:09:49.0234 3936 dpti2o - ok 15:09:49.0265 3936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 15:09:49.0265 3936 drmkaud - ok 15:09:49.0312 3936 [ B15F9E526BA511A48B1B1B8537815740 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys 15:09:49.0312 3936 drvmcdb - ok 15:09:49.0328 3936 [ FA4670CAE95AE2BB857C68E535661145 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys 15:09:49.0328 3936 drvnddm - ok 15:09:49.0359 3936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 15:09:49.0359 3936 EapHost - ok 15:09:49.0468 3936 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 15:09:49.0484 3936 eeCtrl - ok 15:09:49.0515 3936 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 15:09:49.0515 3936 EraserUtilRebootDrv - ok 15:09:49.0578 3936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 15:09:49.0578 3936 ERSvc - ok 15:09:49.0625 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 15:09:49.0625 3936 Eventlog - ok 15:09:49.0687 3936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 15:09:49.0687 3936 EventSystem - ok 15:09:49.0734 3936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 15:09:49.0734 3936 Fastfat - ok 15:09:49.0781 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 15:09:49.0796 3936 FastUserSwitchingCompatibility - ok 15:09:49.0843 3936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 15:09:49.0843 3936 Fdc - ok 15:09:49.0890 3936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 15:09:49.0890 3936 Fips - ok 15:09:49.0937 3936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 15:09:49.0937 3936 Flpydisk - ok 15:09:49.0968 3936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 15:09:49.0984 3936 FltMgr - ok 15:09:50.0046 3936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 15:09:50.0046 3936 FontCache3.0.0.0 - ok 15:09:50.0093 3936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:09:50.0093 3936 Fs_Rec - ok 15:09:50.0140 3936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:09:50.0140 3936 Ftdisk - ok 15:09:50.0203 3936 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys 15:09:50.0203 3936 giveio - ok 15:09:50.0281 3936 [ 3EC75EA47770674767EC486393B411DC ] GoToAssist C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe 15:09:50.0296 3936 GoToAssist - ok 15:09:50.0328 3936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:09:50.0343 3936 Gpc - ok 15:09:50.0421 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:09:50.0421 3936 gupdate - ok 15:09:50.0437 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:09:50.0437 3936 gupdatem - ok 15:09:50.0500 3936 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:09:50.0500 3936 gusvc - ok 15:09:50.0578 3936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:09:50.0593 3936 helpsvc - ok 15:09:50.0593 3936 HidServ - ok 15:09:50.0625 3936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:09:50.0625 3936 HidUsb - ok 15:09:50.0671 3936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 15:09:50.0671 3936 hkmsvc - ok 15:09:50.0687 3936 hpn - ok 15:09:50.0734 3936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 15:09:50.0734 3936 HTTP - ok 15:09:50.0796 3936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 15:09:50.0796 3936 HTTPFilter - ok 15:09:50.0812 3936 i2omp - ok 15:09:50.0859 3936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:09:50.0875 3936 i8042prt - ok 15:09:50.0921 3936 [ F26BFD48B1C314E0F23BF77ACFA75940 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys 15:09:50.0937 3936 iastor - ok 15:09:51.0015 3936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:09:51.0046 3936 idsvc - ok 15:09:51.0156 3936 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121011.001\IDSxpx86.sys 15:09:51.0187 3936 IDSxpx86 - ok 15:09:51.0218 3936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 15:09:51.0218 3936 Imapi - ok 15:09:51.0281 3936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 15:09:51.0281 3936 ImapiService - ok 15:09:51.0296 3936 ini910u - ok 15:09:51.0359 3936 [ 8E51BF1696821A72656444E0FD5081A3 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 15:09:51.0421 3936 IntelC51 - ok 15:09:51.0468 3936 [ 331CE31882754000CA2AFBF7BD480513 ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 15:09:51.0515 3936 IntelC52 - ok 15:09:51.0562 3936 [ 8001FAC548EB0285D0085F4EB53C1E3F ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 15:09:51.0562 3936 IntelC53 - ok 15:09:51.0578 3936 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 15:09:51.0578 3936 IntelIde - ok 15:09:51.0625 3936 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:09:51.0625 3936 intelppm - ok 15:09:51.0671 3936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 15:09:51.0671 3936 Ip6Fw - ok 15:09:51.0703 3936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:09:51.0718 3936 IpFilterDriver - ok 15:09:51.0718 3936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:09:51.0718 3936 IpInIp - ok 15:09:51.0781 3936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:09:51.0781 3936 IpNat - ok 15:09:51.0796 3936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:09:51.0796 3936 IPSec - ok 15:09:51.0812 3936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 15:09:51.0812 3936 IRENUM - ok 15:09:51.0843 3936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:09:51.0843 3936 isapnp - ok 15:09:51.0890 3936 [ 936123D83E80C1CB3EA042D7FB98DA25 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys 15:09:51.0906 3936 itchfltr - ok 15:09:52.0031 3936 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe 15:09:52.0031 3936 JavaQuickStarterService - ok 15:09:52.0062 3936 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\WINDOWS\system32\DRIVERS\k750bus.sys 15:09:52.0078 3936 k750bus - ok 15:09:52.0093 3936 [ F44521F63C0C00364FA3D59DB980DE6A ] k750mdfl C:\WINDOWS\system32\DRIVERS\k750mdfl.sys 15:09:52.0093 3936 k750mdfl - ok 15:09:52.0093 3936 [ E93323C3ED5E8923A177740A973C27B2 ] k750mdm C:\WINDOWS\system32\DRIVERS\k750mdm.sys 15:09:52.0109 3936 k750mdm - ok 15:09:52.0109 3936 [ 9D5F5A70CA0B7C428EFCD73DB50E6AC7 ] k750mgmt C:\WINDOWS\system32\DRIVERS\k750mgmt.sys 15:09:52.0109 3936 k750mgmt - ok 15:09:52.0125 3936 [ 81CA2D57B2C14F76F4BA80846784BB3D ] k750obex C:\WINDOWS\system32\DRIVERS\k750obex.sys 15:09:52.0125 3936 k750obex - ok 15:09:52.0187 3936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:09:52.0250 3936 Kbdclass - ok 15:09:52.0296 3936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 15:09:52.0296 3936 kbdhid - ok 15:09:52.0328 3936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 15:09:52.0328 3936 kmixer - ok 15:09:52.0375 3936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 15:09:52.0375 3936 KSecDD - ok 15:09:52.0437 3936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 15:09:52.0437 3936 lanmanserver - ok 15:09:52.0484 3936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 15:09:52.0484 3936 lanmanworkstation - ok 15:09:52.0531 3936 [ 6DBFDE591322242ECEC5C48FCA325E82 ] LCcfltr C:\WINDOWS\system32\Drivers\LCcFltr.Sys 15:09:52.0531 3936 LCcfltr - ok 15:09:52.0546 3936 [ 387CB1E73B17656F406FC13DC17EDA6A ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys 15:09:52.0562 3936 LHidUsb - ok 15:09:52.0609 3936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 15:09:52.0609 3936 LmHosts - ok 15:09:52.0671 3936 [ 98312C9EAB656053BE1ACA3A8A5912B3 ] MASPINT C:\WINDOWS\system32\drivers\MASPINT.sys 15:09:52.0671 3936 MASPINT - ok 15:09:52.0765 3936 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe 15:09:52.0796 3936 MatSvc - ok 15:09:52.0859 3936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 15:09:52.0859 3936 Messenger - ok 15:09:52.0921 3936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 15:09:52.0921 3936 mnmdd - ok 15:09:52.0968 3936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 15:09:52.0968 3936 mnmsrvc - ok 15:09:53.0000 3936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 15:09:53.0000 3936 Modem - ok 15:09:53.0031 3936 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 15:09:53.0046 3936 MODEMCSA - ok 15:09:53.0046 3936 [ BDD406003C0C340CF6C5501165E83DCD ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys 15:09:53.0046 3936 mohfilt - ok 15:09:53.0093 3936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:09:53.0093 3936 Mouclass - ok 15:09:53.0140 3936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:09:53.0140 3936 mouhid - ok 15:09:53.0171 3936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 15:09:53.0171 3936 MountMgr - ok 15:09:53.0218 3936 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:09:53.0234 3936 MozillaMaintenance - ok 15:09:53.0234 3936 mraid35x - ok 15:09:53.0281 3936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:09:53.0281 3936 MRxDAV - ok 15:09:53.0359 3936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:09:53.0375 3936 MRxSmb - ok 15:09:53.0406 3936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 15:09:53.0406 3936 MSDTC - ok 15:09:53.0421 3936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 15:09:53.0421 3936 Msfs - ok 15:09:53.0437 3936 MSIServer - ok 15:09:53.0500 3936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:09:53.0515 3936 MSKSSRV - ok 15:09:53.0531 3936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:09:53.0531 3936 MSPCLOCK - ok 15:09:53.0546 3936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 15:09:53.0546 3936 MSPQM - ok 15:09:53.0578 3936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:09:53.0593 3936 mssmbios - ok 15:09:53.0593 3936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 15:09:53.0609 3936 MSTEE - ok 15:09:53.0671 3936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 15:09:53.0671 3936 Mup - ok 15:09:53.0718 3936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:09:53.0718 3936 NABTSFEC - ok 15:09:53.0765 3936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 15:09:53.0765 3936 napagent - ok 15:09:53.0890 3936 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121011.034\NAVENG.SYS 15:09:53.0890 3936 NAVENG - ok 15:09:53.0968 3936 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121011.034\NAVEX15.SYS 15:09:54.0062 3936 NAVEX15 - ok 15:09:54.0093 3936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 15:09:54.0093 3936 NDIS - ok 15:09:54.0140 3936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:09:54.0140 3936 NdisIP - ok 15:09:54.0203 3936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:09:54.0203 3936 NdisTapi - ok 15:09:54.0250 3936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:09:54.0250 3936 Ndisuio - ok 15:09:54.0265 3936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:09:54.0265 3936 NdisWan - ok 15:09:54.0312 3936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 15:09:54.0328 3936 NDProxy - ok 15:09:54.0359 3936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 15:09:54.0359 3936 NetBIOS - ok 15:09:54.0375 3936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 15:09:54.0390 3936 NetBT - ok 15:09:54.0437 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 15:09:54.0437 3936 NetDDE - ok 15:09:54.0453 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 15:09:54.0453 3936 NetDDEdsdm - ok 15:09:54.0500 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 15:09:54.0500 3936 Netlogon - ok 15:09:54.0546 3936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 15:09:54.0562 3936 Netman - ok 15:09:54.0593 3936 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:09:54.0593 3936 NetTcpPortSharing - ok 15:09:54.0781 3936 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe 15:09:54.0859 3936 NIS - ok 15:09:55.0046 3936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 15:09:55.0093 3936 Nla - ok 15:09:55.0171 3936 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys 15:09:55.0171 3936 nmwcd - ok 15:09:55.0203 3936 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys 15:09:55.0203 3936 nmwcdc - ok 15:09:55.0250 3936 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys 15:09:55.0250 3936 nmwcdnsu - ok 15:09:55.0281 3936 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 15:09:55.0296 3936 nmwcdnsuc - ok 15:09:55.0328 3936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 15:09:55.0328 3936 Npfs - ok 15:09:55.0375 3936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 15:09:55.0406 3936 Ntfs - ok 15:09:55.0437 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 15:09:55.0437 3936 NtLmSsp - ok 15:09:55.0500 3936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 15:09:55.0515 3936 NtmsSvc - ok 15:09:55.0562 3936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 15:09:55.0578 3936 Null - ok 15:09:55.0609 3936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:09:55.0625 3936 NwlnkFlt - ok 15:09:55.0625 3936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:09:55.0625 3936 NwlnkFwd - ok 15:09:55.0687 3936 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 15:09:55.0703 3936 OMCI - ok 15:09:55.0750 3936 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:09:55.0765 3936 ose - ok 15:09:55.0812 3936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 15:09:55.0812 3936 Parport - ok 15:09:55.0843 3936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 15:09:55.0859 3936 PartMgr - ok 15:09:55.0906 3936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 15:09:55.0921 3936 ParVdm - ok 15:09:55.0968 3936 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 15:09:55.0968 3936 pccsmcfd - ok 15:09:56.0000 3936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 15:09:56.0000 3936 PCI - ok 15:09:56.0015 3936 PCIDump - ok 15:09:56.0046 3936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 15:09:56.0062 3936 PCIIde - ok 15:09:56.0109 3936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 15:09:56.0109 3936 Pcmcia - ok 15:09:56.0125 3936 perc2 - ok 15:09:56.0125 3936 perc2hib - ok 15:09:56.0171 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 15:09:56.0187 3936 PlugPlay - ok 15:09:56.0234 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 15:09:56.0234 3936 PolicyAgent - ok 15:09:56.0250 3936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:09:56.0250 3936 PptpMiniport - ok 15:09:56.0265 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 15:09:56.0265 3936 ProtectedStorage - ok 15:09:56.0281 3936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 15:09:56.0281 3936 PSched - ok 15:09:56.0296 3936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:09:56.0296 3936 Ptilink - ok 15:09:56.0343 3936 [ 0C8DA0A8B0D227319C285E0EAE65DEFD ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 15:09:56.0343 3936 PxHelp20 - ok 15:09:56.0359 3936 ql1080 - ok 15:09:56.0375 3936 Ql10wnt - ok 15:09:56.0375 3936 ql12160 - ok 15:09:56.0390 3936 ql1240 - ok 15:09:56.0406 3936 ql1280 - ok 15:09:56.0421 3936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:09:56.0421 3936 RasAcd - ok 15:09:56.0468 3936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 15:09:56.0468 3936 RasAuto - ok 15:09:56.0500 3936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:09:56.0500 3936 Rasl2tp - ok 15:09:56.0546 3936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 15:09:56.0562 3936 RasMan - ok 15:09:56.0562 3936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:09:56.0578 3936 RasPppoe - ok 15:09:56.0578 3936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 15:09:56.0578 3936 Raspti - ok 15:09:56.0609 3936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:09:56.0609 3936 Rdbss - ok 15:09:56.0625 3936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:09:56.0625 3936 RDPCDD - ok 15:09:56.0687 3936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 15:09:56.0687 3936 RDPWD - ok 15:09:56.0750 3936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 15:09:56.0750 3936 RDSessMgr - ok 15:09:56.0781 3936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 15:09:56.0781 3936 redbook - ok 15:09:56.0828 3936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 15:09:56.0828 3936 RemoteAccess - ok 15:09:56.0890 3936 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 15:09:56.0890 3936 RFCOMM - ok 15:09:56.0937 3936 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys 15:09:56.0937 3936 RimUsb - ok 15:09:56.0968 3936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 15:09:56.0968 3936 RpcLocator - ok 15:09:57.0015 3936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 15:09:57.0015 3936 RpcSs - ok 15:09:57.0046 3936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 15:09:57.0062 3936 RSVP - ok 15:09:57.0156 3936 [ 5B3A5BC13614FFFA1BE65D434688ED3F ] RTL8192cu C:\WINDOWS\system32\DRIVERS\RTL8192cu.sys 15:09:57.0281 3936 RTL8192cu - ok 15:09:57.0296 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 15:09:57.0296 3936 SamSs - ok 15:09:57.0328 3936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 15:09:57.0343 3936 SCardSvr - ok 15:09:57.0390 3936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 15:09:57.0406 3936 Schedule - ok 15:09:57.0453 3936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:09:57.0453 3936 Secdrv - ok 15:09:57.0484 3936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 15:09:57.0484 3936 seclogon - ok 15:09:57.0546 3936 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys 15:09:57.0562 3936 senfilt - ok 15:09:57.0578 3936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 15:09:57.0578 3936 SENS - ok 15:09:57.0609 3936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 15:09:57.0609 3936 serenum - ok 15:09:57.0625 3936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 15:09:57.0625 3936 Serial - ok 15:09:57.0734 3936 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 15:09:57.0750 3936 ServiceLayer - ok 15:09:57.0812 3936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 15:09:57.0812 3936 Sfloppy - ok 15:09:57.0843 3936 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 15:09:57.0843 3936 SharedAccess - ok 15:09:57.0937 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 15:09:57.0937 3936 ShellHWDetection - ok 15:09:59.0046 3936 Simbad - ok 15:09:59.0062 3936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:09:59.0062 3936 SLIP - ok 15:09:59.0125 3936 [ 86C4D93B7B7818D066C52FDB03C6C921 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 15:09:59.0140 3936 smwdm - ok 15:09:59.0140 3936 Sparrow - ok 15:09:59.0156 3936 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys 15:09:59.0171 3936 speedfan - ok 15:09:59.0187 3936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 15:09:59.0187 3936 splitter - ok 15:09:59.0250 3936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 15:09:59.0250 3936 Spooler - ok 15:09:59.0281 3936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 15:09:59.0312 3936 sr - ok 15:09:59.0390 3936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 15:09:59.0406 3936 srservice - ok 15:09:59.0453 3936 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS 15:09:59.0468 3936 SRTSP - ok 15:09:59.0500 3936 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS 15:09:59.0515 3936 SRTSPX - ok 15:09:59.0578 3936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 15:09:59.0578 3936 Srv - ok 15:09:59.0625 3936 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys 15:09:59.0625 3936 sscdbhk5 - ok 15:09:59.0687 3936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 15:09:59.0687 3936 SSDPSRV - ok 15:09:59.0703 3936 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys 15:09:59.0703 3936 ssrtln - ok 15:09:59.0750 3936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 15:09:59.0765 3936 stisvc - ok 15:09:59.0796 3936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:09:59.0796 3936 streamip - ok 15:09:59.0843 3936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 15:09:59.0843 3936 swenum - ok 15:09:59.0890 3936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 15:09:59.0890 3936 swmidi - ok 15:09:59.0890 3936 SwPrv - ok 15:09:59.0906 3936 symc810 - ok 15:09:59.0921 3936 symc8xx - ok 15:09:59.0968 3936 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS 15:09:59.0968 3936 SymDS - ok 15:10:00.0187 3936 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS 15:10:00.0234 3936 SymEFA - ok 15:10:00.0281 3936 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 15:10:00.0296 3936 SymEvent - ok 15:10:00.0343 3936 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS 15:10:00.0343 3936 SymIRON - ok 15:10:00.0406 3936 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS 15:10:00.0406 3936 SYMTDI - ok 15:10:00.0421 3936 sym_hi - ok 15:10:00.0437 3936 sym_u3 - ok 15:10:00.0453 3936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 15:10:00.0453 3936 sysaudio - ok 15:10:00.0500 3936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 15:10:00.0500 3936 SysmonLog - ok 15:10:00.0531 3936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 15:10:00.0546 3936 TapiSrv - ok 15:10:00.0593 3936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:10:00.0609 3936 Tcpip - ok 15:10:00.0625 3936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 15:10:00.0640 3936 TDPIPE - ok 15:10:00.0640 3936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 15:10:00.0640 3936 TDTCP - ok 15:10:00.0671 3936 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 15:10:00.0671 3936 TermDD - ok 15:10:00.0718 3936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 15:10:00.0718 3936 TermService - ok 15:10:00.0781 3936 [ 1D265CD2FB1673A0873BF8CEC19DDC7F ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys 15:10:00.0781 3936 tfsnboio - ok 15:10:00.0796 3936 [ 62E4901295E0467CAC78E5B4B131AE5C ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys 15:10:00.0796 3936 tfsncofs - ok 15:10:00.0812 3936 [ A2F380F9252AB3464C859ADF91EEAD9C ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys 15:10:00.0812 3936 tfsndrct - ok 15:10:00.0828 3936 [ EEE79BBEFE9C6A2A3CE6C8753CFEA950 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys 15:10:00.0828 3936 tfsndres - ok 15:10:00.0843 3936 [ 9D644EB11FEC9487450C4CFCD63A5DF4 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys 15:10:00.0843 3936 tfsnifs - ok 15:10:00.0859 3936 [ E656AF05C67EDB7C0E9230A5DF71ED1B ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys 15:10:00.0859 3936 tfsnopio - ok 15:10:00.0859 3936 [ 64FCCB9CCE703CA507DFFC3CEBF6B2CB ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys 15:10:00.0859 3936 tfsnpool - ok 15:10:00.0875 3936 [ 48BC9D8AB4E4B9BFF70FB18E55CEC3D6 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys 15:10:00.0875 3936 tfsnudf - ok 15:10:00.0890 3936 [ 79F60822224256B49BFC855DA8D651D5 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys 15:10:00.0890 3936 tfsnudfa - ok 15:10:00.0921 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 15:10:00.0921 3936 Themes - ok 15:10:00.0937 3936 TosIde - ok 15:10:00.0984 3936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 15:10:00.0984 3936 TrkWks - ok 15:10:01.0015 3936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 15:10:01.0015 3936 Udfs - ok 15:10:01.0031 3936 ultra - ok 15:10:01.0062 3936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 15:10:01.0078 3936 Update - ok 15:10:01.0125 3936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 15:10:01.0140 3936 upnphost - ok 15:10:01.0156 3936 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 15:10:01.0171 3936 upperdev - ok 15:10:01.0203 3936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 15:10:01.0203 3936 UPS - ok 15:10:01.0250 3936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 15:10:01.0250 3936 usbaudio - ok 15:10:01.0281 3936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:10:01.0281 3936 usbccgp - ok 15:10:01.0328 3936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:10:01.0328 3936 usbehci - ok 15:10:01.0343 3936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:10:01.0359 3936 usbhub - ok 15:10:01.0359 3936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:10:01.0359 3936 usbprint - ok 15:10:01.0375 3936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 15:10:01.0390 3936 usbscan - ok 15:10:01.0453 3936 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys 15:10:01.0453 3936 usbser - ok 15:10:01.0468 3936 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 15:10:01.0468 3936 UsbserFilt - ok 15:10:01.0500 3936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:10:01.0500 3936 USBSTOR - ok 15:10:01.0515 3936 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:10:01.0531 3936 usbuhci - ok 15:10:01.0578 3936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 15:10:01.0578 3936 VgaSave - ok 15:10:01.0593 3936 ViaIde - ok 15:10:01.0625 3936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 15:10:01.0625 3936 VolSnap - ok 15:10:01.0703 3936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 15:10:01.0703 3936 VSS - ok 15:10:01.0796 3936 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 15:10:01.0828 3936 vToolbarUpdater12.2.6 - ok 15:10:01.0859 3936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 15:10:01.0875 3936 W32Time - ok 15:10:01.0937 3936 [ 5E8B60606FC4173B69CDECD964F22D28 ] w810bus C:\WINDOWS\system32\DRIVERS\w810bus.sys 15:10:01.0937 3936 w810bus - ok 15:10:01.0953 3936 [ C0CC4F5A3C58B4C07EC4A82A5AE24714 ] w810mdfl C:\WINDOWS\system32\DRIVERS\w810mdfl.sys 15:10:01.0953 3936 w810mdfl - ok 15:10:01.0968 3936 [ 2AAFEEDC3BFE14419CBCE7CEEA59DD05 ] w810mdm C:\WINDOWS\system32\DRIVERS\w810mdm.sys 15:10:02.0015 3936 w810mdm - ok 15:10:02.0031 3936 [ B0037DB3F890D0FFCF7E35F356A435EC ] w810mgmt C:\WINDOWS\system32\DRIVERS\w810mgmt.sys 15:10:02.0031 3936 w810mgmt - ok 15:10:02.0046 3936 [ BF609636068F17246F94B490C5812483 ] w810obex C:\WINDOWS\system32\DRIVERS\w810obex.sys 15:10:02.0046 3936 w810obex - ok 15:10:02.0078 3936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:10:02.0078 3936 Wanarp - ok 15:10:02.0140 3936 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 15:10:02.0140 3936 Wdf01000 - ok 15:10:02.0218 3936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 15:10:02.0250 3936 wdmaud - ok 15:10:02.0296 3936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 15:10:02.0296 3936 WebClient - ok 15:10:02.0390 3936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 15:10:02.0406 3936 winmgmt - ok 15:10:02.0453 3936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 15:10:02.0453 3936 WmdmPmSN - ok 15:10:02.0531 3936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:10:02.0531 3936 WmiApSrv - ok 15:10:02.0609 3936 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 15:10:02.0640 3936 WMPNetworkSvc - ok 15:10:02.0671 3936 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 15:10:02.0671 3936 WpdUsb - ok 15:10:02.0734 3936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:10:02.0750 3936 WS2IFSL - ok 15:10:02.0812 3936 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 15:10:02.0812 3936 wscsvc - ok 15:10:02.0828 3936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:10:02.0843 3936 WSTCODEC - ok 15:10:02.0859 3936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 15:10:02.0859 3936 wuauserv - ok 15:10:02.0875 3936 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:10:02.0890 3936 WudfPf - ok 15:10:02.0890 3936 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:10:02.0890 3936 WudfRd - ok 15:10:02.0921 3936 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 15:10:02.0921 3936 WudfSvc - ok 15:10:02.0968 3936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 15:10:02.0984 3936 WZCSVC - ok 15:10:03.0031 3936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 15:10:03.0062 3936 xmlprov - ok 15:10:03.0093 3936 ================ Scan global =============================== 15:10:03.0125 3936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 15:10:03.0156 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 15:10:03.0187 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 15:10:03.0203 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 15:10:03.0218 3936 [Global] - ok 15:10:03.0218 3936 ================ Scan MBR ================================== 15:10:03.0234 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 15:10:03.0453 3936 \Device\Harddisk0\DR0 - ok 15:10:03.0453 3936 ================ Scan VBR ================================== 15:10:03.0453 3936 [ 60960144D8D0657DD9C0C87BCF0ED4EE ] \Device\Harddisk0\DR0\Partition1 15:10:03.0453 3936 \Device\Harddisk0\DR0\Partition1 - ok 15:10:03.0468 3936 ============================================================ 15:10:03.0468 3936 Scan finished 15:10:03.0468 3936 ============================================================ 15:10:03.0484 1604 Detected object count: 0 15:10:03.0484 1604 Actual detected object count: 0 15:11:05.0984 1200 Deinitialize success Cheers Trazza

I tried internet explorer today and not only do i get the same high cpu usage error it was extremely slow. On the games which are against the clock I had absolutely no chance as the games kept stalling. Trazza

Have uninstalled flash and reinstalled it via adobe.com and the only plugin I have enabled on firefox is shockwave flash 11.4.402.287 and yet this afternoon whilst playing my facebook games I got the high cpu warning again. I am wondering if it is maybe because I am playing games because it rarely gives a warning on other things although it has happened a time or two whilst I have been viewing ebay. Don't want to stop playing the games but if you think it will harm something on my computer then I suppose I will have to. Thanks once again for the time you are spending trying to sort this out for me. Trazza

Disabled all the plugins but then could not get my games to load from facebook and it's whilst i'm playing games that I get the high cpu warning so I turned some back on and will have to try them one by one.

I found the file in system 32 and deleted it. What was it? I will disable all the firefox plugins and run the computer tomorrow and get back to you. Thanks Trazza

Scratch that last reply, it's started again will continue to go through them one by one. When something seems too good to be true it usually is lol

Have been disabling and enabling the plugins on firefox and I think it may be the Adobe Acrobat 10.1.4.38 as since i disabled it the cpu issue seems to have gone, however I am now getting a noise from the speakers something like an interference of a mobile phone just before it starts to ring.

Sorry but I have'nt a clue what you mean. How do I navigate to C:\WINDOWS\System32\ and when you say launch computer do you mean start it? I really am PC Illiterate as it says in my profile. The second step you mention sounds a little easier but only a little. Once again thanks for your time Trazza

Hi etavares sorry was away Saturday but am back now. You mention that you don't see any malicious FF plugin and that I may want to uninstall/reinstall the offending one. How would I do this? When I tried the computer earlier this morning again the box with high cpu usage appeared and I went to the Task Manager and everything was low apart from firefox which was 29 and plugin which was 79. I have done the reports you asked for but not sure if I've done it right as the fix was instant maybe 2 seconds then the otl scan log seemed to hang on firefox for a few mins before it then whizzed through the rest of the scan anyway here goes This is the report after the fix ========== OTL ========== File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g not found. File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g not found. OTL by OldTimer - Version 3.2.70.1 log created on 10072012_084721 And here is the new otl scan report OTL logfile created on: 07/10/2012 08:48:58 - Run 3 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 430.89 Mb Available Physical Memory | 42.16% Memory free 2.40 Gb Paging File | 1.91 Gb Available in Paging File | 79.49% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 119.30 Gb Free Space | 80.04% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia) PRC - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo0000e956.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121006.007\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121006.007\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121005.002\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=hp IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/17 11:07:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/10/06 07:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 10:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/08/29 15:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:42:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:42:20 | 000,000,000 | ---D | M] [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/09/24 09:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\playbryte@playbryte.com [2012/04/30 18:17:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\plugin@yontoo.com [2012/01/19 17:39:07 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012/04/30 18:15:55 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\askcom.xml [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\Search_Results.xml [2012/04/30 18:16:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\sweetim.xml [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/07 19:42:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2012/06/08 10:24:50 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 15:01:20 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 01:21:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/31 01:21:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/04/26 22:12:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [] File not found O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F8D923-5ECA-4D42-A4D3-0A72B7E74F10}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\830\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/05 19:55:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/05 19:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/10/05 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia [2012/10/05 11:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012/10/05 11:33:19 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012/10/05 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012/10/05 11:29:00 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2012/10/05 11:28:41 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2012/10/05 11:28:04 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012/10/05 11:27:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012/10/05 11:27:24 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2012/10/05 11:26:52 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2012/10/05 11:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Nokia Suite [2012/09/25 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\New Folder [2012/09/23 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/23 21:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2012/09/23 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2012/09/23 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\NCH Software [2012/09/23 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2012/09/23 19:38:22 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012/09/23 19:38:22 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012/09/23 19:38:22 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012/09/23 19:38:22 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012/09/23 19:38:22 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012/09/23 19:38:22 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012/09/23 19:38:22 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012/09/23 19:38:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012/09/23 19:38:22 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2012/09/23 19:38:22 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2012/09/23 19:38:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2012/09/23 19:38:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2012/09/23 19:38:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2012/09/23 19:38:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll [2012/09/23 19:38:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2012/09/23 19:38:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL [2012/09/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012/09/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Thunderbird [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2012/09/07 19:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2012/09/07 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012/10/07 08:45:16 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/10/07 08:33:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/07 08:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/10/07 08:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/07 07:33:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/06 20:22:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/10/06 08:12:01 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/10/06 07:59:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/06 07:57:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/10/06 07:57:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/05 19:37:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/10/05 19:29:20 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/10/05 11:33:23 | 000,750,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB [2012/10/03 10:42:51 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121002.018 [2012/10/03 08:18:37 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/09/30 20:29:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 19:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2012/09/21 18:03:20 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/21 18:03:20 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/21 18:03:16 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/09/12 21:27:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/10/05 19:37:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/09/30 20:29:29 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:30 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/23 21:16:41 | 000,043,425 | ---- | C] () -- C:\Documents [2012/09/23 19:38:22 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012/09/23 19:32:34 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2012/09/23 19:31:46 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/08/31 13:53:06 | 000,103,272 | ---- | C] () -- C:\Documents and Settings\USER\GoToAssistDownloadHelper.exe [2012/07/30 16:29:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009/11/06 14:18:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2009/08/24 15:42:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Launch Internet Explorer Browser.lnk [2007/10/09 20:50:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat [2006/12/01 14:38:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/30 11:15:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > Thanks for your time Trazza

This is the new otl report. Thanks KenB what etavares said now makes sense I will run my computer for a bit and get back to you with it's performance. The cpu was something to do with a plugin by firefox OTL Report:- OTL logfile created on: 05/10/2012 20:31:51 - Run 2 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 516.65 Mb Available Physical Memory | 50.55% Memory free 2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.28% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 119.37 Gb Free Space | 80.09% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia) PRC - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo0000901a.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () MOD - C:\Program Files\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Program Files\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Program Files\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\WINDOWS\system32\quartz.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121005.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121005.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121004.001\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=hp IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2000478354-261903793-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/17 11:07:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/10/05 20:22:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 10:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/08/29 15:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:42:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:42:20 | 000,000,000 | ---D | M] [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/09/24 09:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\playbryte@playbryte.com [2012/04/30 18:17:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\plugin@yontoo.com [2012/01/19 17:39:07 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012/04/30 18:15:55 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\askcom.xml [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\Search_Results.xml [2012/04/30 18:16:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\sweetim.xml [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/07 19:42:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2012/06/08 10:24:50 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 15:01:20 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 01:21:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/08/31 01:21:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/04/26 22:12:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [] File not found O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2000478354-261903793-725345543-1004..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-261903793-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F8D923-5ECA-4D42-A4D3-0A72B7E74F10}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\830\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/10/05 19:55:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012/10/05 19:39:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/10/05 11:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia [2012/10/05 11:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012/10/05 11:33:19 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012/10/05 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012/10/05 11:29:00 | 000,008,576 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2012/10/05 11:28:41 | 000,137,600 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2012/10/05 11:28:04 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2012/10/05 11:27:45 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2012/10/05 11:27:24 | 000,023,168 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2012/10/05 11:26:52 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2012/10/05 11:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\Nokia Suite [2012/09/25 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\New Folder [2012/09/23 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/23 21:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2012/09/23 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2012/09/23 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\NCH Software [2012/09/23 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2012/09/23 19:38:22 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012/09/23 19:38:22 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012/09/23 19:38:22 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012/09/23 19:38:22 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012/09/23 19:38:22 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012/09/23 19:38:22 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012/09/23 19:38:22 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012/09/23 19:38:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012/09/23 19:38:22 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2012/09/23 19:38:22 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2012/09/23 19:38:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2012/09/23 19:38:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2012/09/23 19:38:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2012/09/23 19:38:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll [2012/09/23 19:38:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2012/09/23 19:38:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL [2012/09/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012/09/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Thunderbird [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2012/09/07 19:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2012/09/07 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/06 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/09/06 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/09/06 11:14:26 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/09/06 11:14:17 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:13:05 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012/10/05 20:41:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/10/05 20:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/05 20:23:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/05 20:21:44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/10/05 20:21:44 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/10/05 20:21:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/05 20:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/05 20:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/10/05 20:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/05 19:37:55 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/10/05 19:37:37 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\NTREGOPT.lnk [2012/10/05 19:37:37 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\ERUNT.lnk [2012/10/05 19:29:20 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/10/05 11:39:26 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2012/10/05 11:33:23 | 000,750,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB [2012/10/03 10:42:51 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121002.018 [2012/10/03 08:18:37 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/09/30 20:29:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:31 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/30 19:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2012/09/21 18:03:20 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/21 18:03:20 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/21 18:03:16 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/09/12 21:27:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/09/06 11:12:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:21 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/09/06 11:12:21 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/09/06 11:12:21 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:12:21 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2012/10/05 19:37:55 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2012/10/05 19:37:37 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\NTREGOPT.lnk [2012/10/05 19:37:37 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\ERUNT.lnk [2012/10/05 11:39:23 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Suite.lnk [2012/09/30 20:29:29 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:30 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/23 21:16:41 | 000,043,425 | ---- | C] () -- C:\Documents [2012/09/23 19:38:22 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012/09/23 19:32:34 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2012/09/23 19:31:46 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/08/31 13:53:06 | 000,103,272 | ---- | C] () -- C:\Documents and Settings\USER\GoToAssistDownloadHelper.exe [2012/07/30 16:29:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009/11/06 14:18:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2009/08/24 15:42:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Launch Internet Explorer Browser.lnk [2007/10/09 20:50:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat [2006/12/01 14:38:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/30 11:15:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report >

This is the OTL fix log ========== OTL ========== Service RPSKT stopped successfully! Service RPSKT deleted successfully! File system32\DRIVERS\rp_skt32.sys File not found not found. Service PID_08A0 stopped successfully! Service PID_08A0 deleted successfully! File File not found not found. Service MRESP50 stopped successfully! Service MRESP50 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service MREMP50 stopped successfully! Service MREMP50 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search Results" removed from browser.search.defaultenginename Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "Search Results" removed from browser.search.selectedEngine Folder C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\ext ensions\playbryte@playbryte.com\ not found. File C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\sea rchplugins\askcom.xml not found. File C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\sea rchplugins\Search_Results.xml not found. C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ deleted successfully. C:\Program Files\DealPly\DealPlyIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b278d9f8-0fa9-465e-9938-0c392605d8e3}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ErrorTeck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found. File C:\Program Files\Ask.com\Updater\Updater.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully. ========== FILES ========== File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found. C:\sqmdata01.sqm moved successfully. C:\sqmdata02.sqm moved successfully. C:\sqmdata03.sqm moved successfully. C:\sqmdata04.sqm moved successfully. C:\sqmdata05.sqm moved successfully. C:\sqmdata06.sqm moved successfully. C:\sqmdata07.sqm moved successfully. C:\sqmdata08.sqm moved successfully. C:\sqmdata09.sqm moved successfully. C:\sqmdata10.sqm moved successfully. C:\sqmdata11.sqm moved successfully. C:\sqmdata12.sqm moved successfully. C:\sqmdata13.sqm moved successfully. C:\sqmdata14.sqm moved successfully. C:\sqmdata15.sqm moved successfully. C:\sqmdata16.sqm moved successfully. C:\sqmdata17.sqm moved successfully. C:\sqmdata18.sqm moved successfully. C:\sqmdata19.sqm moved successfully. C:\sqmnoopt00.sqm moved successfully. C:\sqmnoopt01.sqm moved successfully. C:\sqmnoopt02.sqm moved successfully. C:\sqmnoopt03.sqm moved successfully. C:\sqmnoopt04.sqm moved successfully. C:\sqmnoopt05.sqm moved successfully. C:\sqmnoopt06.sqm moved successfully. C:\sqmnoopt07.sqm moved successfully. C:\sqmnoopt08.sqm moved successfully. C:\sqmnoopt09.sqm moved successfully. C:\sqmnoopt10.sqm moved successfully. C:\sqmnoopt11.sqm moved successfully. C:\sqmnoopt12.sqm moved successfully. C:\sqmnoopt13.sqm moved successfully. C:\sqmnoopt14.sqm moved successfully. C:\sqmnoopt15.sqm moved successfully. C:\sqmnoopt16.sqm moved successfully. C:\sqmnoopt17.sqm moved successfully. C:\sqmnoopt18.sqm moved successfully. C:\sqmnoopt19.sqm moved successfully. OTL by OldTimer - Version 3.2.70.1 log created on 10052012_195520 I will do the OTL scan now and post it a little later. Thanks trazza

Hello etavares and thanks for your time Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place. I will only do as you ask me to Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times. Sorry I dont know what you mean. Whilst I wait for your reply I will be getting on with list of things to do. Thanks very much Trazza

Someone, anyone?