Trazza

Members

View Profile See their activity

Posts
158
Joined
April 8, 2009
Last visited
October 20, 2015

Content Type

All Activity

Profiles

Forums

Topics
Posts

Blogs

Events

Resources

Videos

Link Directory

Downloads

Everything posted by Trazza

Prev
1
2
3
4
5
6
7
Next
Page 3 of 7

Slow sometimes unresponsive desktop.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Here is the extras log. OTL Extras logfile created on: 04/10/2012 12:36:38 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 579.71 Mb Available Physical Memory | 56.72% Memory free 2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 120.47 Gb Free Space | 80.83% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}" = Belkin N300 Micro USB Wireless Adapter "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "AVG Secure Search" = AVG Security Toolbar "BTHomeHub" = BTHomeHub "DealPly" = DealPly "DebugMode Wink" = DebugMode Wink "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "GoToAssist" = GoToAssist Corporate "Hardware Helper_is1" = Hardware Helper "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Logitech Print Service" = Logitech Print Service "Logitech Resource Center" = Logitech Resource Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MWASPINT" = MicroStaff WINASPI NT "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "QuickTime" = QuickTime "RealPlayer 15.0" = RealPlayer "SpeedFan" = SpeedFan (remove only) "Switch" = Switch Sound File Converter "WavePad" = WavePad Sound Editor "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/07/2012 13:38:22 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 06:18:42 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 06:55:13 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 07:01:45 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 07:02:26 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket 736169863. Error - 12/07/2012 08:15:10 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 08:17:11 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/07/2012 08:17:24 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/07/2012 16:19:05 | Computer Name = ANY-6C5E521BE98 | Source = Application Error | ID = 1000 Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module appwiz.cpl, version 5.1.2600.5512, fault address 0x0000c6c2. Error - 30/09/2012 12:13:02 | Computer Name = ANY-6C5E521BE98 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established [ System Events ] Error - 04/10/2012 03:57:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 04/10/2012 03:57:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 04/10/2012 03:59:07 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 04/10/2012 05:51:27 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 04/10/2012 05:51:27 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 04/10/2012 05:52:59 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 04/10/2012 07:27:58 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 04/10/2012 07:27:58 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 04/10/2012 07:29:29 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 04/10/2012 07:29:29 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IntelIde < End of report >
- October 4, 2012
- 36 replies
Slow sometimes unresponsive desktop.

Trazza posted a topic in Tech Support & Discussions Forum

Hi can anyone help to see if I have malware or anything else that I should'nt have on my computer. I keep getting a message that I have high cpu usage whilst on the internet, mostly when i am playing facebook games. also the computer is running really slow when connected to the internet. I have included the scans that are recommended in the sticky by starbuck but will probably have to post them sereratly as memory serves me they are too big alltogether. Many thanks Trazza. Malwarebytes Anti-Malware 1.65.0.1400 http://www.malwarebytes.org Database version: v2012.10.04.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 USER :: ANY-6C5E521BE98 [administrator] 04/10/2012 11:11:05 mbam-log-2012-10-04 (11-11-05).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 274146 Time elapsed: 1 hour(s), 5 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte_playbryte (PUP.PlayBryte) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\ANEP9GMN\Installer.playbryte[1] (PUP.PlayBryte) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(2).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(3).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup(4).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\7zip_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\outlook express setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully. C:\Program Files\Playbryte\uninstall.exe (PUP.PlayBryte) -> Quarantined and deleted successfully. (end) OTL logfile created on: 04/10/2012 12:36:38 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 579.71 Mb Available Physical Memory | 56.72% Memory free 2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.33% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 120.47 Gb Free Space | 80.83% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () PRC - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo000094fc.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\BTStackServer.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll () MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\830\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vToolbarUpdater12.2.6) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe () SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (RPSKT) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) -- File not found DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121003.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20121003.032\NAVENG.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121003.001\IDSXpx86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys (Symantec Corporation) DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys () DRV - (RTL8192cu) -- C:\WINDOWS\system32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=410&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=hp IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=E0E5DFB8-92ED-4D41-8713-7D0E3EF9268D&apn_sauid=81E0B527-26AD-4199-81FB-804D1AD468FC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte/search/redirect/?type=default&user_id=4157fad3-eb4a-4ea8-b8d3-0189ced08577&query={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={D73199A1-9A1F-431F-8436-0A46A20537E6}&mid=e8fb23c8c6d647d085c4d1437c871809-6258c342c908fe82b87388a84914dc47fb70c43c&lang=en&ds=ft011&pr=sa&d=2012-07-18 12:29:14&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=410&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledAddons: DeviceDetection@logitech.com:1.24.0.9 FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=410&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012/05/17 11:07:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012/10/04 12:28:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/08 10:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32\ [2012/08/29 15:00:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:42:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:42:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:30:18 | 000,000,000 | ---D | M] [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/09/24 09:00:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2012/04/30 18:17:26 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\playbryte@playbryte.com [2012/04/30 18:17:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\plugin@yontoo.com [2012/09/06 11:42:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\toolbar@ask.com [2012/01/19 17:39:07 | 000,003,793 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2012/04/30 18:15:55 | 000,172,310 | ---- | M] () (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012/09/06 11:42:27 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\askcom.xml [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\Search_Results.xml [2012/04/30 18:16:01 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\sweetim.xml [2012/09/24 09:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/09/07 19:42:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2012/06/08 10:24:50 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012/08/29 15:01:20 | 000,003,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/08/31 01:21:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/09/23 19:54:35 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012/08/31 01:21:49 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/04/26 22:12:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\USER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F8D923-5ECA-4D42-A4D3-0A72B7E74F10}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\830\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/25 13:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\My Documents\New Folder [2012/09/23 21:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/09/23 21:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2012/09/23 21:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software [2012/09/23 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\NCH Software [2012/09/23 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2012/09/23 19:38:22 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012/09/23 19:38:22 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012/09/23 19:38:22 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012/09/23 19:38:22 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012/09/23 19:38:22 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012/09/23 19:38:22 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012/09/23 19:38:22 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012/09/23 19:38:22 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012/09/23 19:38:22 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2012/09/23 19:38:22 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2012/09/23 19:38:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2012/09/23 19:38:22 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2012/09/23 19:38:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2012/09/23 19:38:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscc2fr.dll [2012/09/23 19:38:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2012/09/23 19:38:21 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTFR.DLL [2012/09/23 19:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter [2012/09/23 19:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Thunderbird [2012/09/11 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2012/09/07 19:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2012/09/07 19:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/06 11:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012/09/06 11:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\AskToolbar [2012/09/06 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/09/06 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/09/06 11:14:26 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/09/06 11:14:17 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:13:05 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:13:05 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012/10/04 12:42:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/10/04 12:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/10/04 12:35:40 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/10/04 12:33:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/10/04 12:30:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/10/04 12:28:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/10/04 12:27:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/10/04 12:27:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/10/04 12:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/10/04 12:03:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/10/04 11:09:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/10/03 10:52:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/10/03 10:42:51 | 000,009,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121002.018 [2012/10/03 08:18:37 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/10/03 08:18:26 | 000,750,392 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB [2012/09/30 20:29:29 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:31 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/30 19:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2012/09/21 18:03:20 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/09/21 18:03:20 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/09/21 18:03:16 | 010,213,296 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe [2012/09/12 21:27:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/09/06 11:12:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/09/06 11:12:21 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/09/06 11:12:21 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/09/06 11:12:21 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/09/06 11:12:21 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/09/06 11:12:21 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl ========== Files Created - No Company Name ========== [2012/10/04 11:09:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/30 20:29:29 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WavePadReminder.job [2012/09/30 20:22:30 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\SwitchReminder.job [2012/09/23 21:16:41 | 000,043,425 | ---- | C] () -- C:\Documents [2012/09/23 19:38:22 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012/09/23 19:32:34 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\WavePad Sound Editor.lnk [2012/09/23 19:31:46 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk [2012/09/06 11:42:20 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/08/31 13:53:06 | 000,103,272 | ---- | C] () -- C:\Documents and Settings\USER\GoToAssistDownloadHelper.exe [2012/07/30 16:29:04 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2009/11/06 14:18:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\prvlcl.dat [2009/08/24 15:42:45 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\Launch Internet Explorer Browser.lnk [2007/10/09 20:50:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat [2006/12/01 14:38:29 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/30 11:15:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/09/06 11:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/08/29 15:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012/09/23 21:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2010/09/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/07/18 12:28:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/02/23 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager [2010/09/17 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/08/29 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2012/02/23 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper [2010/09/17 13:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/09/25 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2008/11/03 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/02 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2011/09/26 11:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/12/20 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011/12/20 15:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011/12/20 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/09/26 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2012/04/30 18:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2008/05/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2011/08/29 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband [2012/07/18 12:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\AVG Secure Search [2011/10/16 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2012/07/18 12:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BlueSprig [2010/09/20 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CheckPoint [2012/09/23 21:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft [2011/08/30 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ElevatedDiagnostics [2012/07/13 19:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\EPSON [2012/09/07 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ErrorTeck [2006/11/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FotoWire [2012/09/23 21:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FreeAudioPack [2006/11/30 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FUJIFILM [2012/07/18 12:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\IObit [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iolo [2006/11/30 22:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2006/11/30 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MSNInstaller [2011/12/20 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia [2011/12/20 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia Suite [2009/11/23 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ntr [2012/07/29 12:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Oracle [2011/12/20 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Pop mail bits [2012/07/30 16:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\SystemRequirementsLab [2007/01/19 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Teleca [2012/09/11 21:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Thunderbird [2011/12/29 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Virgin Broadband ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: ST3160811AS Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Interface type: USB Media Type: Model: Generic USB SD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: Generic USB CF Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: Generic USB SM Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE4 - Interface type: USB Media Type: Model: Generic USB MS Reader USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 149.00GB Starting Offset: 32256 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/08/30 18:37:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/03/03 16:49:01 | 000,000,504 | ---- | M] () -- C:\dlbt.log [2012/09/23 21:16:51 | 000,043,425 | ---- | M] () -- C:\Documents [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/27 20:43:25 | 000,000,171 | ---- | M] () -- C:\itouch.log [2006/11/30 22:55:28 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log [2007/03/17 13:46:07 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/20 17:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/10/04 12:27:50 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document 1.txt [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document.txt [2007/09/11 11:53:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmdata01.sqm [2007/12/13 22:28:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2007/12/31 18:24:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/02/03 13:32:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/03/08 19:50:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/06/07 11:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/06/23 22:28:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/06/23 22:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/06/29 23:17:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/08/01 14:35:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/08/16 17:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/10/09 11:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/10/09 11:12:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/22 15:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/22 15:34:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/22 15:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/23 16:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2007/09/09 22:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2007/09/11 11:29:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007/12/13 22:28:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2007/12/31 18:24:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/02/03 13:32:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/03/08 19:50:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/06/07 11:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/06/23 22:28:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/06/23 22:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/06/29 23:17:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/08/01 14:35:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/08/16 17:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/10/09 11:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/10/09 11:12:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/22 15:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/22 15:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/22 15:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/23 16:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2007/09/09 22:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2007/09/11 11:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2007/09/11 11:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/29 17:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/11/29 17:20:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/11/29 17:20:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/26 07:40:35 | 000,634,504 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 19:42:38 | 000,883,896 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 19:42:53 | 000,917,984 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/27 12:42:19 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/26 07:40:35 | 000,634,504 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report >
- October 4, 2012
- 36 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Thanks JB that link worked a treat I think it has stopped running now because it says end of detection. This is what was printed in the window. If it is not what you need please tell me what to do as I have kept speedfan on my desktop. Thanks Trazza Win9x:NO 64Bit:NO GiveIO:YES SpeedFan:YES I/O properly initialized Linked ISA BUS at $0290 Linked Intel 82801FB ICH6 SMBUS at $E8A0 Scanning ISA BUS at $0290... Scanning Intel SMBus at $E8A0... Found ST3160811AS on AdvSMART End of detection
- May 14, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Nev I have tried to post a screen shot but your site says there is too much info so won't let me. When i use the link it takes me to "optimum downloads" and then want's me to download things I don't want. when I use customize install it then downloaded "wamjam" or something I can see nothing at all about speedfan. HELP
- May 14, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

I have uninstalled all the sweetPC things but still cannot find speedfan. I went back to your post JB with the link but when it opens I can't find speedfan. Is there something i'm not seeing. I feel really inadequate now. Is there anything else I can try? Cheers Trazza
- May 14, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Could someone please let Jelly Bean Know that I have done what she asked and am waiting to see if she can help with the sppedfan issues. Thanks Trazza
- May 9, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Hubby has done the clean-up thing and everything is reconnected. On first start-up screen turned blank but only once. Still cannot get speedfan to auto run so don't have any readings to report. Is there anything else you can suggest I do? Thanks Trazza
- May 7, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

are you there Jelly Bean? Can you help me with speedfan issues?
- May 1, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Hubby away till weekend but will ask him to do as you say when he returns. I have downloaded speedfan but what do i do with it now. It didn't automatically start and seemed to come with loads more stuff that I didn't want. the only difference with my PC is now I have something called sweetPCfix on my desktop. Is this anything to do with speedfan?
- April 30, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Wow Jelly Bean your really scaring me now "open up your computer" the only time it has been opened was when hubby put a new battery in it (he doesn't let me near a screwdriver) My computer is a Dell Dimension 8400 Sorry what are my power settings Where will I find hibernation and sleep mode Actually found Device manager but could not see a graphics card driver to update Really I am very sorry but you will have your work cut out with me I am a coward when it come to computers, and it has still to happen again (the monitor I mean) maybe all that stuff Starbuck sorted out really did work. Thanks for trying to help me I do appreciate it. Trazza
- April 28, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum
- April 28, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Thanks starbuck I have cleaned everything up and have only the new restore point left on the PC. I will wait to see if monitor goes black again and report my findings to Jelly Bean. Once again thank you Trazza
- April 27, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

I am still waiting for the screen to go again. It generally only happens on firs start up and then only if the PC has been left idle for a hour or two. I will finish the clear up then leave it for a while and if the PC will cooperate.
- April 27, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

No jelly bean this is a desktop
- April 27, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Yes the monitor is still playing up. I seem to remember that I had this problem a few years ago but for the life in me I can't remember how I fixed it or even if I asked you all for help with it (it's an age thing I think). Thanks Trazza
- April 27, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Did the ESET scan took 2 hours but no infections found also no list to find. went to C:\Program Files\ESET\ESET Online Scanner\log.txt but no list there either. Have I done something wrong? Could not save it to desktop and on finishing it uninstalled itself. Thanks Trazza
- April 27, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Hi starbuck Here is the OTL results but not the other you asked for. Could you please advise as to switching off my Norton as I don't think I've ever done it before. All processes killed ========== OTL ========== Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Error: No service named RPSKT) Security Services Driver (x86 was found to stop! Service\Driver key RPSKT) Security Services Driver (x86 not found. File system32\DRIVERS\rp_skt32.sys File not found not found. Error: No service named PID_08A0) Logitech QuickCam IM(PID_08A0 was found to stop! Service\Driver key PID_08A0) Logitech QuickCam IM(PID_08A0 not found. File File not found not found. Service pepifilter stopped successfully! Service pepifilter deleted successfully! File File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service LVUSBSta stopped successfully! Service LVUSBSta deleted successfully! File File not found not found. Service LVPr2Mon stopped successfully! Service LVPr2Mon deleted successfully! File File not found not found. Service LVcKap stopped successfully! Service LVcKap deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! File File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe deleted successfully. C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully. Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. File F:\laucher.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. File F:\laucher.exe not found. C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Face mode chic admin folder moved successfully. C:\WINDOWS\Tasks\avast! Antivirus.job moved successfully. C:\WINDOWS\Tasks\B437FEC6918469DA.job moved successfully. File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g not found. File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g not found. ========== FILES ========== C:\Program Files\AVG\AVG9 folder moved successfully. C:\Program Files\AVG\AVG8\log folder moved successfully. C:\Program Files\AVG\AVG8 folder moved successfully. C:\Program Files\AVG folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\USER\My Documents\Downloads\cmd.bat deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: LocalService ->Temp folder emptied: 2048072 bytes ->Temporary Internet Files folder emptied: 26505215 bytes User: NetworkService ->Temp folder emptied: 1988440 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: USER ->Temp folder emptied: 959851308 bytes ->Temporary Internet Files folder emptied: 80139644 bytes ->FireFox cache emptied: 65105272 bytes ->Google Chrome cache emptied: 473814767 bytes ->Flash cache emptied: 15232428 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 73233 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 93543199 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 188028136 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 663861139 bytes Total Files Cleaned = 2,453.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.1 log created on 04262012_220814 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_11c.dat not found! Registry entries deleted on Reboot... Thanks Trazza
- April 26, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

OTL logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo000090b6.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe (Symantec Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (RPSKT) Security Services Driver (x86) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- File not found DRV - (pepifilter) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUSBSta) -- File not found DRV - (LVPr2Mon) -- File not found DRV - (LVcKap) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120425.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVENG.SYS (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symtdi.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\ironx86.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 13:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_7_5 [2012/04/26 16:40:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/19 09:52:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 23:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:30:18 | 000,000,000 | ---D | M] [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/04/26 16:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2011/05/15 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XE8NKD85.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/04/25 23:37:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2011/09/30 11:41:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 08:47:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: BT Broadband Support Tools (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2007/03/16 18:19:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F532D20C-DCA3-4A06-9719-FD84C16FDCE4}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Unable to start System Restore Service. Error code 1056 ========== Files/Folders - Created Within 30 Days ========== [2012/04/26 15:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes [2012/04/26 15:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/26 15:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/04/26 15:10:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/26 15:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/25 23:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/25 23:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/17 16:19:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\B437FEC6918469DA.job [2012/04/26 16:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/26 16:40:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/26 16:40:48 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/04/26 16:40:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/26 16:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/26 16:23:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 16:03:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/04/26 15:10:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\avast! Antivirus.job [2012/04/23 08:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/21 12:34:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/04/17 16:19:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/17 16:19:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/11 19:10:55 | 000,469,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 19:10:55 | 000,081,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/11 18:59:30 | 000,788,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\Cat.DB [2012/04/11 18:58:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/04 07:42:52 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/03/28 01:40:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\isolate.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/26 15:10:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/17 16:19:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2010/07/29 17:41:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/07/29 17:41:07 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini ========== LOP Check ========== [2011/01/29 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/11/29 10:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/09/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/02/23 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager [2010/09/17 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/08/29 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Face mode chic admin [2012/02/23 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper [2010/09/17 13:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/09/25 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2008/11/03 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/02 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2011/09/26 11:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/12/20 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011/12/20 15:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011/12/20 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/09/26 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/05/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2011/08/29 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband [2011/10/16 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/09/20 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CheckPoint [2011/08/30 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ElevatedDiagnostics [2008/03/03 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\EPSON [2006/11/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FotoWire [2006/11/30 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FUJIFILM [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iolo [2006/11/30 22:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2006/11/30 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MSNInstaller [2011/12/20 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia [2011/12/20 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia Suite [2009/11/23 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ntr [2011/12/20 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Pop mail bits [2007/01/19 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Teleca [2011/12/29 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Virgin Broadband [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\avast! Antivirus.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\B437FEC6918469DA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/08/30 18:37:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/03/03 16:49:01 | 000,000,504 | ---- | M] () -- C:\dlbt.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/27 20:43:25 | 000,000,171 | ---- | M] () -- C:\itouch.log [2006/11/30 22:55:28 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log [2007/03/17 13:46:07 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/20 17:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/04/26 16:40:35 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document 1.txt [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document.txt [2007/09/11 11:53:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmdata01.sqm [2007/12/13 22:28:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2007/12/31 18:24:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/02/03 13:32:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/03/08 19:50:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/06/07 11:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/06/23 22:28:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/06/23 22:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/06/29 23:17:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/08/01 14:35:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/08/16 17:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/10/09 11:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/10/09 11:12:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/22 15:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/22 15:34:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/22 15:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/23 16:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2007/09/09 22:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2007/09/11 11:29:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007/12/13 22:28:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2007/12/31 18:24:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/02/03 13:32:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/03/08 19:50:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/06/07 11:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/06/23 22:28:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/06/23 22:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/06/29 23:17:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/08/01 14:35:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/08/16 17:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/10/09 11:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/10/09 11:12:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/22 15:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/22 15:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/22 15:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/23 16:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2007/09/09 22:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2007/09/11 11:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2007/09/11 11:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/29 17:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/11/29 17:20:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/11/29 17:20:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > OTL Extras logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BT Broadband Desktop Help" = BT Broadband Desktop Help "BTHomeHub" = BTHomeHub "DebugMode Wink" = DebugMode Wink "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "GoToAssist" = GoToAssist Corporate "Hardware Helper_is1" = Hardware Helper "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Logitech Print Service" = Logitech Print Service "Logitech Resource Center" = Logitech Resource Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MWASPINT" = MicroStaff WINASPI NT "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "QuickTime" = QuickTime "RealPlayer 15.0" = RealPlayer "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/04/2012 04:57:20 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 07/04/2012 04:57:26 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/04/2012 06:04:49 | Computer Name = ANY-6C5E521BE98 | Source = .NET Runtime Optimization Service | ID = 1101 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe . Error code = 0x80131047 Error - 14/04/2012 05:25:03 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 14/04/2012 05:26:25 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:15 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:24 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. Error - 17/04/2012 11:11:28 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:52:59 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:54:07 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. [ System Events ] Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:07:50 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:15:08 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 11:42:25 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting.
- April 26, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

OTL logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo000090b6.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe (Symantec Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (RPSKT) Security Services Driver (x86) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- File not found DRV - (pepifilter) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUSBSta) -- File not found DRV - (LVPr2Mon) -- File not found DRV - (LVcKap) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120425.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVENG.SYS (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symtdi.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\ironx86.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 13:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_7_5 [2012/04/26 16:40:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/19 09:52:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 23:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:30:18 | 000,000,000 | ---D | M] [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/04/26 16:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2011/05/15 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XE8NKD85.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/04/25 23:37:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2011/09/30 11:41:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 08:47:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: BT Broadband Support Tools (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2007/03/16 18:19:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F532D20C-DCA3-4A06-9719-FD84C16FDCE4}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Unable to start System Restore Service. Error code 1056 ========== Files/Folders - Created Within 30 Days ========== [2012/04/26 15:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes [2012/04/26 15:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/26 15:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/04/26 15:10:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/26 15:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/25 23:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/25 23:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/17 16:19:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\B437FEC6918469DA.job [2012/04/26 16:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/26 16:40:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/26 16:40:48 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/04/26 16:40:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/26 16:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/26 16:23:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 16:03:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/04/26 15:10:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\avast! Antivirus.job [2012/04/23 08:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/21 12:34:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/04/17 16:19:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/17 16:19:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/11 19:10:55 | 000,469,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 19:10:55 | 000,081,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/11 18:59:30 | 000,788,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\Cat.DB [2012/04/11 18:58:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/04 07:42:52 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/03/28 01:40:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\isolate.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/26 15:10:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/17 16:19:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2010/07/29 17:41:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/07/29 17:41:07 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini ========== LOP Check ========== [2011/01/29 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/11/29 10:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/09/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/02/23 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager [2010/09/17 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/08/29 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Face mode chic admin [2012/02/23 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper [2010/09/17 13:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/09/25 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2008/11/03 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/02 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2011/09/26 11:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/12/20 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011/12/20 15:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011/12/20 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/09/26 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/05/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2011/08/29 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband [2011/10/16 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/09/20 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CheckPoint [2011/08/30 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ElevatedDiagnostics [2008/03/03 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\EPSON [2006/11/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FotoWire [2006/11/30 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FUJIFILM [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iolo [2006/11/30 22:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2006/11/30 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MSNInstaller [2011/12/20 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia [2011/12/20 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia Suite [2009/11/23 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ntr [2011/12/20 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Pop mail bits [2007/01/19 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Teleca [2011/12/29 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Virgin Broadband [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\avast! Antivirus.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\B437FEC6918469DA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/08/30 18:37:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/03/03 16:49:01 | 000,000,504 | ---- | M] () -- C:\dlbt.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/27 20:43:25 | 000,000,171 | ---- | M] () -- C:\itouch.log [2006/11/30 22:55:28 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log [2007/03/17 13:46:07 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/20 17:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/04/26 16:40:35 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document 1.txt [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document.txt [2007/09/11 11:53:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmdata01.sqm [2007/12/13 22:28:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2007/12/31 18:24:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/02/03 13:32:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/03/08 19:50:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/06/07 11:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/06/23 22:28:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/06/23 22:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/06/29 23:17:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/08/01 14:35:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/08/16 17:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/10/09 11:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/10/09 11:12:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/22 15:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/22 15:34:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/22 15:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/23 16:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2007/09/09 22:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2007/09/11 11:29:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007/12/13 22:28:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2007/12/31 18:24:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/02/03 13:32:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/03/08 19:50:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/06/07 11:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/06/23 22:28:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/06/23 22:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/06/29 23:17:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/08/01 14:35:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/08/16 17:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/10/09 11:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/10/09 11:12:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/22 15:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/22 15:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/22 15:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/23 16:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2007/09/09 22:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2007/09/11 11:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2007/09/11 11:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/29 17:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/11/29 17:20:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/11/29 17:20:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧⁮牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > OTL Extras logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BT Broadband Desktop Help" = BT Broadband Desktop Help "BTHomeHub" = BTHomeHub "DebugMode Wink" = DebugMode Wink "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "GoToAssist" = GoToAssist Corporate "Hardware Helper_is1" = Hardware Helper "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Logitech Print Service" = Logitech Print Service "Logitech Resource Center" = Logitech Resource Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MWASPINT" = MicroStaff WINASPI NT "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "QuickTime" = QuickTime "RealPlayer 15.0" = RealPlayer "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/04/2012 04:57:20 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 07/04/2012 04:57:26 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/04/2012 06:04:49 | Computer Name = ANY-6C5E521BE98 | Source = .NET Runtime Optimization Service | ID = 1101 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe . Error code = 0x80131047 Error - 14/04/2012 05:25:03 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 14/04/2012 05:26:25 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:15 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:24 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. Error - 17/04/2012 11:11:28 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:52:59 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:54:07 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. [ System Events ] Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:07:50 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:15:08 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 11:42:25 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting.
- April 26, 2012
- 29 replies
Is it possible that ther is malaware or spyware on my pc.

Trazza posted a topic in Tech Support & Discussions Forum

Is it possible that ther is malaware or spyware on my pc. My monitor keeps going black and I have to switch it off then on again several times to get it to stay on. Have asked several people I know if I might borrow their monitor to check if it is this but alas it seems to be the age of the laptop. Would just like to check before I have to bite the bullet and go and buy a new one. I have done the checks as asked for in the sticky by starbuck and will copy them at the bottom of this thread. Thanks all Trazza Malwarebytes Anti-Malware 1.61.0.1400 http://www.malwarebytes.org Database version: v2012.04.26.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 USER :: ANY-6C5E521BE98 [administrator] 26/04/2012 15:16:15 mbam-log-2012-04-26 (15-16-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 280965 Time elapsed: 1 hour(s), 14 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKLM\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RegTool (Rogue.RegTool) -> Data: C:\Program Files\RegTool\RegTool.exe -boot -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 4 C:\Documents and Settings\USER\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100 (Rogue.RegTool) -> Quarantined and deleted successfully. Files Detected: 240 C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\resultsw.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\Logs\2009-03-15 20-02-340.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\Logs\2009-03-15 20-07-310.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-213.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-214.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-215.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-216.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-217.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-218.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-219.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-220.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-221.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-222.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-223.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-224.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-225.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-226.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-227.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-228.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-229.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-230.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-231.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-232.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-233.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-234.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. (end) OTL files to follow
- April 26, 2012
- 29 replies
I think there is a problem with my laptop

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Yes there does seem to be an improvment. Do I need to delete all the things I downloaded now and if so in what order or does it not matter? Again many thanks
- January 28, 2012
- 38 replies
I think there is a problem with my laptop

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Hi Starbuck Exactly the same happened again this time but I think OTL must have finished before the restart. Here is the latest fix scan followed by the latest OTL scan. Did you run the Puran Defrag program? I dont have any idea what this is so I would have to guess no Does there seem to be any improvement? Havent tried it yet cos I keep loosing the OTL files so thought I would get this message to you first. Fix scan All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer ePower Management deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BackupManagerTray deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EgisTecLiveUpdate deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LManager deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVCpl deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kdx deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ste ->Temp folder emptied: 207244 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 84428601 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 87840 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 16786031 bytes Total Files Cleaned = 97.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01282012_145142 Files\Folders moved on Reboot... C:\Users\Ste\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... OTL scan OTL logfile created on: 28/01/2012 14:57:09 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 52.09% Memory free 5.48 Gb Paging File | 4.10 Gb Available in Paging File | 74.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 204.42 Gb Free Space | 71.48% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe (LogMeIn, Inc.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (LMIRescueUA_1424670) LogMeIn Rescue (1424670) -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys (Symantec Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys (Symantec Corporation) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120127.019\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120127.019\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120126.003\IDSviA64.sys (Symantec Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/25 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 20:24:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 21:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/28 14:55:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/28 14:54:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/24 11:11:00 | 000,000,000 | ---D | M] [2011/09/08 18:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Extensions [2012/01/19 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions [2012/01/23 19:51:30 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions\toolbar@ask.com [2012/01/19 19:26:46 | 000,002,472 | ---- | M] () -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\searchplugins\safesearch.xml [2011/09/08 18:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/28 14:54:58 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/01/28 14:55:02 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN () (No name found) -- C:\USERS\STE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\73HPPIBO.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/01/15 13:25:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npBBCPlugin.dll [2011/10/21 16:01:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/16 21:37:25 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/10/21 16:01:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/21 16:01:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/21 16:01:16 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/21 16:01:16 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B9E5A093-7965-4648-82FE-B5D2292A3412}&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&lang=us&ds=AVG&pr=fr&d=2011-12-10 12:11:37&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/01/23 19:38:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BF8E44-BF99-4A3A-AC7B-AC44AF9636D0}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/24 11:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012/01/24 10:22:55 | 000,000,000 | ---D | C] -- C:\Kontiki [2012/01/24 08:44:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/01/24 08:42:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012/01/24 08:30:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/24 08:30:11 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/24 08:30:11 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/24 08:30:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/24 08:30:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/24 08:30:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/23 20:14:40 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/23 20:14:40 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/23 20:14:40 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/23 20:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/01/23 15:55:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/01/22 08:59:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/01/22 08:59:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/01/22 08:59:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/01/22 08:58:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/01/22 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/20 22:18:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/19 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Malwarebytes [2012/01/19 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Systweak [2012/01/19 18:46:41 | 000,018,816 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/01/18 17:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012/01/18 16:56:11 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys [2012/01/18 16:56:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys [2012/01/18 16:56:11 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys [2012/01/18 16:56:11 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys [2012/01/18 16:56:10 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys [2012/01/18 16:56:10 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys [2012/01/18 16:56:09 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys [2012/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A [2012/01/18 14:13:53 | 000,073,648 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended [2012/01/18 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Applet [2012/01/18 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ste\Documents\Symantec [2012/01/18 13:46:08 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/01/18 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012/01/18 13:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012/01/18 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012/01/18 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/01/11 18:33:31 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012/01/11 18:33:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012/01/11 18:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/01/11 18:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/01/11 18:33:29 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/01/11 18:33:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/01/11 18:33:28 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012/01/11 18:33:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/01/11 18:33:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/01/02 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Deliveries [2012/01/01 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Download Manager [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kontiki [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kontiki [2012/01/01 21:32:40 | 000,000,000 | ---D | C] -- C:\logs3 [2010/01/16 03:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/28 15:03:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/28 15:02:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/28 15:02:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/28 14:53:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/28 14:53:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/28 14:53:26 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys [2012/01/27 22:54:43 | 000,727,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/27 22:54:43 | 000,629,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/27 22:54:43 | 000,111,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/27 08:30:37 | 000,001,086 | ---- | M] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk [2012/01/26 17:04:31 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/26 16:17:41 | 000,343,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/01/24 11:11:00 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/24 11:00:21 | 001,962,597 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/24 08:56:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012/01/24 08:56:08 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012/01/23 20:14:15 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/23 20:14:14 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/23 20:14:14 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/23 19:58:34 | 000,001,236 | ---- | M] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk [2012/01/23 19:38:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/01/23 17:03:06 | 000,038,495 | ---- | M] () -- C:\Users\Ste\Documents\free pc help txt.odt [2012/01/23 15:32:26 | 000,001,137 | ---- | M] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/20 00:11:54 | 000,001,168 | ---- | M] () -- C:\Users\Ste\Desktop\Hamster Free Video Converter.lnk [2012/01/19 19:25:53 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:33:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/18 16:56:12 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 14:13:00 | 000,073,648 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 13:46:08 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/16 20:05:30 | 003,271,755 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/16 20:05:20 | 002,775,912 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/15 23:53:58 | 000,004,331 | ---- | M] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/11 18:17:47 | 362,880,296 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/01/01 21:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/27 08:30:37 | 000,001,086 | ---- | C] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk [2012/01/24 11:11:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/01/24 11:11:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/23 19:58:34 | 000,001,236 | ---- | C] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk [2012/01/23 17:02:58 | 000,038,495 | ---- | C] () -- C:\Users\Ste\Documents\free pc help txt.odt [2012/01/23 15:32:26 | 000,001,137 | ---- | C] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/22 08:59:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/22 08:59:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/22 08:59:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/22 08:59:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/22 08:59:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/01/19 22:37:20 | 003,271,755 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/19 22:37:19 | 002,775,912 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/19 19:21:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:29:05 | 001,962,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:41 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 16:56:11 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat [2012/01/18 16:56:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat [2012/01/18 16:56:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat [2012/01/18 16:56:11 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf [2012/01/18 16:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf [2012/01/18 16:56:11 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf [2012/01/18 16:56:10 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat [2012/01/18 16:56:10 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat [2012/01/18 16:56:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat [2012/01/18 16:56:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf [2012/01/18 16:56:10 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf [2012/01/18 16:56:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf [2012/01/18 16:56:09 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat [2012/01/18 16:56:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf [2012/01/18 16:55:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini [2012/01/18 13:46:08 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/18 13:46:06 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/15 23:53:44 | 000,004,331 | ---- | C] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/01 21:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [2011/11/23 14:18:43 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Roaming\wklnhst.dat [2011/10/30 21:50:21 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/21 17:40:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/21 17:40:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/05/11 19:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Local\{7D6DDE49-71B4-435D-A250-23D4193D40C2} [2010/12/18 14:29:29 | 000,011,776 | ---- | C] () -- C:\Users\Ste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/13 22:25:30 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2010/08/20 18:29:16 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > I will get back to you in a moment to let you know whether or not there is any improvement on start up Thanks Trazza
- January 28, 2012
- 38 replies
I think there is a problem with my laptop

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

And here is another OTL scan done after the fix. OTL logfile created on: 27/01/2012 23:23:47 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.48% Memory free 5.48 Gb Paging File | 4.13 Gb Available in Paging File | 75.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 204.64 Gb Free Space | 71.55% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe (LogMeIn, Inc.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (LMIRescueUA_1424670) LogMeIn Rescue (1424670) -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys (Symantec Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys (Symantec Corporation) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120127.001\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120127.001\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120126.003\IDSviA64.sys (Symantec Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/25 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 20:24:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 21:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/27 23:01:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/27 23:01:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/24 11:11:00 | 000,000,000 | ---D | M] [2011/09/08 18:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Extensions [2012/01/19 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions [2012/01/23 19:51:30 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions\toolbar@ask.com [2012/01/19 19:26:46 | 000,002,472 | ---- | M] () -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\searchplugins\safesearch.xml [2011/09/08 18:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/27 23:01:15 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/01/27 23:01:21 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN () (No name found) -- C:\USERS\STE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\73HPPIBO.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/01/15 13:25:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npBBCPlugin.dll [2011/10/21 16:01:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/16 21:37:25 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/10/21 16:01:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/21 16:01:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/21 16:01:16 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/21 16:01:16 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B9E5A093-7965-4648-82FE-B5D2292A3412}&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&lang=us&ds=AVG&pr=fr&d=2011-12-10 12:11:37&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/01/23 19:38:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Acer ePower Management] _ File not found O4 - HKLM..\Run: [APSDaemon] _ File not found O4 - HKLM..\Run: [backupManagerTray] _ File not found O4 - HKLM..\Run: [DivXUpdate] _ File not found O4 - HKLM..\Run: [EgisTecLiveUpdate] _ File not found O4 - HKLM..\Run: [HotKeysCmds] _ File not found O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] _ File not found O4 - HKLM..\Run: [LManager] _ File not found O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [Persistence] _ File not found O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [RtHDVCpl] _ File not found O4 - HKLM..\Run: [TkBellExe] _ File not found O4 - HKCU..\Run: [kdx] _ File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BF8E44-BF99-4A3A-AC7B-AC44AF9636D0}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/24 11:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012/01/24 10:22:55 | 000,000,000 | ---D | C] -- C:\Kontiki [2012/01/24 08:44:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/01/24 08:42:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012/01/24 08:30:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/24 08:30:11 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/24 08:30:11 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/24 08:30:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/24 08:30:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/24 08:30:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/23 20:14:40 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/23 20:14:40 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/23 20:14:40 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/23 20:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/01/23 15:55:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/01/22 08:59:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/01/22 08:59:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/01/22 08:59:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/01/22 08:58:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/01/22 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/20 22:18:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/19 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Malwarebytes [2012/01/19 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Systweak [2012/01/19 18:46:41 | 000,018,816 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/01/18 17:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012/01/18 16:56:11 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys [2012/01/18 16:56:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys [2012/01/18 16:56:11 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys [2012/01/18 16:56:11 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys [2012/01/18 16:56:10 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys [2012/01/18 16:56:10 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys [2012/01/18 16:56:09 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys [2012/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A [2012/01/18 14:13:53 | 000,073,648 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended [2012/01/18 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Applet [2012/01/18 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ste\Documents\Symantec [2012/01/18 13:46:08 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/01/18 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012/01/18 13:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012/01/18 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012/01/18 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/01/11 18:33:31 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012/01/11 18:33:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012/01/11 18:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/01/11 18:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/01/11 18:33:29 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/01/11 18:33:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/01/11 18:33:28 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012/01/11 18:33:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/01/11 18:33:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/01/02 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Deliveries [2012/01/01 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Download Manager [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kontiki [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kontiki [2012/01/01 21:32:40 | 000,000,000 | ---D | C] -- C:\logs3 [2010/01/16 03:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/27 23:08:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/27 23:08:39 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/27 23:04:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/27 23:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/27 22:59:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/27 22:59:32 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys [2012/01/27 22:54:43 | 000,727,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/27 22:54:43 | 000,629,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/27 22:54:43 | 000,111,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/27 08:30:37 | 000,001,086 | ---- | M] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk [2012/01/26 17:04:31 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/26 16:17:41 | 000,343,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/01/24 11:11:00 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/24 11:00:21 | 001,962,597 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/24 08:56:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012/01/24 08:56:08 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012/01/23 20:14:15 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/23 20:14:14 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/23 20:14:14 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/23 19:58:34 | 000,001,236 | ---- | M] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk [2012/01/23 19:38:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/01/23 17:03:06 | 000,038,495 | ---- | M] () -- C:\Users\Ste\Documents\free pc help txt.odt [2012/01/23 15:32:26 | 000,001,137 | ---- | M] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/20 00:11:54 | 000,001,168 | ---- | M] () -- C:\Users\Ste\Desktop\Hamster Free Video Converter.lnk [2012/01/19 19:25:53 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:33:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/18 16:56:12 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 14:13:00 | 000,073,648 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 13:46:08 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/16 20:05:30 | 003,271,755 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/16 20:05:20 | 002,775,912 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/15 23:53:58 | 000,004,331 | ---- | M] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/11 18:17:47 | 362,880,296 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/01/01 21:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/27 08:30:37 | 000,001,086 | ---- | C] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk [2012/01/24 11:11:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/01/24 11:11:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/23 19:58:34 | 000,001,236 | ---- | C] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk [2012/01/23 17:02:58 | 000,038,495 | ---- | C] () -- C:\Users\Ste\Documents\free pc help txt.odt [2012/01/23 15:32:26 | 000,001,137 | ---- | C] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/22 08:59:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/22 08:59:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/22 08:59:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/22 08:59:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/22 08:59:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/01/19 22:37:20 | 003,271,755 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/19 22:37:19 | 002,775,912 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/19 19:21:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:29:05 | 001,962,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:41 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 16:56:11 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat [2012/01/18 16:56:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat [2012/01/18 16:56:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat [2012/01/18 16:56:11 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf [2012/01/18 16:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf [2012/01/18 16:56:11 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf [2012/01/18 16:56:10 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat [2012/01/18 16:56:10 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat [2012/01/18 16:56:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat [2012/01/18 16:56:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf [2012/01/18 16:56:10 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf [2012/01/18 16:56:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf [2012/01/18 16:56:09 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat [2012/01/18 16:56:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf [2012/01/18 16:55:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini [2012/01/18 13:46:08 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/18 13:46:06 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/15 23:53:44 | 000,004,331 | ---- | C] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/01 21:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [2011/11/23 14:18:43 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Roaming\wklnhst.dat [2011/10/30 21:50:21 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/21 17:40:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/21 17:40:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/05/11 19:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Local\{7D6DDE49-71B4-435D-A250-23D4193D40C2} [2010/12/18 14:29:29 | 000,011,776 | ---- | C] () -- C:\Users\Ste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/13 22:25:30 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2010/08/20 18:29:16 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > Looking at all the 04 entries it looks like it did'nt work.
- January 27, 2012
- 38 replies
I think there is a problem with my laptop

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Hi Starbuck Did what you said and tried the OTL fix but encountered the same result as what happened in post 12 "windows has encountered a problem and will restart in one min" When it restarted however there was a new report from OTL so I have posted it to see if it worked anyway. All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLD_FrameworkRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Acer ePower Management"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"HotKeysCmds"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"IgfxTray"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Persistence"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"RtHDVCpl"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"APSDaemon"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"BackupManagerTray"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"DivXUpdate"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"EgisTecLiveUpdate"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"LManager"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"TkBellExe"|_ /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"kdx"|_ /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\"AvgUninstallURL"|_ /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ste ->Temp folder emptied: 141859 bytes ->Temporary Internet Files folder emptied: 74340 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 137091409 bytes ->Google Chrome cache emptied: 6291709 bytes ->Flash cache emptied: 1861 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7236 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 137.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01272012_225748 Files\Folders moved on Reboot... C:\Users\Ste\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Thanks Trazza
- January 27, 2012
- 38 replies
I think there is a problem with my laptop

Trazza replied to Trazza's topic in Tech Support & Discussions Forum

Hi Starbuck, Here is my latest OTL report. I can see that looking at it I still have quite a few programs running at start up but have no idea what they are. OTL logfile created on: 27/01/2012 08:35:09 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ste\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 51.86% Memory free 5.48 Gb Paging File | 3.86 Gb Available in Paging File | 70.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.99 Gb Total Space | 205.08 Gb Free Space | 71.71% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: v5i09 | User Name: Ste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) PRC - C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe (LogMeIn, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) PRC - C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (LMIRescueUA_1424670) LogMeIn Rescue (1424670) -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe (LogMeIn, Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe (Symantec Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KService) -- C:\Program Files (x86)\Kontiki\KService.exe (Kontiki Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys (Symantec Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys (Symantec Corporation) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120126.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120126.003\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120121.002\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120125.002\IDSviA64.sys (Symantec Corporation) DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360810b305l04h4z125t4572j52p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2645238 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B1ae72087-d825-4524-9ecd-9ec7c685b9b3%7D&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&ds=AVG&v=9.0.0.18.1&lang=us&pr=fr&d=2011-12-10%2012%3A11%3A37&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/12/25 12:08:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/22 20:24:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 21:39:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/01/27 08:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/27 08:25:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/15 13:25:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/24 11:11:00 | 000,000,000 | ---D | M] [2011/09/08 18:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Extensions [2012/01/19 18:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions [2012/01/23 19:51:30 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\extensions\toolbar@ask.com [2012/01/19 19:26:46 | 000,002,472 | ---- | M] () -- C:\Users\Ste\AppData\Roaming\Mozilla\Firefox\Profiles\73hppibo.default\searchplugins\safesearch.xml [2011/09/08 18:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/01/27 08:25:56 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012/01/27 08:25:57 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN () (No name found) -- C:\USERS\STE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\73HPPIBO.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/01/15 13:25:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npBBCPlugin.dll [2011/10/21 16:01:16 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/01/16 21:37:25 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/10/21 16:01:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/21 16:01:16 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/21 16:01:16 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/10/21 16:01:16 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B9E5A093-7965-4648-82FE-B5D2292A3412}&mid=d772e19dc3be47d1bd9ea113f0a2b074-31f65c68c197aa74e8f66191926148cd8a4e92b9&lang=us&ds=AVG&pr=fr&d=2011-12-10 12:11:37&v=10.0.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/01/23 19:38:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\windows\system32\oem\_NowIntoDT.vbs File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [kdx] C:\Program Files (x86)\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1BF8E44-BF99-4A3A-AC7B-AC44AF9636D0}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/24 11:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012/01/24 10:22:55 | 000,000,000 | ---D | C] -- C:\Kontiki [2012/01/24 08:44:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012/01/24 08:42:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012/01/24 08:30:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/01/24 08:30:11 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012/01/24 08:30:11 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012/01/24 08:30:11 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012/01/24 08:30:11 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012/01/24 08:30:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012/01/23 20:14:40 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/23 20:14:40 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/23 20:14:40 | 000,263,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/23 20:14:40 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/23 20:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/01/23 15:55:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/01/22 08:59:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/01/22 08:59:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/01/22 08:59:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/01/22 08:58:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/01/22 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/20 22:18:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/19 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Malwarebytes [2012/01/19 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/19 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/19 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Roaming\Systweak [2012/01/19 18:46:41 | 000,018,816 | ---- | C] (Systweak Inc., (http://www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/01/18 17:37:15 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012/01/18 16:56:11 | 001,084,024 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys [2012/01/18 16:56:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys [2012/01/18 16:56:11 | 000,401,016 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys [2012/01/18 16:56:11 | 000,037,496 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys [2012/01/18 16:56:10 | 000,729,720 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys [2012/01/18 16:56:10 | 000,189,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys [2012/01/18 16:56:09 | 000,167,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys [2012/01/18 16:55:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A [2012/01/18 14:13:53 | 000,073,648 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Unattended [2012/01/18 14:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ste\AppData\Local\LogMeIn Rescue Applet [2012/01/18 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ste\Documents\Symantec [2012/01/18 13:46:08 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/01/18 13:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/01/18 13:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2012/01/18 13:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2012/01/18 13:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2012/01/18 13:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2012/01/11 18:33:31 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012/01/11 18:33:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012/01/11 18:33:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012/01/11 18:33:31 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012/01/11 18:33:29 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/01/11 18:33:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/01/11 18:33:28 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012/01/11 18:33:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/01/11 18:33:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/01/02 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Deliveries [2012/01/01 21:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Download Manager [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kontiki [2012/01/01 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kontiki [2012/01/01 21:32:40 | 000,000,000 | ---D | C] -- C:\logs3 [2010/01/16 03:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/27 08:33:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/27 08:33:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/27 08:30:37 | 000,001,086 | ---- | M] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk [2012/01/27 08:25:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/27 08:24:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/27 08:24:50 | 2207,338,496 | -HS- | M] () -- C:\hiberfil.sys [2012/01/27 00:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/26 17:04:31 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/01/26 16:17:41 | 000,343,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/01/24 11:11:00 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/24 11:00:21 | 001,962,597 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/24 10:38:54 | 000,727,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/24 10:38:54 | 000,629,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/24 10:38:54 | 000,111,204 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/24 08:56:08 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012/01/24 08:56:08 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012/01/23 20:14:15 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012/01/23 20:14:15 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012/01/23 20:14:14 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012/01/23 20:14:14 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012/01/23 19:58:34 | 000,001,236 | ---- | M] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk [2012/01/23 19:38:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2012/01/23 17:03:06 | 000,038,495 | ---- | M] () -- C:\Users\Ste\Documents\free pc help txt.odt [2012/01/23 15:32:26 | 000,001,137 | ---- | M] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/20 00:11:54 | 000,001,168 | ---- | M] () -- C:\Users\Ste\Desktop\Hamster Free Video Converter.lnk [2012/01/19 19:25:53 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:33:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/18 16:56:12 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 14:13:00 | 000,073,648 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\unlock64.dll [2012/01/18 13:46:08 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2012/01/18 13:46:08 | 000,007,530 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/16 20:05:30 | 003,271,755 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/16 20:05:20 | 002,775,912 | ---- | M] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/15 23:53:58 | 000,004,331 | ---- | M] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/11 18:17:47 | 362,880,296 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/01/01 21:33:25 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/27 08:30:37 | 000,001,086 | ---- | C] () -- C:\Users\Ste\Desktop\OTL - Shortcut.lnk [2012/01/24 11:11:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012/01/24 11:11:00 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/01/23 19:58:34 | 000,001,236 | ---- | C] () -- C:\Users\Ste\Desktop\jre-7u2-windows-x64 - Shortcut.lnk [2012/01/23 17:02:58 | 000,038,495 | ---- | C] () -- C:\Users\Ste\Documents\free pc help txt.odt [2012/01/23 15:32:26 | 000,001,137 | ---- | C] () -- C:\Users\Ste\Desktop\ComboFix.exe - Shortcut.lnk [2012/01/22 08:59:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/22 08:59:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/22 08:59:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/22 08:59:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/22 08:59:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/01/19 22:37:20 | 003,271,755 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0026.JPG [2012/01/19 22:37:19 | 002,775,912 | ---- | C] () -- C:\Users\Ste\Desktop\IMG_0025.JPG [2012/01/19 19:21:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 17:29:05 | 001,962,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\Cat.DB [2012/01/18 16:56:41 | 000,004,782 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\VT20111023.023 [2012/01/18 16:56:11 | 000,007,502 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.cat [2012/01/18 16:56:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.cat [2012/01/18 16:56:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet64.cat [2012/01/18 16:56:11 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa.inf [2012/01/18 16:56:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds.inf [2012/01/18 16:56:11 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnet.inf [2012/01/18 16:56:10 | 000,007,504 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.cat [2012/01/18 16:56:10 | 000,007,500 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.cat [2012/01/18 16:56:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.cat [2012/01/18 16:56:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.inf [2012/01/18 16:56:10 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.inf [2012/01/18 16:56:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\iron.inf [2012/01/18 16:56:09 | 000,007,510 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.cat [2012/01/18 16:56:09 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.inf [2012/01/18 16:55:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\isolate.ini [2012/01/18 13:46:08 | 000,007,530 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2012/01/18 13:46:08 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2012/01/18 13:46:06 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2012/01/15 23:53:44 | 000,004,331 | ---- | C] () -- C:\Users\Ste\Documents\emma music.odt [2012/01/01 21:33:25 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Download Manager.lnk [2011/11/23 14:18:43 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Roaming\wklnhst.dat [2011/10/30 21:50:21 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/21 17:40:23 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/10/21 17:40:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/05/11 19:57:29 | 000,000,000 | ---- | C] () -- C:\Users\Ste\AppData\Local\{7D6DDE49-71B4-435D-A250-23D4193D40C2} [2010/12/18 14:29:29 | 000,011,776 | ---- | C] () -- C:\Users\Ste\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/13 22:25:30 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI [2010/08/20 18:29:16 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > Thanks Trazza
- January 27, 2012
- 38 replies

Prev
1
2
3
4
5
6
7
Next
Page 3 of 7

Sign In

Profiles

Forums

Blogs

Events

Resources

Videos

Link Directory

Downloads

Everything posted by Trazza