mij Posted September 4, 2011 Posted September 4, 2011 I was idling playing solitaire when the above took hold. I closed the computer quickly when I realised they had got to google and you tube with their fake help advocating the download of Spyware Dr. Now it's interfering in my screen. I tried my wife's computer but the passwords alluded me, even the new one sent las week. Please use her email addy as given in the 'contact you' box on your site as I'll switch this off asap. Obviously I would like to get some real help with this as it is stopping me 'restoring' etc jim Quote
etavares Posted September 4, 2011 Posted September 4, 2011 Hello, mjj. My name is etavares and I will be helping you with this log. Here are some guidelines to ensure we are able to get your machine back under your control. Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place. Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times. Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done. Please reply within 3 days to be fair to other people asking for help. When in doubt, please stop and ask first. There's no harm in asking questions! Step 1 First, try these instructions here: http://www.bleepingcomputer.com/virus-removal/personal-shield-pro Let me know if you can then log onto your computer. If not, I have other tools we can use. If you can use it after following those instructions, we are NOT done, but just getting started. Try that and reply back here letting me know how it went and we'll go from there. THanks! etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 4, 2011 Author Posted September 4, 2011 Thank you so much, especially for such a quick reply and the alert via PM which enabled prompt action. Despite what the 'fake alert' trojan said I was able to leave the above message on this site - good to know in an emergency. This computer has now been 'disinfected' and we are back to normal. I have a feeling I'll be getting the fuller version of MBAM. Very many thanks indeed. Jim Quote
mij Posted September 4, 2011 Author Posted September 4, 2011 This computer has now been 'disinfected' and we are back to normal. Very many thanks indeed. Jim Sorry on a re-read I realised that I should wait for you to give the all clear - it's just that it happened so quickly. jim Quote
etavares Posted September 5, 2011 Posted September 5, 2011 Hello, mjj. No problem. We'll need some logs now that you have regained control. THere's usually leftovers behind, and sometimes their friends. I did PM you since it sounds like you were unable to check this thread and I know that would go to your email. NOw that you have access back here, make sure to subscribe to the thread so you're notified when I reply. IT's under "Thread Tools" up top and "subscribe to this thread". Don't always trust it...if you haven't seen an email in a couple days, check back here. Occasionaly the email gets lost. :) Step 1 We need to create an OTL report, Please download OTL from this link. (If that link doesn't work, try this alternate link Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. Click the "Scan All Users" checkbox. Select "Use Safelist" under "Extra Registry" Under the Custom Scan box paste this in: netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.sys /90 %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT Click the Quick Scan button. The scan should take a few minutes. Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts. Step 2 Please download aswMBR ( 511KB ) to your desktop. Double click the aswMBR.exe icon to run it It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info. Click the Scan button to start the scan On completion of the scan, click the save log button, save it to your desktop and post it in your next reply. Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later. Step 3 Please post the MBAM log from the scan. To get it, please launch MBAM. Click the "logs" tab. Highlight the log when you scanned to remove the malware just now. Click OPEN. A notepad window will pop up with the log. Copy/paste the contents of that in your reply here. I want to see what it removed. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 5, 2011 Author Posted September 5, 2011 Thanks for the PM, that was most useful. I did open the site just before I closed down and saw it in time. I hope I have included all that you need to assess the state of this system. Thanks again jim OTL log OTL logfile created on: 05/09/2011 17:41:52 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\crispin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.56% Memory free 4.23 Gb Paging File | 3.01 Gb Available in Paging File | 71.07% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 290.81 Gb Free Space | 62.44% Space Free | Partition Type: NTFS Drive D: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF Computer Name: JIMS-PC | User Name: crispin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/09/05 17:33:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe PRC - [2011/09/01 08:09:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/08/21 10:00:28 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/03/10 19:19:32 | 001,642,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/05 23:27:32 | 001,107,456 | ---- | M] (RespectSoft) -- C:\Program Files\VistaClock\VistaClock.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/12/11 10:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe PRC - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2011/09/01 08:09:16 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/08/17 13:09:46 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll MOD - [2011/08/11 01:41:02 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll MOD - [2011/07/19 09:30:16 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll MOD - [2011/03/10 19:21:02 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll MOD - [2011/02/28 09:00:00 | 003,668,992 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax MOD - [2011/02/11 01:30:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011/02/11 01:30:59 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2009/09/15 19:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madbasic_.bpl MOD - [2009/09/15 19:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\maddisAsm_.bpl MOD - [2009/09/15 19:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madexcept_.bpl MOD - [2008/05/15 02:04:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [1998/07/07 15:42:08 | 000,034,304 | ---- | M] () -- C:\Program Files\Common Files\Xerox Shared\VGFILE.DLL MOD - [1998/07/07 15:42:02 | 000,163,328 | ---- | M] () -- C:\Program Files\Common Files\Xerox Shared\EASYTB32.DLL ========== Win32 Services (SafeList) ========== SRV - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/10/31 19:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb) SRV - [2010/10/31 19:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler) SRV - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011/09/05 07:00:43 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD31FB1F-073F-4CD6-8FCF-E45AFD5C4EF0}\MpKslb7135f8f.sys -- (MpKslb7135f8f) DRV - [2011/08/21 10:00:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2011/08/21 10:00:36 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL) DRV - [2011/08/07 14:29:43 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574) DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2011/02/23 17:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/01/13 09:14:48 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/01/22 17:06:34 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2008/10/06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008/08/18 14:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008/05/15 02:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008/05/15 02:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\BANTExt.sys -- (BANTExt) DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/15 01:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2007/02/22 12:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files\ASTRA32\astra32.sys -- (ASTRA32) DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007/01/26 10:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006/11/02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\crispin\Desktop IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 13 42 D8 20 66 CB 01 [binary data] IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\1.bin\NP4eEISB.dll (RadioPI) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 08:09:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/23 17:15:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011/03/11 16:17:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\crispin\AppData\Roaming\NetAssistant\ [2011/03/11 16:17:04 | 000,000,000 | ---D | M] [2011/01/18 12:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Extensions [2010/01/30 23:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010/10/07 00:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions [2010/09/17 11:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/17 11:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16} [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/09/09 20:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions [2010/07/30 00:58:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/19 00:42:59 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011/07/02 07:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\ltirpsj5.default\extensions [2011/01/24 12:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions [2011/01/23 12:32:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/22 09:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/01/23 12:30:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\crispin\AppData\Roaming\Mozilla\Firefox\Profiles\2h87q0wd.Default User\searchplugins\askcom.xml [2011/08/25 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/11 01:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/10 19:30:20 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2011/09/01 08:09:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/02/11 01:28:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011/08/12 05:24:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/01/10 19:28:42 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/08/12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/08/12 05:24:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/08/12 05:24:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/08/12 05:24:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/10/03 20:29:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O3 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found. O3 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000..\Run: [VistaClock] C:\Program Files\VistaClock\VistaClock.exe (RespectSoft) O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe () O4 - Startup: C:\Users\All Users\3B20D [2010/02/23 15:08:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2011/08/20 11:32:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Agnitum [2010/10/25 12:23:14 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\AppData [2009/09/15 12:45:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Apple [2009/09/29 11:48:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Apple Computer [2011/04/10 12:05:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Autodesk [2010/07/19 07:37:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\AVS4YOU [2009/12/15 22:24:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\bA18502AhFcH18502 [2011/09/04 16:17:43 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\CyberLink [2010/08/24 00:10:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DivX [2011/01/01 09:47:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DriverCure [2010/01/19 22:04:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Google [2011/04/03 00:06:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\InstallShield [2010/03/16 17:49:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\IsolatedStorage [2010/10/25 13:52:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Karen's Power Tools [2009/09/20 23:31:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\LogiShrd [2009/09/15 13:14:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Logitech [2009/09/15 13:09:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2009/10/11 13:05:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2010/12/28 09:11:30 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\MFAData [2010/09/30 22:19:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2011/04/03 00:19:42 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\NCH Software [2010/12/30 11:09:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NCH Swift Sound [2010/12/17 22:42:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NOS [2011/04/23 22:02:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ntuser.pol () O4 - Startup: C:\Users\All Users\ParetoLogic [2010/01/13 09:21:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PC Drivers HeadQuarters [2009/09/15 11:25:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PC Tools [2010/10/25 13:13:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PCPitstop [2010/01/20 19:48:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Privacyware [2010/10/25 13:48:42 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SITEguard [2010/07/21 20:34:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2010/10/03 19:59:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\STOPzilla! [2010/09/30 22:15:51 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sun [2010/01/27 10:29:22 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\TEMP [2010/10/25 13:13:40 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2006/11/02 14:02:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\TomTom [2009/09/16 14:12:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Trusteer [2010/02/15 12:41:14 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\UDL [2010/10/03 13:14:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\White Sky, Inc [2010/10/25 13:49:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\WindowsSearch [2010/09/30 22:52:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Xerox [2010/10/12 13:03:22 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/10/15 00:28:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/09/29 11:50:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{A3570649-72CF-4FA2-A237-74A7EE92053E} [2010/10/08 14:07:02 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\crispin\.gimp-2.6 [2011/09/05 08:55:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\.recently-used.xbel () O4 - Startup: C:\Users\crispin\.thumbnails [2011/01/31 14:46:14 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\jim\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\Contacts [2010/01/27 20:37:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\Cookies [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Desktop [2011/09/05 17:33:18 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\FP_AX_CAB_INSTALLER.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\crispin\frm2new.htm.url () O4 - Startup: C:\Users\crispin\g2mdlhlpx.exe () O4 - Startup: C:\Users\crispin\Local Settings [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Music [2010/09/30 19:41:03 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\My Documents [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\NetHood [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\ntuser (2).ini () O4 - Startup: C:\Users\crispin\ntuser.dat () O4 - Startup: C:\Users\crispin\ntuser.dat.LOG1 () O4 - Startup: C:\Users\crispin\ntuser.dat.LOG2 () O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TM.blf () O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TM.blf () O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TM.blf () O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.ini () O4 - Startup: C:\Users\crispin\PrintHood [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Recent [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\SendTo [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Start Menu [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\temp [2010/08/11 09:07:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\Templates [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Tracing [2010/10/06 21:50:16 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\Videos [2010/12/31 19:46:14 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\VLC [2010/07/09 19:42:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\AppData [2006/11/02 12:18:34 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2006/11/02 14:02:03 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 () O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 11:23:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\jim\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\Desktop [2011/09/04 18:40:14 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2011/02/11 01:32:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2006/11/02 11:23:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Pictures [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Recorded TV [2011/09/05 07:01:59 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E48B3B5-6445-4A56-A4B3-609D77EBBE29}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AEBD7FC-5B3C-466F-89C2-7E3CA8ACD89F}: NameServer = 87.194.255.154,87.194.255.155 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2011/09/05 17:33:17 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe [2011/09/05 08:01:29 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\New Folder (2) [2011/09/04 16:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\bA18502AhFcH18502 [2011/09/04 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\2011 august challenges wc [2011/09/01 10:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\RadioPI_4eEI [2011/08/24 10:50:54 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\Jim\Documents\Downloads [2011/08/21 10:00:36 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\crispin\Desktop\Jim\Documents\*.tmp files -> C:\Users\crispin\Desktop\Jim\Documents\*.tmp -> ] [1 C:\Users\crispin\AppData\Local\*.tmp files -> C:\Users\crispin\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/09/05 17:36:34 | 000,021,479 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\disinfecting procedure form pchelp.odt [2011/09/05 17:36:33 | 000,000,114 | -H-- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\.~lock.disinfecting procedure form pchelp.odt# [2011/09/05 17:36:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/09/05 17:33:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe [2011/09/05 17:30:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000UA.job [2011/09/05 17:00:41 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/05 17:00:41 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/05 12:07:54 | 000,013,287 | ---- | M] () -- C:\Users\crispin\Desktop\Sept 2011 goals.odt [2011/09/05 10:54:30 | 000,610,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/09/05 10:54:30 | 000,109,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/09/05 09:37:50 | 000,000,138 | ---- | M] () -- C:\Users\crispin\Desktop\New Internet Shortcut.url [2011/09/05 08:29:41 | 005,235,987 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\natasha compared.odt [2011/09/05 08:04:10 | 000,022,282 | ---- | M] () -- C:\Users\crispin\Desktop\models image.jpg [2011/09/05 08:01:51 | 002,242,809 | ---- | M] () -- C:\Users\crispin\Desktop\ScanImage546.jpg [2011/09/05 07:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/09/05 07:30:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000Core.job [2011/09/05 07:01:16 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job [2011/09/05 07:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/04 18:40:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/04 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011/09/04 17:43:29 | 000,014,476 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pcfreehelpplea.odt [2011/09/03 21:30:51 | 000,002,052 | ---- | M] () -- C:\Users\crispin\Desktop\Google Chrome.lnk [2011/09/01 08:18:36 | 000,195,217 | ---- | M] () -- C:\Users\crispin\Desktop\riverstour.jpg [2011/08/25 19:32:39 | 000,000,000 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\PDVD_MediaDisc.PlayList [2011/08/25 14:42:19 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/08/25 01:36:06 | 000,352,065 | ---- | M] () -- C:\Users\crispin\Desktop\trees 33.jpg [2011/08/24 16:46:52 | 000,340,351 | ---- | M] () -- C:\Users\crispin\Desktop\ScanImage545tree32.jpg [2011/08/24 12:03:53 | 000,031,433 | ---- | M] () -- C:\Users\crispin\Desktop\tree31.jpg [2011/08/24 07:11:33 | 000,023,325 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\mikw sibleys drawing course.odt [2011/08/23 12:15:18 | 000,106,031 | ---- | M] () -- C:\Users\crispin\Desktop\1978-Charlottes_Farm-sm.JPG [2011/08/21 15:46:49 | 000,023,812 | ---- | M] () -- C:\Users\crispin\Desktop\2012 organiser sheet.ods [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/08/21 09:10:36 | 000,011,203 | ---- | M] () -- C:\Users\crispin\Desktop\instrument exchange address in danvers massachusist.odt [2011/08/21 04:55:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2011/08/21 04:32:26 | 000,292,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/08/20 11:32:19 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/08/13 18:40:15 | 000,022,855 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\jims adress book.odt [2011/08/12 11:16:31 | 000,017,655 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\paint and sketching reminder sheet.odt [2011/08/12 11:12:03 | 000,014,551 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\paintingandsketching reminder sheet.ods [2011/08/11 00:33:54 | 000,010,439 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\instrument exchange address in danvers massachusist.odt [2011/08/10 19:33:10 | 008,684,875 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 5.odt [2011/08/10 19:25:14 | 010,874,210 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 4.odt [2011/08/10 19:20:37 | 012,518,860 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 3.odt [2011/08/10 19:18:20 | 010,641,863 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 2.odt [2011/08/10 19:15:09 | 010,511,155 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of JKs Trees 1.odt [2011/08/09 03:11:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\crispin\Desktop\Jim\Documents\*.tmp files -> C:\Users\crispin\Desktop\Jim\Documents\*.tmp -> ] [1 C:\Users\crispin\AppData\Local\*.tmp files -> C:\Users\crispin\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/09/05 17:36:33 | 000,000,114 | -H-- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\.~lock.disinfecting procedure form pchelp.odt# [2011/09/05 17:36:32 | 000,021,479 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\disinfecting procedure form pchelp.odt [2011/09/05 12:07:52 | 000,013,287 | ---- | C] () -- C:\Users\crispin\Desktop\Sept 2011 goals.odt [2011/09/05 09:37:41 | 000,000,138 | ---- | C] () -- C:\Users\crispin\Desktop\New Internet Shortcut.url [2011/09/05 08:29:34 | 005,235,987 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\natasha compared.odt [2011/09/05 08:02:25 | 000,022,282 | ---- | C] () -- C:\Users\crispin\Desktop\models image.jpg [2011/09/05 08:01:50 | 002,242,809 | ---- | C] () -- C:\Users\crispin\Desktop\ScanImage546.jpg [2011/09/04 18:40:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/04 17:43:26 | 000,014,476 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pcfreehelpplea.odt [2011/09/01 08:17:47 | 000,195,217 | ---- | C] () -- C:\Users\crispin\Desktop\riverstour.jpg [2011/08/25 14:42:19 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/08/25 01:36:06 | 000,352,065 | ---- | C] () -- C:\Users\crispin\Desktop\trees 33.jpg [2011/08/24 15:06:28 | 000,340,351 | ---- | C] () -- C:\Users\crispin\Desktop\ScanImage545tree32.jpg [2011/08/24 12:03:53 | 000,031,433 | ---- | C] () -- C:\Users\crispin\Desktop\tree31.jpg [2011/08/24 07:21:30 | 000,002,052 | ---- | C] () -- C:\Users\crispin\Desktop\Google Chrome.lnk [2011/08/24 07:20:15 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000UA.job [2011/08/24 07:20:12 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000Core.job [2011/08/24 07:11:32 | 000,023,325 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\mikw sibleys drawing course.odt [2011/08/23 12:15:15 | 000,106,031 | ---- | C] () -- C:\Users\crispin\Desktop\1978-Charlottes_Farm-sm.JPG [2011/08/20 11:32:19 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/08/20 11:32:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/08/14 02:15:16 | 000,011,203 | ---- | C] () -- C:\Users\crispin\Desktop\instrument exchange address in danvers massachusist.odt [2011/08/12 11:16:29 | 000,017,655 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\paint and sketching reminder sheet.odt [2011/08/12 11:12:02 | 000,014,551 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\paintingandsketching reminder sheet.ods [2011/08/11 00:33:52 | 000,010,439 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\instrument exchange address in danvers massachusist.odt [2011/08/10 19:33:02 | 008,684,875 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 5.odt [2011/08/10 19:25:04 | 010,874,210 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 4.odt [2011/08/10 19:20:25 | 012,518,860 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 3.odt [2011/08/10 19:18:09 | 010,641,863 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 2.odt [2011/08/10 19:14:58 | 010,511,155 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of JKs Trees 1.odt [2011/08/09 23:00:55 | 000,023,812 | ---- | C] () -- C:\Users\crispin\Desktop\2012 organiser sheet.ods [2011/03/31 14:30:53 | 000,000,547 | ---- | C] () -- C:\Users\crispin\AppData\Roaming\FreeDesktopClock.ini [2011/03/31 01:22:41 | 000,000,680 | ---- | C] () -- C:\Users\crispin\AppData\Local\d3d9caps.dat [2011/03/25 16:50:40 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/03/25 16:50:40 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/02/12 16:15:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/02/12 16:15:46 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011/02/12 16:15:46 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/02/12 16:15:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/12/06 23:24:59 | 000,000,511 | ---- | C] () -- C:\Windows\Snowflake Screen Saver Audio Files.dat [2010/12/06 23:24:59 | 000,000,376 | ---- | C] () -- C:\Windows\Snowflake Screen Saver Captions.dat [2010/10/03 12:59:21 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX6600E.ini [2010/09/30 21:53:53 | 000,000,120 | ---- | C] () -- C:\Users\crispin\AppData\Local\Ovihomigobabamis.dat [2010/09/07 23:08:34 | 000,099,965 | ---- | C] () -- C:\Windows\UninstallFirefox.exe [2010/09/07 23:08:25 | 000,003,137 | ---- | C] () -- C:\Windows\mozver.dat [2010/08/24 22:25:51 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/06/27 23:06:51 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2010/03/13 14:01:40 | 000,000,175 | ---- | C] () -- C:\Windows\ANS2000.INI [2010/03/13 14:01:40 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini [2010/03/13 14:01:40 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini [2010/02/25 02:31:28 | 000,000,120 | ---- | C] () -- C:\Windows\Tb98.ini [2010/02/25 02:31:26 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL [2010/02/25 02:31:26 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE [2010/02/25 02:31:25 | 000,046,512 | ---- | C] () -- C:\Windows\System32\EPSN.DLL [2010/02/25 02:31:25 | 000,012,126 | ---- | C] () -- C:\Windows\System32\PIXPCZ.DLL [2010/02/25 02:31:25 | 000,011,934 | ---- | C] () -- C:\Windows\System32\PIXPNR.DLL [2010/02/07 15:15:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010/02/07 15:15:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010/02/07 15:15:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010/02/07 15:15:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010/02/07 15:15:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010/02/07 15:15:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010/02/07 15:15:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010/02/07 15:15:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010/02/07 15:15:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010/02/07 15:15:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010/02/07 15:15:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010/02/07 15:15:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010/02/07 15:15:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010/02/07 15:15:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010/02/07 15:15:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010/02/07 15:15:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010/02/07 15:15:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010/02/07 15:15:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010/02/07 15:15:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010/01/20 14:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/01/19 17:42:44 | 000,027,136 | ---- | C] () -- C:\Users\crispin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/15 22:13:36 | 000,000,014 | ---- | C] () -- C:\Windows\System32\Systemdrv.sys [2009/12/09 19:00:37 | 000,000,011 | ---- | C] () -- C:\Windows\exchng.ini [2009/12/09 19:00:36 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009/12/09 19:00:36 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2009/10/15 19:48:25 | 000,003,840 | ---- | C] () -- C:\Windows\System32\drivers\BANTExt.sys [2009/09/24 08:58:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/09/17 08:33:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/17 08:33:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/17 08:33:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/08/25 11:07:39 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009/08/08 17:04:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008/05/15 02:04:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/04/28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll [2006/12/20 18:28:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:47:37 | 000,292,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,610,860 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,109,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/02/27 18:07:00 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [1997/08/01 01:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL [1997/08/01 01:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL [1997/08/01 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1997/08/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011/04/17 00:40:18 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Airytec [2010/01/19 20:15:30 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Autodesk [2010/01/19 22:01:21 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\DriverCure [2010/02/11 15:28:34 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\EPSON [2011/07/19 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\gtk-2.0 [2010/11/15 02:55:36 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\ID Vault [2010/05/04 17:39:33 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\InterVideo [2011/03/25 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\IObit [2011/01/24 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\IrfanView [2011/03/11 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\NetAssistant [2010/01/19 14:31:39 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\OpenOffice.org [2010/10/25 12:59:47 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\PCToolsFirewallPlus [2010/06/27 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\PrimoPDF [2010/10/25 12:59:20 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Spam Monitor [2010/08/11 09:07:20 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\TeamViewer [2010/01/19 19:16:30 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\TomTom [2010/02/15 12:42:09 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Trusteer [2010/09/30 22:07:30 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Unyp [2011/04/09 11:25:01 | 000,000,000 | ---D | M] -- C:\Users\crispin\AppData\Roaming\Windows Live Writer [2010/04/06 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer [2010/04/06 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer [2011/09/05 07:01:16 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job [2011/08/21 04:55:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2011/09/04 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2011/07/05 03:45:01 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job [2011/09/05 02:57:26 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > too long added another message Quote
mij Posted September 5, 2011 Author Posted September 5, 2011 2nd message as one was too short extras log OTL Extras logfile created on: 05/09/2011 17:41:52 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\crispin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.56% Memory free 4.23 Gb Paging File | 3.01 Gb Available in Paging File | 71.07% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 290.81 Gb Free Space | 62.44% Space Free | Partition Type: NTFS Drive D: | 4.38 Gb Total Space | 4.24 Gb Free Space | 96.96% Space Free | Partition Type: UDF Computer Name: JIMS-PC | User Name: crispin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2178092456-3463494078-4020983743-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04A164D4-5CC7-4733-91E0-C29DF647E3B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{09693BA0-EEE4-4D54-9258-20D4899001EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0F904FAF-1DD9-4FA0-9519-502D04707DB9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{11C468D8-8B46-4C03-99D4-D264B53E3025}" = lport=1935 | protocol=6 | dir=in | name=broadcam video streaming server flash video server | "{2562E7FE-C80B-4EB3-BD41-A4457CD355FA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{30948125-9D9E-4C6F-8F13-94B0A68BBAE5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{313847B7-4574-48BD-9B50-437560239B05}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{318F4C81-D9EA-47AC-AC28-B062461A6868}" = rport=139 | protocol=6 | dir=out | app=system | "{4352A122-C9FA-49F3-B46E-8854115938DE}" = rport=445 | protocol=6 | dir=out | app=system | "{467CE25F-8686-403F-BE67-5486AAAC08F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D5A1307-9AD1-4953-8B95-317FAA78C3E3}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server | "{661D2976-723F-4A89-8879-CA65AB595CD0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7826C0C7-DE19-4A12-8C86-4BB5D392C2B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{78A4CD5D-09D1-4C1D-8B13-1647C87729E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{858A4D86-4B19-4FE8-8F45-B4F774F09B41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8F243FA4-3035-45B1-9C98-A1D949105BD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8FA47BE9-ABF2-4C0E-BF2B-AC101A2D12BB}" = lport=2869 | protocol=6 | dir=in | app=system | "{91237784-7D60-4738-A2A0-B188372F37AD}" = lport=138 | protocol=17 | dir=in | app=system | "{91ED0C39-9743-4B69-B325-FF28E8F0C452}" = lport=445 | protocol=6 | dir=in | app=system | "{97C93160-5808-485D-A2D6-4F0955634E9C}" = lport=10243 | protocol=6 | dir=in | app=system | "{9EB7EDDB-9D2A-41A4-872C-147696C03901}" = lport=139 | protocol=6 | dir=in | app=system | "{A0996373-7D30-4B70-99C1-8EF79D333F7E}" = rport=138 | protocol=17 | dir=out | app=system | "{AE506891-5FE3-453C-8861-69E6D86CBAA1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B7BBB912-EAC2-47BD-A639-1D5C7D5B065B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B7EA688F-3378-4B03-9666-ABA57A13744E}" = lport=137 | protocol=17 | dir=in | app=system | "{BDD9399A-3204-4CA0-8B86-8A8B0439CC1A}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port | "{CA13CAB5-79F9-4821-8746-A70D2E808939}" = rport=10243 | protocol=6 | dir=out | app=system | "{D761DF6C-9F42-4181-93C0-3805188A1DA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA55BB0F-8368-4BD2-94AD-6E55262DEEE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EBAE5F06-32B8-4BA2-869D-83744477D22D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0F70533-2868-4A45-93F6-127F4D36DB60}" = rport=137 | protocol=17 | dir=out | app=system | "{FFE3F8B7-A0E6-4E7A-BD76-C0D1C1CD0E1B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EE2E10-3C1E-428F-9875-52E63D542C8E}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | "{09B06624-8BD3-4D85-B6E0-E63A11D1CED0}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | "{169357C7-E56D-4495-B67B-C515C9EA9B80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{19E9F754-A047-4D8F-B5A3-FD1B51A6676C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{260D91B0-5B66-4425-BB15-3437A46ACCD0}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | "{2816BE1C-81BF-494D-BC0D-E76678E8BD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2AC126AD-8343-4C13-BC17-7A4BEA97A2A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2CBC9C3C-05F9-45BF-9B34-1FBAE81D63DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2D4A6123-9C3E-41FC-B3FF-D168AF182F13}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{360B39FE-9DD8-431F-8CC7-9F169C27DAEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3C0C7B6C-3745-454D-91CB-477A55BCA664}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | "{3E9F310D-71B9-494F-B017-373CE586DED8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{4512E011-BD29-48D9-8C9C-A7FDDC8D913A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{4FD8EEBF-DE54-4F1B-A79A-45F7406C5493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50081AEA-2A2F-435D-A9C0-EFE12A7EE6C8}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | "{6087D238-A691-4A97-A7B1-D37FEB0E48E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{63FDF3E1-A42F-4E1F-BB9A-26D4CE375C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6F456964-8A0E-420A-93E0-3880AAEC8162}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7A2B46EC-4F29-45A3-A34A-0A61B10E96CE}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | "{8A0A440F-A2F3-46A8-80E7-D657566B0FCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8A8AFF24-ABA7-432C-83EA-6D4B29157A82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97610151-6DC3-4A90-A90B-3BA20F66A767}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{A3763342-DAFC-49BB-BCB3-0F59D1CCAD06}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | "{A47FF7C9-9F7E-4173-AB9C-8465FB9ED31D}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | "{C34C28BE-B30A-4A28-8193-6B48DDFCA338}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CD743709-239A-419E-ACB4-044DD9E151EA}" = protocol=6 | dir=out | app=system | "{D1F610D3-8D73-43CA-84D8-DD3559D0BE12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E66DEA3D-EBFE-46F0-AFAB-AE14523D3566}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E7D3001F-0988-4861-A36F-04965CD52B55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{0BDB7588-D9F2-49D2-B3A3-F559EAA0CF20}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{28545D96-74BC-4FA0-A44C-22BD2526031B}D:\setup\upgradewizard\win2kxpvista\stsetup.exe" = protocol=6 | dir=in | app=d:\setup\upgradewizard\win2kxpvista\stsetup.exe | "TCP Query User{52A2DF26-48DE-4B43-A783-8987B3641BF6}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe | "TCP Query User{658BC605-9E51-4AAF-A599-79C0022670FB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{78639ACF-3A52-4ABE-868E-8E103552A2A4}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe | "TCP Query User{7C2C8FE4-7EAF-4093-8A74-B5ECE75BF0A1}D:\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=d:\wd discovery software\wd discovery.exe | "TCP Query User{B40D3F3E-7473-4B91-95B9-24286741A296}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{11F0FED1-358E-4019-8FE9-40A594674DEF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{389920FC-D986-4E90-B147-21D1464F72AF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{390F8E5C-6661-44E2-BD37-751AF485F761}C:\program files\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files\western digital\wd discovery software\wd discovery.exe | "UDP Query User{44E67584-F594-4C27-A5BB-A101BD7F2FBA}D:\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=d:\wd discovery software\wd discovery.exe | "UDP Query User{4747C48D-A9AC-46E3-B7C5-230B667DECD7}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe | "UDP Query User{951C2805-4279-442A-9573-246D993E2FCE}D:\setup\upgradewizard\win2kxpvista\stsetup.exe" = protocol=17 | dir=in | app=d:\setup\upgradewizard\win2kxpvista\stsetup.exe | "UDP Query User{E2D86611-0AF0-4713-8599-058CEB35BBC8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only) "{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E340F0-0BD6-4A87-AF29-E9E584471756}" = VideoMate Driver "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6E8BA460-41DE-4C91-9596-0C675864E7FC}" = MOBZRuler "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel® Network Connections 14.0.40.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 2.00 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers) "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F5223680-993A-11D4-86F6-0001031E5712}" = InterVideo Installer "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 6.0" = Adobe Photoshop 6.0 "Airytec Switch Off" = Airytec Switch Off "ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 2.04 "Belarc Advisor" = Belarc Advisor 8.1 "Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.4.0.0 "Debut" = Debut Video Capture Software "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility "EPSON Printer and Utilities" = EPSON Printer Software "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009 "HijackThis" = HijackThis 2.0.2 "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 "MGI_PHOTOSUITE_SE_V10" = MGI PhotoSuite SE (Remove Only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 6.0.1 (x86 en-GB)" = Mozilla Firefox 6.0.1 (x86 en-GB) "MuseScore 0.9" = MuseScore 0.9 MuseScore score typesetter "Pen Tablet Driver" = Pen Tablet "PriceGong" = PriceGong 2.1.0 "PROSetDX" = Intel® Network Connections 14.0.40.0 "PWStudio" = PWStudio "Rapport_msi" = Rapport "Remote Access Viewer_is1" = Remote Access Viewer Ver 4.4.4 "Smart Defrag 2_is1" = Smart Defrag 2 "Taskbar Hide" = Taskbar Hide "TextBridge Classic 2.0" = TextBridge Classic 2.0 "TomTom HOME" = TomTom HOME 2.8.2.2264 "Uninstall_is1" = Uninstall 1.0.0.1 "VideoPad" = VideoPad Video Editor "VistaClock_is1" = VistaClock 1.1 "VLC media player" = VideoLAN VLC media player 0.8.6f "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "Winter Landscape" = Winter Landscape ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.5.0.457 "NetAssistant" = NetAssistant for Firefox "Windows System Scanner" = Windows System Scanner ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18/04/2011 03:01:09 | Computer Name = jims-pc | Source = MatSvc | ID = 262152 Description = The MATS service encountered a failure when loading SAP. hr=0x80092003 SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.18 Error - 18/04/2011 03:01:09 | Computer Name = jims-pc | Source = MatSvc | ID = 262159 Description = The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80092003 . Error - 18/04/2011 21:03:27 | Computer Name = jims-pc | Source = EventSystem | ID = 4621 Description = Error - 19/04/2011 04:28:47 | Computer Name = jims-pc | Source = Application Hang | ID = 1002 Description = The program PowerDVD.exe version 5.0.0.1107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 16e0 Start Time: 01cbfe62fa7ec83a Termination Time: 42 Error - 19/04/2011 04:29:49 | Computer Name = jims-pc | Source = Application Hang | ID = 1002 Description = The program PowerDVD.exe version 5.0.0.1107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 169c Start Time: 01cbfe6bdb6a384e Termination Time: 8 Error - 21/04/2011 03:28:26 | Computer Name = jims-pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Logitech\SetPoint\SetPoint.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 21/04/2011 03:35:36 | Computer Name = jims-pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Logitech\SetPoint\SetPoint.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 22/04/2011 18:44:30 | Computer Name = jims-pc | Source = Application Hang | ID = 1002 Description = The program PowerDVD.exe version 5.0.0.1107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 146c Start Time: 01cc013e841330a3 Termination Time: 9 Error - 23/04/2011 03:52:33 | Computer Name = jims-pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Logitech\SetPoint\SetPoint.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 23/04/2011 17:02:46 | Computer Name = jims-pc | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Program Files\Logitech\SetPoint\SetPoint.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ Media Center Events ] Error - 30/08/2011 01:24:14 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 01/09/2011 01:59:52 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 01/09/2011 08:58:36 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 02/09/2011 05:48:40 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 03/09/2011 01:14:09 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 04/09/2011 02:35:55 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 04/09/2011 11:33:03 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 04/09/2011 12:23:34 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 04/09/2011 13:49:21 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = Error - 05/09/2011 02:02:19 | Computer Name = jims-pc | Source = ehRecvr | ID = 4 Description = [ System Events ] Error - 04/09/2011 13:49:24 | Computer Name = jims-pc | Source = DCOM | ID = 10016 Description = Error - 04/09/2011 13:50:28 | Computer Name = jims-pc | Source = Service Control Manager | ID = 7024 Description = Error - 04/09/2011 16:09:17 | Computer Name = jims-pc | Source = iaStorV | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 04/09/2011 17:10:17 | Computer Name = jims-pc | Source = iaStorV | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 05/09/2011 02:00:24 | Computer Name = jims-pc | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 05/09/2011 02:00:34 | Computer Name = jims-pc | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 05/09/2011 02:01:02 | Computer Name = jims-pc | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 05/09/2011 02:01:31 | Computer Name = jims-pc | Source = Service Control Manager | ID = 7026 Description = Error - 05/09/2011 02:01:46 | Computer Name = jims-pc | Source = DCOM | ID = 10016 Description = Error - 05/09/2011 02:02:49 | Computer Name = jims-pc | Source = Service Control Manager | ID = 7024 Description = < End of report > aswreport aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-09-05 17:55:57 ----------------------------- 17:55:57.632 OS Version: Windows 6.0.6002 Service Pack 2 17:55:57.632 Number of processors: 2 586 0xF06 17:55:57.632 ComputerName: JIMS-PC UserName: crispin 17:55:59.132 Initialize success 17:56:24.726 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 17:56:24.728 Disk 0 Vendor: ST350041 CC34 Size: 476940MB BusType: 3 17:56:24.751 Disk 0 MBR read successfully 17:56:24.753 Disk 0 MBR scan 17:56:24.755 Disk 0 Windows VISTA default MBR code 17:56:24.758 Disk 0 scanning sectors +976771072 17:56:24.831 Disk 0 scanning C:\Windows\system32\drivers 17:56:32.112 Service scanning 17:56:32.947 Service MpKslb7135f8f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DD31FB1F-073F-4CD6-8FCF-E45AFD5C4EF0}\MpKslb7135f8f.sys **LOCKED** 32 17:56:32.952 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 17:56:33.645 Modules scanning 17:56:40.761 Disk 0 trace - called modules: 17:56:40.806 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll 17:56:40.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x876b5ac8] 17:56:40.815 3 CLASSPNP.SYS[899b38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86a11030] 17:56:40.820 Scan finished successfully 17:57:11.110 Disk 0 MBR has been saved successfully to "C:\Users\crispin\Desktop\MBR.dat" 17:57:11.148 The log file has been saved successfully to "C:\Users\crispin\Desktop\aswMBR.txt" Mbam log/report Malwarebytes' Anti-Malware 1.51.1.1800 http://www.malwarebytes.org Database version: 7651 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 05/09/2011 18:03:52 mbam-log-2011-09-05 (18-03-52).txt Scan type: Quick scan Objects scanned: 169220 Time elapsed: 3 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Quote
etavares Posted September 5, 2011 Posted September 5, 2011 Hello, mjj. PriceGong is classified as Adware. I suggest you uninstall it via Add/Remove Programs unless you want to keep it. Step 1 Install ERUNT This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished. Please download erunt-setup.exe to your desktop. Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use. Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK. The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions: Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator Click OK at the first message box. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there. Click OK. Click Yes to create the new folder. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me. You'll get en error on reboot as ERUNT tries to make a registry backup but Windows Vista will block it. Just ignore it...we made a manual backup just now so no worries. The error will go away when we're done and uninstall ERUNT. Step 2 Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin. We need run an OTL ScriptPlease download OTL from one of the following mirrors if you do not still have it.This is first Mirror This is the second mirror [*]Save it to your desktop. [*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. [*]Paste the following code under the Custom Scans/Fixes box at the bottom. :OTL O3 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\..\Toolbar\WebBrowser: (no name) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No CLSID value found. O3 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84 :Files C:\ProgramData\bA18502AhFcH18502 :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride"=0 :commands [EmptyTemp] [*]Click the Run Fix button at the top. [*]let the program run unhindered and reboot when it is done. [*]You will get a log when it is done, please post that in your reply. [*]Please then create a new OTL report.... [*]Click the "Scan All Users" checkbox. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button. [*]A report will open, copy and paste it in a reply here. Step 3 I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 5, 2011 Author Posted September 5, 2011 I got as far as runfix (having pasted the code into Custom Scans/Fixes). I thought it was working quietly and went to have a bite to eat and a coffee. 30 to 40 minutes later and it still hasn't produced a report as expected and the error message said that an error writing the registry had been experienced and 'program not responding' the screen was classic blue (I have windows classic so that's ok) but all the icons had gone. I had to switch it off to regain some control as it was not responding to mouse or keyboard. The computer has been hanging on entering some sites (particularly google and googlemail) but I was putting that down to busy peeps/times. It has not produced a new otl report. What is the next step? jim Quote
mij Posted September 5, 2011 Author Posted September 5, 2011 (edited) I keep late nights here so knowing this computer sometimes does this I went through the process again and this time it still got 'not responding' but a couple of clicks on 'run-fix' and it worked. Here is the report. jim All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}\ not found. Registry value HKEY_USERS\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Registry key HKEY_USERS\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Policies\Microsoft\Internet Explorer\restrictions\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 . Unable to delete ADS C:\ProgramData\TEMP:430C6D84 . ========== FILES ========== File\Folder C:\ProgramData\bA18502AhFcH18502 not found. ========== REGISTRY ========== Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiVirusOverride"|0 /E! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: crispin ->Temp folder emptied: 158247158 bytes ->Temporary Internet Files folder emptied: 135053533 bytes ->Java cache emptied: 1364166 bytes ->FireFox cache emptied: 205204694 bytes ->Google Chrome cache emptied: 71957597 bytes ->Flash cache emptied: 134798 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: jim ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 210312034 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 746.00 mb OTL by OldTimer - Version 3.2.27.0 log created on 09062011_000712 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Edited September 5, 2011 by mij Quote
mij Posted September 5, 2011 Author Posted September 5, 2011 having now accomplished the next step here is that report jim OTL logfile created on: 06/09/2011 00:22:29 - Run 2 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\crispin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.77% Memory free 4.23 Gb Paging File | 3.12 Gb Available in Paging File | 73.79% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 291.84 Gb Free Space | 62.66% Space Free | Partition Type: NTFS Computer Name: JIMS-PC | User Name: crispin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/09/05 22:49:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe PRC - [2011/09/01 08:09:17 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/08/21 10:00:28 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/04/22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/03/10 19:19:32 | 001,642,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/08/05 23:27:32 | 001,107,456 | ---- | M] (RespectSoft) -- C:\Program Files\VistaClock\VistaClock.exe PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/12/11 10:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe PRC - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe ========== Modules (No Company Name) ========== MOD - [2011/09/01 08:09:16 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/08/17 13:09:46 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll MOD - [2011/07/19 09:30:16 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll MOD - [2011/03/10 19:21:02 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll MOD - [2011/02/11 01:30:59 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011/02/11 01:30:59 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2009/09/15 19:20:52 | 000,177,152 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madbasic_.bpl MOD - [2009/09/15 19:20:52 | 000,044,544 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\maddisAsm_.bpl MOD - [2009/09/15 19:20:46 | 000,345,088 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\madexcept_.bpl MOD - [2008/05/15 02:04:24 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - [2011/08/21 10:00:28 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/10/31 19:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb) SRV - [2010/10/31 19:37:48 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler) SRV - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011/09/06 00:11:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4451966-C396-4BE3-B4F3-0A659629D8F8}\MpKsl1c930450.sys -- (MpKsl1c930450) DRV - [2011/09/05 23:33:07 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4451966-C396-4BE3-B4F3-0A659629D8F8}\MpKsl8d15b96f.sys -- (MpKsl8d15b96f) DRV - [2011/08/21 10:00:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2011/08/21 10:00:36 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL) DRV - [2011/08/07 14:29:43 | 000,216,912 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys -- (RapportCerberus_29574) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2011/02/23 17:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/01/13 09:14:48 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/01/22 17:06:34 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2008/10/06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008/08/18 14:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008/05/15 02:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008/05/15 02:49:14 | 003,691,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Drivers\BANTExt.sys -- (BANTExt) DRV - [2008/02/29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2008/02/29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008/01/15 01:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2007/02/22 12:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- C:\Program Files\ASTRA32\astra32.sys -- (ASTRA32) DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007/01/26 10:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006/11/02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\crispin\Desktop IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 13 42 D8 20 66 CB 01 [binary data] IE - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.co.uk" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4eEI\Installr\1.bin\NP4eEISB.dll (RadioPI) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/01 08:09:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/23 17:15:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\crispin\AppData\Roaming\NetAssistant\ [2011/03/11 16:17:04 | 000,000,000 | ---D | M] [2011/01/18 12:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Extensions [2010/01/30 23:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010/10/07 00:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions [2010/09/17 11:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/17 11:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\2h87q0wd.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{cb84136f-9c44-433a-9048-c5cd9df1dc16} [2011/01/18 12:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\dmbo0wzm.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/09/09 20:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions [2010/07/30 00:58:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/08/19 00:42:59 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\eidwrwj3.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011/07/02 07:31:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\ltirpsj5.default\extensions [2011/01/24 12:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions [2011/01/23 12:32:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/22 09:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/01/23 12:30:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\crispin\AppData\Roaming\mozilla\Firefox\Profiles\uti5rigv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\crispin\AppData\Roaming\Mozilla\Firefox\Profiles\2h87q0wd.Default User\searchplugins\askcom.xml [2011/08/25 14:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/02/11 01:28:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/10 19:30:20 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2011/09/01 08:09:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/02/11 01:28:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011/08/12 05:24:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/01/10 19:28:42 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/08/12 05:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/08/12 05:24:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/08/12 05:24:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2011/08/12 05:24:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/10/03 20:29:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000..\Run: [VistaClock] C:\Program Files\VistaClock\VistaClock.exe (RespectSoft) O4 - HKLM..\RunServices: [RegisterDropHandler] C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe () O4 - Startup: C:\Users\All Users\3B20D [2010/02/23 15:08:59 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Adobe [2011/08/20 11:32:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Agnitum [2010/10/25 12:23:14 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\AppData [2009/09/15 12:45:27 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Apple [2009/09/29 11:48:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Apple Computer [2011/04/10 12:05:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Autodesk [2010/07/19 07:37:34 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\AVS4YOU [2009/12/15 22:24:36 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\CyberLink [2010/08/24 00:10:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Desktop [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DivX [2011/01/01 09:47:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\DriverCure [2010/01/19 22:04:21 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Favorites [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\Google [2011/04/03 00:06:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\InstallShield [2010/03/16 17:49:39 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\IsolatedStorage [2010/10/25 13:52:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Karen's Power Tools [2009/09/20 23:31:50 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\LogiShrd [2009/09/15 13:14:07 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Logitech [2009/09/15 13:09:19 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Malwarebytes [2009/10/11 13:05:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\McAfee [2010/12/28 09:11:30 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\MFAData [2010/09/30 22:19:13 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Microsoft [2011/04/03 00:19:42 | 000,000,000 | --SD | M] O4 - Startup: C:\Users\All Users\NCH Software [2010/12/30 11:09:47 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NCH Swift Sound [2010/12/17 22:42:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\NOS [2011/04/23 22:02:05 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\ntuser.pol () O4 - Startup: C:\Users\All Users\ParetoLogic [2010/01/13 09:21:20 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PC Drivers HeadQuarters [2009/09/15 11:25:06 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PC Tools [2010/10/25 13:13:33 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\PCPitstop [2010/01/20 19:48:31 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Privacyware [2010/10/25 13:48:42 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\SITEguard [2010/07/21 20:34:10 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2010/10/03 19:59:12 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\STOPzilla! [2010/09/30 22:15:51 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Sun [2010/01/27 10:29:22 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\TEMP [2010/10/25 13:13:40 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Templates [2006/11/02 14:02:04 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\All Users\TomTom [2009/09/16 14:12:37 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Trusteer [2010/02/15 12:41:14 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\UDL [2010/10/03 13:14:08 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\White Sky, Inc [2010/10/25 13:49:11 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\WindowsSearch [2010/09/30 22:52:09 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\Xerox [2010/10/12 13:03:22 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/10/15 00:28:03 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/09/29 11:50:48 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\All Users\{A3570649-72CF-4FA2-A237-74A7EE92053E} [2010/10/08 14:07:02 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\crispin\.gimp-2.6 [2011/09/05 08:55:55 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\.recently-used.xbel () O4 - Startup: C:\Users\crispin\.thumbnails [2011/01/31 14:46:14 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\jim\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\Contacts [2010/01/27 20:37:15 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\Cookies [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Desktop [2011/09/06 00:12:37 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\FP_AX_CAB_INSTALLER.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\crispin\frm2new.htm.url () O4 - Startup: C:\Users\crispin\g2mdlhlpx.exe () O4 - Startup: C:\Users\crispin\Local Settings [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Music [2010/09/30 19:41:03 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\My Documents [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\NetHood [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\ntuser (2).ini () O4 - Startup: C:\Users\crispin\ntuser.dat () O4 - Startup: C:\Users\crispin\ntuser.dat.LOG1 () O4 - Startup: C:\Users\crispin\ntuser.dat.LOG2 () O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TM.blf () O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{3db1a891-2793-11e0-a1eb-0018f3957101}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TM.blf () O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{b41eec2b-49d2-11e0-92c8-0018f3957101}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TM.blf () O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.dat{fc231da8-e3e1-11de-b241-0018f3957101}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\crispin\ntuser.ini () O4 - Startup: C:\Users\crispin\PrintHood [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Recent [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\SendTo [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Start Menu [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\temp [2010/08/11 09:07:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\Templates [2009/08/07 19:48:01 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\crispin\Tracing [2010/10/06 21:50:16 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\crispin\Videos [2010/12/31 19:46:14 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\crispin\VLC [2010/07/09 19:42:01 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\AppData [2006/11/02 12:18:34 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Default\Application Data [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Cookies [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Desktop [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Documents [2006/11/02 14:02:03 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Downloads [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Favorites [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Links [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\Local Settings [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Music [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\My Documents [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NetHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\NTUSER.DAT () O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG () O4 - Startup: C:\Users\Default\ntuser.dat.LOG1 () O4 - Startup: C:\Users\Default\ntuser.dat.LOG2 () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms () O4 - Startup: C:\Users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms () O4 - Startup: C:\Users\Default\Pictures [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Default\PrintHood [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Recent [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Saved Games [2006/11/02 11:23:35 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Default\SendTo [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Start Menu [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Templates [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] O4 - Startup: C:\Users\Default\Videos [2006/11/02 11:23:35 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\jim\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\AppData [2011/01/22 14:59:17 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Public\Desktop [2011/09/04 18:40:14 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Documents [2011/02/11 01:32:34 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Downloads [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Favorites [2006/11/02 11:23:35 | 000,000,000 | RH-D | M] O4 - Startup: C:\Users\Public\Music [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Pictures [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Recorded TV [2011/09/06 00:12:27 | 000,000,000 | R--D | M] O4 - Startup: C:\Users\Public\Videos [2006/11/02 13:50:50 | 000,000,000 | R--D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKU\S-1-5-21-2178092456-3463494078-4020983743-1000\Software\Policies\Microsoft\Internet Explorer\control panel present O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E48B3B5-6445-4A56-A4B3-609D77EBBE29}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AEBD7FC-5B3C-466F-89C2-7E3CA8ACD89F}: NameServer = 87.194.255.154,87.194.255.155 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/09/05 22:51:19 | 000,000,000 | ---D | C] -- C:\_OTL [2011/09/05 22:48:04 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe [2011/09/05 22:35:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/09/05 22:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/09/05 22:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/09/05 22:32:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\crispin\Desktop\erunt-setup.exe [2011/09/05 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\New Folder [2011/09/05 19:36:03 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\Jim\Documents\anti-malware logs etc [2011/09/05 08:01:29 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\New Folder (2) [2011/09/04 00:30:29 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\2011 august challenges wc [2011/09/01 10:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\RadioPI_4eEI [2011/08/24 10:50:54 | 000,000,000 | ---D | C] -- C:\Users\crispin\Desktop\Jim\Documents\Downloads [2011/08/24 07:14:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/08/21 10:00:36 | 000,053,816 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/08/11 01:43:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/08/11 01:43:26 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/08/11 01:43:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/08/11 01:43:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/08/11 01:43:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/08/10 23:40:31 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/08/10 23:40:21 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/08/10 23:40:20 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Users\crispin\Desktop\Jim\Documents\*.tmp files -> C:\Users\crispin\Desktop\Jim\Documents\*.tmp -> ] [1 C:\Users\crispin\AppData\Local\*.tmp files -> C:\Users\crispin\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/09/06 00:16:31 | 000,610,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/09/06 00:16:31 | 000,109,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/09/06 00:12:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/09/06 00:12:02 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job [2011/09/06 00:11:54 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/09/06 00:11:54 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/09/06 00:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/09/05 23:36:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/09/05 23:31:11 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000UA.job [2011/09/05 22:49:21 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\crispin\Desktop\OTL.exe [2011/09/05 22:33:56 | 000,000,733 | ---- | M] () -- C:\Users\crispin\Desktop\NTREGOPT.lnk [2011/09/05 22:33:56 | 000,000,714 | ---- | M] () -- C:\Users\crispin\Desktop\ERUNT.lnk [2011/09/05 22:32:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\crispin\Desktop\erunt-setup.exe [2011/09/05 22:29:48 | 000,024,401 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\anti virus two.odt [2011/09/05 21:56:11 | 000,013,830 | ---- | M] () -- C:\Users\crispin\Desktop\wills family.ods [2011/09/05 21:38:22 | 000,276,780 | ---- | M] () -- C:\Users\crispin\Desktop\robert charles williams.jpg [2011/09/05 21:27:22 | 000,008,444 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\julians email addy.odt [2011/09/05 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011/09/05 17:54:58 | 000,035,405 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\otl logfile.odt [2011/09/05 17:36:34 | 000,021,479 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\disinfecting procedure form pchelp.odt [2011/09/05 12:07:54 | 000,013,287 | ---- | M] () -- C:\Users\crispin\Desktop\Sept 2011 goals.odt [2011/09/05 09:37:50 | 000,000,138 | ---- | M] () -- C:\Users\crispin\Desktop\New Internet Shortcut.url [2011/09/05 08:29:41 | 005,235,987 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\natasha compared.odt [2011/09/05 08:04:10 | 000,022,282 | ---- | M] () -- C:\Users\crispin\Desktop\models image.jpg [2011/09/05 08:01:51 | 002,242,809 | ---- | M] () -- C:\Users\crispin\Desktop\ScanImage546.jpg [2011/09/05 07:30:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000Core.job [2011/09/04 18:40:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/04 17:43:29 | 000,014,476 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pcfreehelpplea.odt [2011/09/03 21:30:51 | 000,002,052 | ---- | M] () -- C:\Users\crispin\Desktop\Google Chrome.lnk [2011/09/01 08:18:36 | 000,195,217 | ---- | M] () -- C:\Users\crispin\Desktop\riverstour.jpg [2011/09/01 08:10:57 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/08/25 19:32:39 | 000,000,000 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\PDVD_MediaDisc.PlayList [2011/08/25 14:42:19 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/08/25 01:36:06 | 000,352,065 | ---- | M] () -- C:\Users\crispin\Desktop\trees 33.jpg [2011/08/24 16:46:52 | 000,340,351 | ---- | M] () -- C:\Users\crispin\Desktop\ScanImage545tree32.jpg [2011/08/24 12:03:53 | 000,031,433 | ---- | M] () -- C:\Users\crispin\Desktop\tree31.jpg [2011/08/24 07:11:33 | 000,023,325 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\mikw sibleys drawing course.odt [2011/08/23 12:15:18 | 000,106,031 | ---- | M] () -- C:\Users\crispin\Desktop\1978-Charlottes_Farm-sm.JPG [2011/08/21 15:46:49 | 000,023,812 | ---- | M] () -- C:\Users\crispin\Desktop\2012 organiser sheet.ods [2011/08/21 10:00:36 | 000,053,816 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2011/08/21 09:10:36 | 000,011,203 | ---- | M] () -- C:\Users\crispin\Desktop\instrument exchange address in danvers massachusist.odt [2011/08/21 04:55:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2011/08/21 04:32:26 | 000,292,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/08/20 11:32:19 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/08/13 18:40:15 | 000,022,855 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\jims adress book.odt [2011/08/12 11:16:31 | 000,017,655 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\paint and sketching reminder sheet.odt [2011/08/12 11:12:03 | 000,014,551 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\paintingandsketching reminder sheet.ods [2011/08/11 00:33:54 | 000,010,439 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\instrument exchange address in danvers massachusist.odt [2011/08/10 19:33:10 | 008,684,875 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 5.odt [2011/08/10 19:25:14 | 010,874,210 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 4.odt [2011/08/10 19:20:37 | 012,518,860 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 3.odt [2011/08/10 19:18:20 | 010,641,863 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 2.odt [2011/08/10 19:15:09 | 010,511,155 | ---- | M] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of JKs Trees 1.odt [2011/08/09 03:11:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [1 C:\Users\crispin\Desktop\Jim\Documents\*.tmp files -> C:\Users\crispin\Desktop\Jim\Documents\*.tmp -> ] [1 C:\Users\crispin\AppData\Local\*.tmp files -> C:\Users\crispin\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/09/05 22:33:56 | 000,000,733 | ---- | C] () -- C:\Users\crispin\Desktop\NTREGOPT.lnk [2011/09/05 22:33:56 | 000,000,714 | ---- | C] () -- C:\Users\crispin\Desktop\ERUNT.lnk [2011/09/05 22:29:46 | 000,024,401 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\anti virus two.odt [2011/09/05 21:56:09 | 000,013,830 | ---- | C] () -- C:\Users\crispin\Desktop\wills family.ods [2011/09/05 21:38:22 | 000,276,780 | ---- | C] () -- C:\Users\crispin\Desktop\robert charles williams.jpg [2011/09/05 21:27:20 | 000,008,444 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\julians email addy.odt [2011/09/05 17:54:56 | 000,035,405 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\otl logfile.odt [2011/09/05 17:36:32 | 000,021,479 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\disinfecting procedure form pchelp.odt [2011/09/05 12:07:52 | 000,013,287 | ---- | C] () -- C:\Users\crispin\Desktop\Sept 2011 goals.odt [2011/09/05 09:37:41 | 000,000,138 | ---- | C] () -- C:\Users\crispin\Desktop\New Internet Shortcut.url [2011/09/05 08:29:34 | 005,235,987 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\natasha compared.odt [2011/09/05 08:02:25 | 000,022,282 | ---- | C] () -- C:\Users\crispin\Desktop\models image.jpg [2011/09/05 08:01:50 | 002,242,809 | ---- | C] () -- C:\Users\crispin\Desktop\ScanImage546.jpg [2011/09/04 18:40:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/09/04 17:43:26 | 000,014,476 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pcfreehelpplea.odt [2011/09/01 08:17:47 | 000,195,217 | ---- | C] () -- C:\Users\crispin\Desktop\riverstour.jpg [2011/08/25 14:42:19 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/08/25 01:36:06 | 000,352,065 | ---- | C] () -- C:\Users\crispin\Desktop\trees 33.jpg [2011/08/24 15:06:28 | 000,340,351 | ---- | C] () -- C:\Users\crispin\Desktop\ScanImage545tree32.jpg [2011/08/24 12:03:53 | 000,031,433 | ---- | C] () -- C:\Users\crispin\Desktop\tree31.jpg [2011/08/24 07:21:30 | 000,002,052 | ---- | C] () -- C:\Users\crispin\Desktop\Google Chrome.lnk [2011/08/24 07:20:15 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000UA.job [2011/08/24 07:20:12 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2178092456-3463494078-4020983743-1000Core.job [2011/08/24 07:11:32 | 000,023,325 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\mikw sibleys drawing course.odt [2011/08/23 12:15:15 | 000,106,031 | ---- | C] () -- C:\Users\crispin\Desktop\1978-Charlottes_Farm-sm.JPG [2011/08/20 11:32:19 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/08/20 11:32:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/08/14 02:15:16 | 000,011,203 | ---- | C] () -- C:\Users\crispin\Desktop\instrument exchange address in danvers massachusist.odt [2011/08/12 11:16:29 | 000,017,655 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\paint and sketching reminder sheet.odt [2011/08/12 11:12:02 | 000,014,551 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\paintingandsketching reminder sheet.ods [2011/08/11 00:33:52 | 000,010,439 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\instrument exchange address in danvers massachusist.odt [2011/08/10 19:33:02 | 008,684,875 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 5.odt [2011/08/10 19:25:04 | 010,874,210 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 4.odt [2011/08/10 19:20:25 | 012,518,860 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 3.odt [2011/08/10 19:18:09 | 010,641,863 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of trees 2.odt [2011/08/10 19:14:58 | 010,511,155 | ---- | C] () -- C:\Users\crispin\Desktop\Jim\Documents\pair of JKs Trees 1.odt [2011/08/09 23:00:55 | 000,023,812 | ---- | C] () -- C:\Users\crispin\Desktop\2012 organiser sheet.ods [2011/03/31 14:30:53 | 000,000,547 | ---- | C] () -- C:\Users\crispin\AppData\Roaming\FreeDesktopClock.ini [2011/03/31 01:22:41 | 000,000,680 | ---- | C] () -- C:\Users\crispin\AppData\Local\d3d9caps.dat [2011/03/25 16:50:40 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/03/25 16:50:40 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/02/12 16:15:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/02/12 16:15:46 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011/02/12 16:15:46 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/02/12 16:15:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/12/06 23:24:59 | 000,000,511 | ---- | C] () -- C:\Windows\Snowflake Screen Saver Audio Files.dat [2010/12/06 23:24:59 | 000,000,376 | ---- | C] () -- C:\Windows\Snowflake Screen Saver Captions.dat [2010/10/03 12:59:21 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX6600E.ini [2010/09/30 21:53:53 | 000,000,120 | ---- | C] () -- C:\Users\crispin\AppData\Local\Ovihomigobabamis.dat [2010/09/07 23:08:34 | 000,099,965 | ---- | C] () -- C:\Windows\UninstallFirefox.exe [2010/09/07 23:08:25 | 000,003,137 | ---- | C] () -- C:\Windows\mozver.dat [2010/08/24 22:25:51 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/06/27 23:06:51 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2010/03/13 14:01:40 | 000,000,175 | ---- | C] () -- C:\Windows\ANS2000.INI [2010/03/13 14:01:40 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini [2010/03/13 14:01:40 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini [2010/02/25 02:31:28 | 000,000,120 | ---- | C] () -- C:\Windows\Tb98.ini [2010/02/25 02:31:26 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL [2010/02/25 02:31:26 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE [2010/02/25 02:31:25 | 000,046,512 | ---- | C] () -- C:\Windows\System32\EPSN.DLL [2010/02/25 02:31:25 | 000,012,126 | ---- | C] () -- C:\Windows\System32\PIXPCZ.DLL [2010/02/25 02:31:25 | 000,011,934 | ---- | C] () -- C:\Windows\System32\PIXPNR.DLL [2010/02/07 15:15:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010/02/07 15:15:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010/02/07 15:15:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010/02/07 15:15:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010/02/07 15:15:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010/02/07 15:15:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010/02/07 15:15:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010/02/07 15:15:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010/02/07 15:15:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010/02/07 15:15:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010/02/07 15:15:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010/02/07 15:15:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010/02/07 15:15:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010/02/07 15:15:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010/02/07 15:15:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010/02/07 15:15:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010/02/07 15:15:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010/02/07 15:15:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010/02/07 15:15:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010/01/20 14:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/01/19 17:42:44 | 000,027,136 | ---- | C] () -- C:\Users\crispin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/15 22:13:36 | 000,000,014 | ---- | C] () -- C:\Windows\System32\Systemdrv.sys [2009/12/09 19:00:37 | 000,000,011 | ---- | C] () -- C:\Windows\exchng.ini [2009/12/09 19:00:36 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009/12/09 19:00:36 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2009/10/15 19:48:25 | 000,003,840 | ---- | C] () -- C:\Windows\System32\drivers\BANTExt.sys [2009/09/24 08:58:28 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/09/17 08:33:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/17 08:33:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/17 08:33:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/08/25 11:07:39 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009/08/08 17:04:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008/05/15 02:04:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/04/28 21:09:10 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/03/06 00:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll [2006/12/20 18:28:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 13:47:37 | 000,292,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:33:01 | 000,610,860 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 11:33:01 | 000,109,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/02/27 18:07:00 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [1997/08/01 01:00:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\XLREC.DLL [1997/08/01 01:00:00 | 000,025,600 | ---- | C] () -- C:\Windows\System32\RECNCL.DLL [1997/08/01 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1997/08/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > Quote
mij Posted September 6, 2011 Author Posted September 6, 2011 Step three proved too difficult for this machine. It stalled at the same place three times after 20123 files had been scanned, roughly between twelve and thirteen minutes after starting the scan. Up to that time no infected files had been found. I've had this computer hang like this and I know it's busy somewhere but I don't why or where. If I had the ownership of the original MS licence I'd have re-formatted and put Vista in, in my own name. But this set-up was my son's in the begining and even though he's passed the MSVista disk to me as well as the machine it'd have a different addy as well as names. I can't quite equate with that some how. jim Ps doesn't time fly when you're enjoying yourself Quote
etavares Posted September 6, 2011 Posted September 6, 2011 Hello, mjj. Interesting. In that case, let's try an alternate scan. WE'll also update JAVA and scan with MBAM. Step 1 Next, we need to update Java. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) Version 26 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version. Save it to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version(s) shown below: Java 6 Update 22 Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u26-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well. Step 2 Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. Exit MBAM when done.Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Step 3 Please run a BitDefender Online Scan Click start scanner to run. Post the resulting log. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 6, 2011 Author Posted September 6, 2011 ok on step 2 and here is the log jim Malwarebytes' Anti-Malware 1.51.1.1800 http://www.malwarebytes.org Database version: 7663 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 06/09/2011 15:48:08 mbam-log-2011-09-06 (15-48-08).txt Scan type: Quick scan Objects scanned: 167129 Time elapsed: 3 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Quote
mij Posted September 6, 2011 Author Posted September 6, 2011 (edited) Ok did the defender bit and here is the log. jim QuickScan Beta 32-bit v0.9.9.99 ------------------------------- Scan date: Tue Sep 06 16:11:35 2011 Machine ID: 14C9C13E No infection found. ------------------- Processes --------- Firefox 4700 C:\Program Files\Mozilla Firefox\firefox.exe Firefox 4892 C:\Program Files\Mozilla Firefox\plugin-container.exe Firefox 5604 C:\Program Files\Mozilla Firefox\plugin-container.exe HD Audio Control Panel 2908 C:\Windows\RtHDVCpl.exe Java Platform SE Auto Updater 2 0 3260 C:\Program Files\Common Files\Java\Java Update\jusched.exe Microsoft IntelliPoint 4580 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe Microsoft IntelliPoint 2528 C:\Program Files\Microsoft IntelliPoint\ipoint.exe Microsoft Security Client 3672 C:\Program Files\Microsoft Security Client\msseces.exe Microsoft® Windows® Operating System 5996 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe Microsoft® Windows® Operating System 1548 C:\Windows\explorer.exe Microsoft® Windows® Operating System 3804 C:\Windows\System32\taskeng.exe Microsoft® Windows® Operating System 3640 C:\Windows\System32\wbem\unsecapp.exe OpenOffice.org 3.3 4424 C:\Program Files\OpenOffice.org 3\program\soffice.bin OpenOffice.org 3.3 4148 C:\Program Files\OpenOffice.org 3\program\soffice.exe PowerDVD 492 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe TomTom HOME 3212 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe Vista Clock 3844 C:\Program Files\VistaClock\VistaClock.exe Wacom Technology, Corp. User Module 1500 C:\Windows\System32\WTablet\Pen_TabletUser.exe (verified) Google Update 1632 C:\Users\crispin\AppData\Local\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System 1712 C:\Program Files\Windows Media Player\wmpnscfg.exe (verified) Microsoft® Windows® Operating System 4260 C:\Windows\ehome\ehmsas.exe (verified) Microsoft® Windows® Operating System 1696 C:\Windows\ehome\ehtray.exe (verified) Microsoft® Windows® Operating System 3484 C:\Windows\System32\dwm.exe Network activity ---------------- Process firefox.exe (4700) connected on port 443 (HTTP over SSL) --> 74.125.230.152 Process firefox.exe (4700) connected on port 443 (HTTP over SSL) --> 74.125.230.152 Process firefox.exe (4700) connected on port 443 (HTTP over SSL) --> 74.125.230.152 Process firefox.exe (4700) connected on port 80 (HTTP) --> 209.85.147.95 Process firefox.exe (4700) connected on port 80 (HTTP) --> 92.123.153.10 Process firefox.exe (4700) connected on port 443 (HTTP over SSL) --> 209.85.147.138 Process firefox.exe (4700) connected on port 80 (HTTP) --> 66.220.153.11 Process firefox.exe (4700) connected on port 80 (HTTP) --> 2.16.157.55 Process firefox.exe (4700) connected on port 80 (HTTP) --> 92.123.153.59 Process firefox.exe (4700) connected on port 80 (HTTP) --> 92.123.153.41 Process firefox.exe (4700) connected on port 80 (HTTP) --> 209.85.147.113 Autoruns and critical files --------------------------- Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE HD Audio Control Panel C:\Windows\RtHDVCpl.exe Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Microsoft IntelliPoint C:\Program Files\Microsoft IntelliPoint\ipoint.exe Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll Mozilla Firefox C:\Program Files\Mozilla Firefox PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe quickstart.exe C:\Program Files\OpenOffice.org 3\program\quickstart.exe QuickTime C:\Program Files\QuickTime\QTTask.exe REGISTERDROPHANDLER Application C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe TomTom HOME C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe Vista Clock C:\Program Files\VistaClock\VistaClock.exe Windows® Internet Explorer c:\windows\system32\webcheck.dll (verified) Google Update C:\Users\crispin\AppData\Local\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Browser plugins --------------- AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll Babylon Chrome Plugin C:\Users\crispin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_1\BabylonChromePI.dll BitDefender QuickScan C:\Users\crispin\AppData\Roaming\Mozilla\Firefox\Profiles\ltirpsj5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files\Google\Update\1.3.21.68\npGoogleUpdate3.dll Google Update C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll Java Platform SE 6 U27 c:\program files\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U27 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Microsoft Support Diagnostic Tool C:\Windows\Downloaded Program Files\MSDCode.DLL Microsoft® .NET Framework mscoree.dll Microsoft® CoReXT c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll NPSibelius.dll C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll PC Pitstop C:\Windows\Downloaded Program Files\PCPitstop3D.dll PDFNet SDK for C/C++/JAVA C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll RadioPI Installer Plugin Stub C:\Program Files\RadioPI_4eEI\Installr\1.bin\NP4eEISB.dll ScorchPDFWrapper.dll C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll Windows Live Messenger Companion c:\program files\windows live\companion\companioncore.dll Windows Live™ Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\Windows\system32\ieframe.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe (verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll Scan ---- MD5: 0bd343c45b4eccf8d6af94d6c3adc310 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll MD5: 81a4867e5e803ae1a50cc8ac5957fe78 C:\Program Files\Airytec\Switch Off\swoff.exe MD5: 5fc1fed39ed5d3f71c7d2fc16a49e2a2 C:\Program Files\ASTRA32\ASTRA32.sys MD5: d2ada8af0ee98f3f76536015d74ee4bf c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 11a52cf7b265631deeb24c6149309eff C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe MD5: b19b204cabfa9f225618eda4a90c1a2c C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe MD5: f5859096c3c9328c73d733cf4b7fc428 C:\Program Files\Common Files\Microsoft Shared\Ink\mshwuk.dll MD5: 69f32455ac9b08dc999a5b051c00713c C:\Program Files\Common Files\Microsoft Shared\Ink\mshwusa.dll MD5: 938acf2a4f7fdaff322fd36f0b14d45a C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll MD5: 0a70f4022ec2e14c159efc4f69aa2477 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE MD5: 915a106a2fb87292cef0ad4f36adf313 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe MD5: dae211d3393343b2fad71c65b20ec562 C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: a04099bfff4e2c9a8979577b1b927b32 C:\Program Files\Google\Update\1.3.21.68\npGoogleUpdate3.dll MD5: 6f120933f87e7dec972476170288a267 C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: 6f158c6029d841a5f37708cc2bbf3362 c:\program files\java\jre6\bin\jp2ssv.dll MD5: 41700402834f793a8c06731e5cfba62a C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: 5aaaa04671f2800ceecf306e20a3538b C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax MD5: 67e4746068aa00ec1a0a486aa8654a34 C:\Program Files\K-Lite Codec Pack\Filters\FLVSplitter.ax MD5: 795ec057da754f218181b34cd1274f35 C:\Program Files\K-Lite Codec Pack\Filters\MP4Splitter.ax MD5: 861c28ef77484589177a113ba9365efa C:\Program Files\K-Lite Codec Pack\Filters\RealMediaSplitter.ax MD5: 759f4fd42d4ef27b82ad706f9de9b1a1 C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll MD5: e5ca22f495988a55e58c527f25fb21ee C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe MD5: 33bfce71f407f24e5dfdb7dd46ce2d6d C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe MD5: 9f04b1edc2dca29bbea94f37dacb55b7 C:\Program Files\Microsoft Fix it Center\Matsvc.exe MD5: b7b5218a789b924c1de01cb8497fae31 C:\Program Files\Microsoft IntelliPoint\Components\Commands\dpghnt\dpghnt.dll MD5: 4d147ea8cdf0700e77f8d9393c9f4265 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll MD5: 1aefc7f1beba19b055be502b7c12c1fd C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll MD5: 3065bbba85e30284a77643745c57c8db C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe MD5: 7a7d4000c9443350383f0fdfb7a1c12e C:\Program Files\Microsoft IntelliPoint\ipoint.exe MD5: d7b47d16d7ed77f0e44a914d3a8f0326 C:\Program Files\Microsoft IntelliPoint\ipres.dll MD5: d057af42c556fc785ff465e97625b913 C:\Program Files\Microsoft IntelliPoint\srres.dll MD5: 12b9c4fa0d4735a1873fed4083b75748 C:\Program Files\Microsoft Security Client\Antimalware\MpClient.Dll MD5: cfce43b70ca0cc4dcc8adb62b792b173 c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe MD5: a5cb074f34bbd89948e34a630d459c0c c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe MD5: 96e6931ecc73b103b1a00a84416dada9 C:\Program Files\Microsoft Security Client\EppManifest.dll MD5: d0ebe8f93c70fca792e241ce268bc837 C:\Program Files\Microsoft Security Client\msseces.exe MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll MD5: 3157f89bfb5afa3476de5deb66a75694 C:\Program Files\Mozilla Firefox\components\browsercomps.dll MD5: 9089100a22856513cbf35e18c552d53f C:\Program Files\Mozilla Firefox\firefox.exe MD5: 8abb58e55e866948a376b50b7babed20 C:\Program Files\Mozilla Firefox\freebl3.dll MD5: 6eb03d7455e797b26ee7c32731388ef2 C:\Program Files\Mozilla Firefox\mozalloc.dll MD5: e26f24079bdd4e5cfc898195b613da6a C:\Program Files\Mozilla Firefox\MOZCPP19.dll MD5: 90b3129b56e4952099326ca03831c9a2 C:\Program Files\Mozilla Firefox\MOZCRT19.dll MD5: c440a2a1525d59260c7c3a97f3867639 C:\Program Files\Mozilla Firefox\mozjs.dll MD5: 4acdaef164c4a6f5108837c8b64a1577 C:\Program Files\Mozilla Firefox\mozsqlite3.dll MD5: 9540d3420c91a300ee48d688e3f1b707 C:\Program Files\Mozilla Firefox\nspr4.dll MD5: cd8f03584e6e545e774851e21ae0cabf C:\Program Files\Mozilla Firefox\nss3.dll MD5: 56609ead3c45c66008391b528843c575 C:\Program Files\Mozilla Firefox\nssckbi.dll MD5: 9ecd2f811c42651599cfdea6ae5c19bc C:\Program Files\Mozilla Firefox\nssdbm3.dll MD5: 7c91e10b62b3fb82ec8faaf5ca67c3c1 C:\Program Files\Mozilla Firefox\nssutil3.dll MD5: 5df99a2d7c6b460c44e4f54f62f969fa C:\Program Files\Mozilla Firefox\plc4.dll MD5: dbafb406595ff06e7ca39b9364c26225 C:\Program Files\Mozilla Firefox\plds4.dll MD5: a89788c5d2b246e9289489d3f156ad8c C:\Program Files\Mozilla Firefox\plugin-container.exe MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll MD5: 6f120933f87e7dec972476170288a267 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll MD5: 288b2ae6741c5910978e5efc274b2ee1 C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll MD5: 7d0f83b14071b6e194d060f3feea0326 C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll MD5: 931aff6fa2b9e417857ee3960741fa54 C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll MD5: 053dd9b106ff56e7a0eab24007fcefbd C:\Program Files\Mozilla Firefox\smime3.dll MD5: e65eb8997c43ba1b14376dbb8914cd45 C:\Program Files\Mozilla Firefox\softokn3.dll MD5: 87323e8d02ea9005af670015ea6f81f6 C:\Program Files\Mozilla Firefox\ssl3.dll MD5: 0f7b90ddf2ea308af47e543d5c1d25c5 C:\Program Files\Mozilla Firefox\xpcom.dll MD5: 2f6ddb4f0491c664993230c2a524ab51 C:\Program Files\Mozilla Firefox\xul.dll MD5: 5914d5bdea5f02076762f8a5c89b2736 C:\Program Files\OpenOffice.org 3\program\aggmi.dll MD5: b946fc8df976a47bd46d3c58a000ae9e C:\Program Files\OpenOffice.org 3\program\avmediami.dll MD5: 3773548471a2b05040ab404702e289f1 C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll MD5: 5518c9329bd9f2e6842cea6f0dd6f049 C:\Program Files\OpenOffice.org 3\program\canvastoolsmi.dll MD5: 63f21bd9375c50c98884800256d9c538 C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll MD5: 6cefdfda6c458c19d118a9d7bc828316 C:\Program Files\OpenOffice.org 3\program\configmgr.uno.dll MD5: 016e0a91cfc0fd89c881dd965ca92b76 C:\Program Files\OpenOffice.org 3\program\cppcanvasmi.dll MD5: 637011b789934b40226050f5ab25b2ab C:\Program Files\OpenOffice.org 3\program\deploymentmi.uno.dll MD5: bfaff6325a53083290b1e5d2019cf2b3 C:\Program Files\OpenOffice.org 3\program\deploymentmiscmi.dll MD5: 232d10a3cbf663ff2a01ea0347a686e2 C:\Program Files\OpenOffice.org 3\program\dnd.dll MD5: 4b0fd387e287c9973aca49dee1699b1b C:\Program Files\OpenOffice.org 3\program\drawinglayermi.dll MD5: d52d62cb9946ebc906e870b447b9ca56 C:\Program Files\OpenOffice.org 3\program\dtrans.dll MD5: ef06a9c44f335dbedb957f010ed80dad C:\Program Files\OpenOffice.org 3\program\editengmi.dll MD5: 5f104608c5135186cde62eae50dd8948 C:\Program Files\OpenOffice.org 3\program\emsermi.dll MD5: fc1c25b09ea84eaf71c16755e23dae60 C:\Program Files\OpenOffice.org 3\program\fileacc.dll MD5: e6277557af71590bb7dd8d55c6976a0e C:\Program Files\OpenOffice.org 3\program\filterconfig1.dll MD5: 9311300ccae717f077f8c8a911b949e6 C:\Program Files\OpenOffice.org 3\program\fsstorage.uno.dll MD5: c4af82cd8d07f67bac943232308cb671 C:\Program Files\OpenOffice.org 3\program\ftransl.dll MD5: d8d47754ffb142a96c32b6f54f1be3b3 C:\Program Files\OpenOffice.org 3\program\fwemi.dll MD5: 4078e6fa2a299586b7635f0a054e838b C:\Program Files\OpenOffice.org 3\program\fwimi.dll MD5: a0f5e46a68b9b240f59003bfd3fdabe5 C:\Program Files\OpenOffice.org 3\program\fwkmi.dll MD5: e274bcf64e0326d33366b95dccd477cb C:\Program Files\OpenOffice.org 3\program\helplinkermi.dll MD5: b28349d240bf71ba5cfeb2f540f5e0e2 C:\Program Files\OpenOffice.org 3\program\hyphenmi.dll MD5: 85def6c2a8c680b53c8ee30ced0b045f C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll MD5: d2e666d114a1a074944a8ecbd0d934bc C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll MD5: a31f4ab36d41372db01267c2316bd104 C:\Program Files\OpenOffice.org 3\program\i18npool.uno.dll MD5: 40b59b6f100b5c1c444557b8d34e37d1 C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll MD5: dc1c5df2f509eac7d1551dc2a80069ee C:\Program Files\OpenOffice.org 3\program\icudt40.dll MD5: b1834fbe641a49bc97f3600ba41c02c6 C:\Program Files\OpenOffice.org 3\program\icuin40.dll MD5: 0b3fcda04f54e54c0103160d9d3c997c C:\Program Files\OpenOffice.org 3\program\icuuc40.dll MD5: 6d0de850170ea5def297551b1c3e1257 C:\Program Files\OpenOffice.org 3\program\libcurl.dll MD5: 4290fd7fddcd09dcc3a82bf7a9f41602 C:\Program Files\OpenOffice.org 3\program\libdb47.dll MD5: bbfcbb08287ed18d3ff2730f6a756c1e C:\Program Files\OpenOffice.org 3\program\LIBEAY32.dll MD5: 822dae4b664281c6cd07e43c0ee99885 C:\Program Files\OpenOffice.org 3\program\libxml2.dll MD5: 29495588b36ab840dbb3925ee580715d C:\Program Files\OpenOffice.org 3\program\libxslt.dll MD5: 9aeac7651ccb8bccba4873c0f3ac66dc C:\Program Files\OpenOffice.org 3\program\lngmi.dll MD5: b55f4b53dff816051465b9ba952b6d9c C:\Program Files\OpenOffice.org 3\program\lnthmi.dll MD5: de661f860313e2a159e9b10e18150cb8 C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll MD5: ecea20ba488d40c1a4efeac89a6ecf1c C:\Program Files\OpenOffice.org 3\program\localedata_en.dll MD5: 9fa79627430a7a7cd481674d4d4c6d5c C:\Program Files\OpenOffice.org 3\program\mcnttype.dll MD5: 7fd67c75972504d3047814528abbbb01 C:\Program Files\OpenOffice.org 3\program\neon.dll MD5: 88973b1da76cc555683b607bef1c3c7b C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll MD5: 35cdb39788bf626467674127bd1b858e C:\Program Files\OpenOffice.org 3\program\onlinecheck.dll MD5: 6ca86043f839ad0946813ec1b071d091 C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll MD5: bef4ccc04044f34309b231861699433d C:\Program Files\OpenOffice.org 3\program\package2.dll MD5: 4dcbf91900c7c99172cdf73ea1facca7 C:\Program Files\OpenOffice.org 3\program\passwordcontainer.uno.dll MD5: f7dce54077ee9d8a351c4b1ffa866ee7 C:\Program Files\OpenOffice.org 3\program\quickstart.exe MD5: d72ba36e150e7dc7d0e8106db01d9b7f C:\Program Files\OpenOffice.org 3\program\sax.uno.dll MD5: 7c27f5ad651035a99aa84ccf0f6e9b43 C:\Program Files\OpenOffice.org 3\program\saxmi.dll MD5: 120b78e2206954d00574d691a8265c4d C:\Program Files\OpenOffice.org 3\program\sbmi.dll MD5: 1af8a039354bdf91915745b641328132 C:\Program Files\OpenOffice.org 3\program\sfxmi.dll MD5: 2337ec951c4af6e1af65d10bd9615beb C:\Program Files\OpenOffice.org 3\program\soffice.bin MD5: 11e8d8272fdbe213ade3dad91427ce35 C:\Program Files\OpenOffice.org 3\program\soffice.exe MD5: c12542d607366c72ffc19811d4ee9673 C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll MD5: 5b06d21b6f87566229f555412c77bef7 C:\Program Files\OpenOffice.org 3\program\sotmi.dll MD5: ccec37bc38a0f4a58e2ad052a6128bc3 C:\Program Files\OpenOffice.org 3\program\spellmi.dll MD5: bc7d5abc3525433b7b25fe6670b4c519 C:\Program Files\OpenOffice.org 3\program\SSLEAY32.dll MD5: 851b66ccdd05fc0b9f1a50b6ed27efa6 C:\Program Files\OpenOffice.org 3\program\svlmi.dll MD5: e9d1b5b117dff3a903763e94da33bfb0 C:\Program Files\OpenOffice.org 3\program\svtmi.dll MD5: 54f3e12fcd4b753bac7016092f140817 C:\Program Files\OpenOffice.org 3\program\svxcoremi.dll MD5: 4276751d64f9ceba7a5740a8c77ee9fd C:\Program Files\OpenOffice.org 3\program\svxmi.dll MD5: 0e22a4e165b40ffb19ff967157935d8f C:\Program Files\OpenOffice.org 3\program\swmi.dll MD5: 20f2b714fd64ae19b9667397aba9ded2 C:\Program Files\OpenOffice.org 3\program\sysdtrans.dll MD5: af2ac7c665d53894363480251f9f51ed C:\Program Files\OpenOffice.org 3\program\tkmi.dll MD5: b9d25e11867d36a48ec48bacf7d69a37 C:\Program Files\OpenOffice.org 3\program\tlmi.dll MD5: 47cc14abc938a9832a3ac31357cb6b86 C:\Program Files\OpenOffice.org 3\program\ucb1.dll MD5: 2ad911e9538ae7aaa2ff533fe8a44c64 C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll MD5: 1ff3acfd8e4a825c545f2a31922bf232 C:\Program Files\OpenOffice.org 3\program\ucpchelp1.dll MD5: ee482492561ec1eafe9da2c86f30bc9c C:\Program Files\OpenOffice.org 3\program\ucpdav1.dll MD5: 934a25406371fa7fbc64fac98d739726 C:\Program Files\OpenOffice.org 3\program\ucpexpand1.uno.dll MD5: 78ace8276a530e6aa721aeb32c2dfa2c C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll MD5: 9a8536d33b52dacd46dfaa66b477cbe8 C:\Program Files\OpenOffice.org 3\program\unoxmlmi.dll MD5: 554cab85a0c3a9d1ec48caa39d688d76 C:\Program Files\OpenOffice.org 3\program\updatefeed.uno.dll MD5: 9b09ab72611ad1fbf5334daa3cab159c C:\Program Files\OpenOffice.org 3\program\updchk.uno.dll MD5: a517e89cddd06b0a48872a975125e03d C:\Program Files\OpenOffice.org 3\program\utlmi.dll MD5: a23690e99a33f3febea6017a1e8a6208 C:\Program Files\OpenOffice.org 3\program\uuimi.dll MD5: 938276a75e65b6b71464a9d7745decb6 C:\Program Files\OpenOffice.org 3\program\vclmi.dll MD5: b119a095bbeda0e17d666a3b27a94f36 C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll MD5: 61558b471a4f541b41834ea83896f627 C:\Program Files\OpenOffice.org 3\program\wininetbe1.uno.dll MD5: befc5cd0bf73da1eff129c0fd3364322 C:\Program Files\OpenOffice.org 3\program\xcrmi.dll MD5: 619afff63f4afe566f4686f592ebcb0a C:\Program Files\OpenOffice.org 3\program\xomi.dll MD5: 847cb75eeddfac697582d3f18dc4c470 C:\Program Files\OpenOffice.org 3\program\xstor.dll MD5: f2cba6e57ce46b25fe965f5afdc7629f C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll MD5: 5c58240448d9d4c7f7caae7a8ee23a88 C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll MD5: 25b1a34c2cdd5b695255b9fdaaebf19a C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll MD5: 210b8e0ee55436bab834122065e24286 C:\Program Files\OpenOffice.org 3\URE\bin\introspection.uno.dll MD5: 48d3541f0e0722768d299fe690c37625 C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll MD5: 0c8b072b4348400ee676a8e2c619ae6b C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll MD5: 5521f170d3ab00febc53f5a500b040d6 C:\Program Files\OpenOffice.org 3\URE\bin\reflection.uno.dll MD5: 20227eaf7a757ea530355787f2450ac6 C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll MD5: 3b161d1d7b1fe138fc15c85758fd91bf C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll MD5: d8458054d1f39086b508651289a783d0 C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll MD5: bf44e9e933c7a00b69291da1b21de07f C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll MD5: 83abcb1f3ffe68295f41e0ea2f5ad80c C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll MD5: d3a66142e472ef2173717ca7d9011624 C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll MD5: cbabe5163d914facf70697f0bde08774 C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll MD5: f73b2b26f2ca84e3e37813299fe06c28 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe MD5: 4165a2ad0eb4c24870a92736e18322e5 C:\Program Files\RadioPI_4eEI\Installr\1.bin\NP4eEISB.dll MD5: d0b3e3416af5f7982db1206af0edd685 C:\Program Files\TextBridge Classic 2.0\Bin\RegisterDropHandler.exe MD5: a847b258d12b6d1bb124bd5debb05162 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe MD5: efef22b9577e5051057fde1ae381b50c C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe MD5: 28c7ebac2c4a6954d350f27e6a964837 C:\Program Files\Trusteer\Rapport\bin\ATL80.DLL MD5: f9b20034c8ac69eeeaade488759ceb9f C:\Program Files\Trusteer\Rapport\bin\MSVCP80.dll MD5: 2da4a79178cc1b143aacb348a15fef59 C:\Program Files\Trusteer\Rapport\bin\MSVCR80.dll MD5: ebb483bb8e50345bcf3228e3b47a7b78 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys MD5: af91ceb3a00f4b4d02c452e4c9e12f53 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe MD5: 69a0ecb8291bb6d2027c845d6cbef6b8 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys MD5: 0ada987d6815e074cc54a00d32c26ee9 C:\Program Files\Trusteer\Rapport\bin\RapportTanzan6.dll MD5: bae245d888ec29d76920da3172e8674d C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll MD5: d4d9bed496ec8d022dc386f1c79bc93c c:\program files\trusteer\rapport\bin\rooksbas.dll MD5: ddb63fa9a7997d917ee92bdb4aa13244 c:\program files\trusteer\rapport\bin\rookscom.dll MD5: 009ceb7d800e4d50a6268df1b304afca c:\program files\trusteer\rapport\bin\rooksdol.dll MD5: f84f91bb4b22519e29be884c26f33032 C:\Program Files\VistaClock\VistaClock.exe MD5: 47bdbce3e2d819b17ab9fa4539b9df71 c:\program files\windows live\companion\companioncore.dll MD5: 4ce9dac1518ff7e77bd213e6394b9d77 C:\Program Files\Windows Live\Family Safety\fsssvc.exe MD5: 6067acef367e79914af628fa1e9b5330 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll MD5: 5f53edfead46fa7adb78eee9ecce8fdf c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14712FC9-4FD7-4236-8C10-DDE21D78903F}\MpKsld3458e41.sys MD5: dda98cc4f34977914c731b8155e1cbd5 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys MD5: 20f2abddae3e75891bd59252ce97d2b2 C:\Users\crispin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_1\BabylonChromePI.dll MD5: 6b863267597c70a04c32bee48e9ee676 C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\goopdate.dll MD5: a04099bfff4e2c9a8979577b1b927b32 C:\Users\crispin\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll MD5: f4a569f89a90205a095965ae628625e1 C:\Users\crispin\AppData\Roaming\Mozilla\Firefox\Profiles\ltirpsj5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll MD5: b8f39c9e0f0b71e454dba431cf3b99c9 C:\Windows\Downloaded Program Files\isusweb.dll MD5: 070c86f46ef7b43a6cec357cd1e60396 C:\Windows\Downloaded Program Files\PCPitstop3D.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 361cd47dc5bd83ee24407903233b0d9a C:\Windows\RtHDVCpl.exe MD5: b8aa09f488985117a34b9fed68bfce79 C:\Windows\system32\Ati2evxx.exe MD5: 89a0fb75eeb8d59300a86de82e0c43e0 C:\Windows\system32\atipdlxx.dll MD5: 0e921c51fcaa5c1da139c4135c761252 C:\Windows\system32\atitmmxx.dll MD5: e1d0c7866a544a1ba9cbedfe7c35f085 C:\Windows\system32\DINPUT.dll MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\System32\DNSAPI.dll MD5: 57d762f6f5974af0da2be88a3349baaa C:\Windows\System32\dnsrslvr.dll MD5: 3948303f88d035ff1c84aac07a17b9a9 C:\Windows\system32\DRIVERS\3xHybrid.sys MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys MD5: 4f4fcb8b6ea06784fb6d475b7ec7300f C:\Windows\system32\drivers\atapi.sys MD5: dcdfc3a5a8b239055aab6bd975ada889 C:\Windows\system32\DRIVERS\athr.sys MD5: c6eec3603b6d66d0f5a2edd430d338b3 C:\Windows\system32\DRIVERS\atikmdag.sys MD5: 5d7be7b19e827125e016325334e58ff1 C:\Windows\System32\Drivers\BANTExt.sys MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys MD5: 82b8c91d327cfecf76cb58716f7d4997 C:\Windows\system32\drivers\compbatt.sys MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys MD5: 651554e483712b708ede864d0ca1aa73 C:\Windows\system32\Drivers\DrvAgent32.sys MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys MD5: 88b16142b40cc080a2d86ae769a30396 C:\Windows\system32\DRIVERS\e1e6032.sys MD5: d909075fa72c090f27aa926c32cb4612 C:\Windows\system32\DRIVERS\fssfltr.sys MD5: 97469037714070e45194ed318d636401 C:\Windows\system32\drivers\intelide.sys MD5: 481daa2cba98521a4e40f75518c06330 C:\Windows\system32\Drivers\iqvw32.sys MD5: d1968dea7baff4a917858c384339cec8 C:\Windows\system32\DRIVERS\L8042Kbd.sys MD5: d6fc755ff505d99e6cc73e83492310df C:\Windows\system32\DRIVERS\L8042mou.Sys MD5: c149bdad13194df16ea33f9f601ed7bf C:\Windows\system32\DRIVERS\LMouKE.Sys MD5: fee0baded54222e9f1dae9541212aab1 C:\Windows\system32\DRIVERS\MpFilter.sys MD5: 2c3489660d4a8d514c123c3f0d67df46 C:\Windows\system32\DRIVERS\MpNWMon.sys MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys MD5: 7b01c6172cfd0b10116175e09200d4b4 C:\Windows\system32\DRIVERS\NisDrvWFP.sys MD5: 3b1901e401473e03eb8c874271e50c26 C:\Windows\system32\drivers\pciide.sys MD5: 514fadd940a5ee06d6caa5cd0f6725d6 C:\Windows\system32\DRIVERS\Ph3xIB32.sys MD5: 437827d69040c0c2565d47b024ed5372 C:\Windows\system32\DRIVERS\point32k.sys MD5: 2641560e667c74a08a0826828417ddb7 C:\Windows\System32\Drivers\RapportKELL.sys MD5: ef70b3d22b4bffda6ea851ecb063efaa C:\Windows\system32\DRIVERS\serscan.sys MD5: 103b79418da647736ee95645f305f68a C:\Windows\system32\drivers\sffdisk.sys MD5: 9cfa05fcfcb7124e69cfc812b72f9614 C:\Windows\system32\drivers\sffp_sd.sys MD5: cc48f88fe17bb8e5eb6fa1a8a9477006 C:\Windows\System32\Drivers\SmartDefragDriver.sys MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys MD5: 6647fce6fc4970daafe5c64c794513d3 C:\Windows\System32\drivers\tcpip.sys MD5: 36606b165d04a397bdf613096986d85d C:\Windows\System32\drivers\tcpipreg.sys MD5: 88bd96a1baeed33ee8bdf9499c07a841 C:\Windows\system32\DRIVERS\umpass.sys MD5: 9a03558c37e919b9d6a50864aea0a168 C:\Windows\system32\DRIVERS\wacmoumonitor.sys MD5: 427a8bc96f16c40df81c2d2f4edd32dd C:\Windows\system32\DRIVERS\wacommousefilter.sys MD5: d412d2cc82c3d469415758cab44875a4 C:\Windows\system32\DRIVERS\wacomvhid.sys MD5: 889459833432b161cb99cfdf84a1a9bb C:\Windows\system32\DRIVERS\WacomVKHid.sys MD5: 701a9f884a294327e9141d73746ee279 C:\Windows\system32\drivers\wmiacpi.sys MD5: 4422ac5ed8d4c2f0db63e71d4c069dd7 C:\Windows\system32\DRIVERS\WSDPrint.sys MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\dwrite.dll MD5: abaeaee763e287bdd39094c4165e1f3f C:\Windows\system32\fdproxy.dll MD5: 8ce364388c8eca59b14b539179276d44 C:\Windows\system32\FntCache.dll MD5: d5c9f778d0ed2954eb83e1cf87dc0b65 C:\Windows\system32\ieframe.dll MD5: ab0e44c70c5c732c1e312eaeabecc1d5 C:\Windows\system32\iertutil.dll MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll MD5: af43092e55306659cf366f9b42e4a981 C:\Windows\system32\Macromed\Flash\NPSWF32.dll MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\mfplat.dll MD5: 73fd66b14d3c4252f7a524b8836a4359 C:\Windows\System32\mstask.dll MD5: 708fb84003732e220c23cdf207f5a329 C:\Windows\system32\ntdll.dll MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\system32\OLEAUT32.dll MD5: ded6145ca9a7c7f2bbbf1e4cecd48114 C:\Windows\system32\Pen_Tablet.exe MD5: c8d8b847c46efe3496311af5ebfb9b62 C:\Windows\system32\RtkAPO.dll MD5: 2ab58991862153a248779174d4e4212b C:\Windows\system32\schannel.dll MD5: 1a58069db21d05eb2ab58ee5753ebe8d C:\Windows\system32\schedsvc.dll MD5: 0a990afb9f2726323d61c8ecb8b70b17 C:\Windows\system32\security.dll MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe MD5: 1bf5eebfd518dd7298434d8c862f825d C:\Windows\system32\srvsvc.dll MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll MD5: cde36a70a5280fc0696e6e4363c4c71d C:\Windows\system32\TaskSchdPS.dll MD5: d217b0da82fdd942c048749993275ac6 C:\Windows\system32\urlmon.dll MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\system32\webcheck.dll MD5: 2c7332c222d1fe1fc57d622699a8c001 C:\Windows\system32\WININET.dll MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\system32\WINSPOOL.DRV MD5: 0727200f10320a6ba7e59433094fbba7 C:\Windows\system32\WMALFXGFXDSP.dll MD5: 68585830f9d2def6e8a0c7a59cccaf42 C:\Windows\System32\WTablet\Pen_TabletUser.exe MD5: 1908cc7673f72601affdca022689cedf C:\Windows\system32\XmlLite.dll MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll MD5: 74f26fc01b180d4a99a168ed69c30a53 cmd.exe The following file(s) must be uploaded for server-side scanning: C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll C:\Program Files\OpenOffice.org 3\program\libxslt.dll C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll C:\Program Files\OpenOffice.org 3\program\fwemi.dll C:\Program Files\OpenOffice.org 3\program\emsermi.dll C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll C:\Program Files\OpenOffice.org 3\program\ucpchelp1.dll C:\Program Files\OpenOffice.org 3\program\libxml2.dll C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll C:\Program Files\OpenOffice.org 3\program\mcnttype.dll C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll C:\Program Files\OpenOffice.org 3\program\neon.dll C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll C:\Program Files\OpenOffice.org 3\program\passwordcontainer.uno.dll C:\Program Files\OpenOffice.org 3\program\lnthmi.dll C:\Program Files\OpenOffice.org 3\program\updatefeed.uno.dll C:\Program Files\OpenOffice.org 3\program\uuimi.dll C:\Program Files\OpenOffice.org 3\program\fsstorage.uno.dll C:\Program Files\OpenOffice.org 3\program\sotmi.dll C:\Program Files\OpenOffice.org 3\program\unoxmlmi.dll C:\Program Files\OpenOffice.org 3\program\utlmi.dll C:\Program Files\OpenOffice.org 3\program\dnd.dll C:\Program Files\OpenOffice.org 3\program\onlinecheck.dll C:\Program Files\OpenOffice.org 3\program\configmgr.uno.dll C:\Program Files\OpenOffice.org 3\program\deploymentmiscmi.dll C:\Program Files\OpenOffice.org 3\program\localedata_en.dll C:\Program Files\OpenOffice.org 3\program\svlmi.dll C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll C:\Program Files\OpenOffice.org 3\program\filterconfig1.dll C:\Program Files\OpenOffice.org 3\program\dtrans.dll C:\Program Files\OpenOffice.org 3\program\sax.uno.dll C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll C:\Program Files\OpenOffice.org 3\program\helplinkermi.dll C:\Program Files\OpenOffice.org 3\program\tlmi.dll C:\Program Files\OpenOffice.org 3\program\package2.dll C:\Program Files\OpenOffice.org 3\URE\bin\introspection.uno.dll C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll C:\Program Files\OpenOffice.org 3\program\cppcanvasmi.dll C:\Program Files\OpenOffice.org 3\program\fwimi.dll C:\Program Files\OpenOffice.org 3\program\ftransl.dll C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll C:\Program Files\OpenOffice.org 3\program\sysdtrans.dll C:\Program Files\OpenOffice.org 3\program\deploymentmi.uno.dll C:\Program Files\OpenOffice.org 3\program\spellmi.dll C:\Program Files\OpenOffice.org 3\program\fileacc.dll C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll C:\Program Files\OpenOffice.org 3\program\lngmi.dll C:\Program Files\OpenOffice.org 3\URE\bin\reflection.uno.dll C:\Program Files\OpenOffice.org 3\program\ucpexpand1.uno.dll C:\Program Files\OpenOffice.org 3\program\ucpdav1.dll C:\Program Files\OpenOffice.org 3\program\libcurl.dll C:\Program Files\OpenOffice.org 3\program\LIBEAY32.dll C:\Program Files\OpenOffice.org 3\program\wininetbe1.uno.dll C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll C:\Program Files\OpenOffice.org 3\program\icuuc40.dll C:\Program Files\OpenOffice.org 3\program\drawinglayermi.dll C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll C:\Program Files\OpenOffice.org 3\program\aggmi.dll C:\Program Files\OpenOffice.org 3\program\xcrmi.dll C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll C:\Program Files\OpenOffice.org 3\program\libdb47.dll C:\Program Files\OpenOffice.org 3\program\avmediami.dll C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll C:\Program Files\OpenOffice.org 3\program\SSLEAY32.dll C:\Program Files\OpenOffice.org 3\program\updchk.uno.dll C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll C:\Program Files\OpenOffice.org 3\program\canvastoolsmi.dll C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll C:\Program Files\OpenOffice.org 3\program\ucb1.dll C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll C:\Program Files\OpenOffice.org 3\program\hyphenmi.dll C:\Program Files\OpenOffice.org 3\program\xstor.dll C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll Upload started - 62 file(s) onlinecheck.dll (8192) salhelper3MSC.dll (13312) ucpexpand1.uno.dll (24064) localebe1.uno.dll (24064) i18nisolang1MSC.dll (26112) wininetbe1.uno.dll (28672) i18npapermi.dll (29184) mcnttype.dll (33280) dtrans.dll (40960) ftransl.dll (50688) fileacc.dll (51712) msci_uno.dll (51712) store3.dll (53248) updatefeed.uno.dll (53760) lnthmi.dll (56320) hyphenmi.dll (57344) i18nutilMSC.dll (66560) passwordcontainer.uno.dll (82944) oooimprovementmi.dll (83968) uwinapi.dll (86016) jvmfwk3.dll (92160) stocservices.uno.dll (92672) reg3.dll (92672) fsstorage.uno.dll (93696) vos3MSC.dll (94208) introspection.uno.dll (98816) reflection.uno.dll (98816) localedata_en.dll (103936) sysdtrans.dll (106496) neon.dll (110592) dnd.dll (115200) aggmi.dll (129024) deploymentmiscmi.dll (135680) cppu3.dll (142848) emsermi.dll (148480) helplinkermi.dll (154624) sax.uno.dll (156672) spellmi.dll (160768) libxslt.dll (170496) updchk.uno.dll (174080) libcurl.dll (180224) filterconfig1.dll (186880) SSLEAY32.dll (209920) avmediami.dll (211456) ucb1.dll (212992) uuimi.dll (226304) sotmi.dll (256000) ucpfile1.dll (257024) ucpchelp1.dll (260096) package2.dll (282112) cppcanvasmi.dll (285184) ucpdav1.dll (286720) oleautobridge.uno.dll (287232) unoxmlmi.dll (294400) fwimi.dll (311296) xstor.dll (346112) ucbhelper4MSC.dll (358912) sofficeapp.dll (379904) configmgr.uno.dll (396800) cppuhelper3MSC.dll (432128) bootstrap.uno.dll (452608) canvastoolsmi.dll (503296) Upload speed - 62 KB/s Upload finished - 62 uploaded, 0 failed The uploaded file(s) were found clean. Scan finished - communication took 156 sec Total traffic - 9.59 MB sent, 0.77 KB recvd Scanned 767 files and modules - 184 seconds ============================================================================== Edited September 6, 2011 by mij Quote
etavares Posted September 7, 2011 Posted September 7, 2011 Looking OK with both scans. Everything running OK? If so we'll clean up in our next and final post. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 7, 2011 Author Posted September 7, 2011 Ok, I'll look forward to that. jim Quote
etavares Posted September 7, 2011 Posted September 7, 2011 Question first...do you have an antivirus installed? I don't see one in the logs, but I may have missed it. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 7, 2011 Author Posted September 7, 2011 I have micro-soft Essentials. That should have shown. I did have avast and I have tried others but they seem to slow down systems and I have since removed them. I do use eusing registry cleaner after removing any 'tried' software as I believe much is left that needs cleaning. If you have a couple of favourites then I can try them. jim Quote
etavares Posted September 8, 2011 Posted September 8, 2011 Hello, mjj. MSE is great, nothing wrong with using that one. Different machines react differently to different antiviruses. Keep using it and ensure it's running in real time protection mode and that will help. No antivirus is 100% effective of course, but it sure protects you a ton. I will warn you against registry cleaners...they don't speed up your computer and they can cause issues. Registry Cleaner Warning I also see that you have a registry cleaner installed (in your case ). I do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result! See here for more information: http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578entry1326578 Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing! Step 1 Please press the Clean Up button in OTL. Step 2 We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point. Go to Start and type in SystemPropertiesProtection and run that program. Select the System Protection tab. Press Create. Give the restore point a name and press create. You'll see it work, then say that it was created sucessfully. Now, we need to remove the old, infected points using DiskCleanup. Click on Start --> My Computer Right-click on C: and select Properties. Click on Disk Cleanup. Double-click Files from all users on this computer. Click Clean System Files button. It will scan more more. A More Options tab will appear when done. Click on More Options tab and press Clean Up... under System Restore and Shadow Copies. Click OK. You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them. Disk cleanup will remove those restore points and close itself. Step 3 You can uninstall ERUNT via add/remove programs if you wish to. If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so. Optional Items Please take the time to read below to secure your machine and take the necessary steps to keep it that way. System Still Slow? You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware Protect yourself from malicious sites The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background. Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps: Double-click the Downloaded installer and install the tool to a location of your choice Via the Startmenu, navigate to HostsMan and run the program. Click "Hosts" in the menu Click "Manage Updates" in the submenu Out of the three, select atleast one of the three (I have MVPS Host as my main one) Click "Add Update." After that you will only need to click on the following button to retrieve updates: http://i94.photobucket.com/albums/l84/SillyGerman/BleepingComputer/HostsXpert_update.png [*]Click the X to exit the program. [*]Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. Keep Windows Up to Date It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Use an AntiVirus Software It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions. Make sure your applications have all of their updates It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Use a Firewall I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Install an AntiSpyware Program A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version.. Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software. Update all these programs regularly Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful. Follow this list and your potential for being infected again will reduce dramatically. Good luck! etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
mij Posted September 8, 2011 Author Posted September 8, 2011 Many thanks etavares for the instruction and your patience. It is greatly appreciated here. jim Quote
RandyL Posted September 8, 2011 Posted September 8, 2011 These guys really are good aren't they? Thanks for helping mij. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
etavares Posted September 8, 2011 Posted September 8, 2011 Thanks guys. You're welcome Jim! Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.